NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-54842 | Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25. | 8.1 | 0.19% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54841 | Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions. | 7.5 | 0.29% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54838 | Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. | 8.5 | 0.27% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54836 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5. | 9.3 | 0.23% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54830 | Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions. | 7.5 | 0.24% | 2026-06-25 | 2026-06-29 |
| CVE-2026-54829 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005. | 7.5 | 0.19% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54828 | Unauthenticated Broken Access Control in Motors <= 1.4.109 versions. | 7.5 | 0.24% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54823 | Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions. | 9.9 | 0.43% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54822 | Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions. | 8.5 | 0.27% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54821 | Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions. | 7.4 | 0.26% | 2026-06-25 | 2026-06-25 |
| CVE-2026-27366 | Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions. | 7.5 | 0.22% | 2026-06-25 | 2026-06-29 |
| CVE-2026-56052 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5. | 7.6 | 0.23% | 2026-06-24 | 2026-06-25 |
| CVE-2026-56012 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35. | 8.5 | 0.21% | 2026-06-18 | 2026-06-18 |
| CVE-2026-54812 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54810 | Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexi XPay: from n/a through 8.3.1. | 7.5 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54819 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54818 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11. | 8.5 | 0.21% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54816 | Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21. | 7.5 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54815 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54814 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109. | 8.1 | 0.34% | 2026-06-17 | 2026-06-17 |