NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-27053 | Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions. | 9.8 | 0.39% | 2026-06-15 | 2026-06-17 |
| CVE-2026-52704 | Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8. | 10.0 | 0.31% | 2026-06-15 | 2026-06-17 |
| CVE-2026-49060 | Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4. | 9.8 | 0.46% | 2026-06-11 | 2026-06-17 |
| CVE-2026-42647 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7. | 9.3 | 1.30% | 2026-06-11 | 2026-06-17 |
| CVE-2026-39494 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2. | 9.3 | 0.39% | 2026-06-11 | 2026-06-17 |
| CVE-2026-49777 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. | 10.0 | 1.66% | 2026-06-05 | 2026-06-17 |
| CVE-2026-42684 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1. | 9.3 | 0.29% | 2026-06-02 | 2026-06-17 |
| CVE-2025-53209 | Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0. | 9.8 | 0.27% | 2026-06-02 | 2026-06-17 |
| CVE-2026-42672 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1. | 9.3 | 0.24% | 2026-06-01 | 2026-06-17 |
| CVE-2026-48879 | Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17. | 9.8 | 0.34% | 2026-06-01 | 2026-06-17 |
| CVE-2026-48866 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1. | 9.6 | 0.50% | 2026-06-01 | 2026-06-17 |
| CVE-2026-42682 | Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6. | 9.1 | 0.29% | 2026-06-01 | 2026-06-17 |
| CVE-2026-42680 | Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1. | 9.8 | 0.33% | 2026-06-01 | 2026-06-17 |
| CVE-2026-42761 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.0.9. | 9.3 | 0.24% | 2026-05-27 | 2026-06-17 |
| CVE-2026-42758 | Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253. | 9.8 | 0.29% | 2026-05-27 | 2026-06-17 |
| CVE-2026-42757 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through < 4.08.253. | 9.9 | 0.35% | 2026-05-27 | 2026-06-17 |
| CVE-2026-42756 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly: from n/a through <= 3.2.7. | 9.9 | 0.35% | 2026-05-27 | 2026-06-17 |
| CVE-2026-42755 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1. | 9.3 | 0.24% | 2026-05-27 | 2026-06-17 |
| CVE-2026-42748 | Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1. | 9.9 | 0.27% | 2026-05-27 | 2026-06-17 |
| CVE-2026-42747 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through <= 4.0.6. | 9.3 | 0.24% | 2026-05-27 | 2026-06-17 |