CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 161180 / 16964
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2022-34487 Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. 9.8 2.65% 2022-07-21 2026-06-17
CVE-2022-27235 Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. 6.3 0.69% 2022-07-22 2026-06-17
CVE-2022-29495 Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings. 5.4 0.41% 2022-07-22 2026-06-17
CVE-2022-30998 Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress. 9.1 0.70% 2022-07-22 2026-06-17
CVE-2022-33191 Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress. 4.1 0.46% 2022-07-22 2026-06-17
CVE-2022-33901 Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress. 5.3 2.19% 2022-07-22 2026-06-17
CVE-2022-33960 Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. 8.5 0.77% 2022-07-22 2026-06-17
CVE-2022-34650 Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. 4.1 0.46% 2022-07-22 2026-06-17
CVE-2022-34839 Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress. 5.9 0.86% 2022-07-22 2026-06-17
CVE-2022-34853 Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. 4.1 0.46% 2022-07-22 2026-06-17
CVE-2022-33965 Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress. 9.3 3.41% 2022-07-25 2026-06-17
CVE-2022-33969 Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress. 7.2 0.96% 2022-07-25 2026-06-17
CVE-2022-36375 Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress. 7.2 0.96% 2022-07-25 2026-06-17
CVE-2022-33970 Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin <= 3.1.2 at WordPress. 7.2 0.90% 2022-07-27 2026-06-17
CVE-2022-33943 Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla's BxSlider WP plugin <= 2.0.0 at WordPress. 5.4 0.46% 2022-07-27 2026-06-17
CVE-2022-35882 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress. 4.8 0.46% 2022-07-28 2026-06-17
CVE-2022-36378 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress. 4.8 0.46% 2022-07-29 2026-06-17
CVE-2022-34154 Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. 7.2 0.98% 2022-08-01 2026-06-17
CVE-2022-36343 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. 3.4 0.46% 2022-08-01 2026-06-17
CVE-2021-36861 Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Starfish plugin <= 1.9.14 at WordPress allows an attacker to delete reviews. 5.4 0.27% 2022-08-05 2026-06-16
cvelogic Threat Intelligence