CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 2140 / 229
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2025-24752 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Reflected XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.0.14. 7.1 1.16% 2025-04-17 2026-06-17
CVE-2025-32614 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through <= 2.4. 8.8 1.87% 2025-04-11 2026-06-17
CVE-2025-31040 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Exthemes WP Food ordering and Restaurant Menu wp-food allows PHP Local File Inclusion.This issue affects WP Food ordering and Restaurant Menu: from n/a through <= 2.7. 8.1 1.10% 2025-04-11 2026-06-17
CVE-2025-30911 Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4. 9.9 1.76% 2025-04-01 2026-06-17
CVE-2025-30868 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Maidul Team Manager wp-team-manager allows PHP Local File Inclusion.This issue affects Team Manager: from n/a through <= 2.1.23. 7.5 1.00% 2025-03-27 2026-06-17
CVE-2025-30845 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in webangon The Pack Elementor addons the-pack-addon allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through <= 2.1.1. 7.5 1.00% 2025-03-27 2026-06-17
CVE-2025-30831 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themifyme Themify Event Post themify-event-post allows PHP Local File Inclusion.This issue affects Themify Event Post: from n/a through <= 1.3.2. 7.5 1.00% 2025-03-27 2026-06-17
CVE-2025-30829 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics WPCafe wp-cafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through <= 2.2.31. 7.5 1.00% 2025-03-27 2026-06-17
CVE-2025-30820 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins WishSuite wishsuite allows PHP Local File Inclusion.This issue affects WishSuite: from n/a through <= 1.4.4. 7.5 1.00% 2025-03-27 2026-06-17
CVE-2025-30814 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme The Post Grid the-post-grid allows PHP Local File Inclusion.This issue affects The Post Grid: from n/a through <= 7.7.17. 7.5 1.00% 2025-03-27 2026-06-17
CVE-2025-30567 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01: from n/a through <= 2.6.2. 7.5 2.58% 2025-03-25 2026-06-17
CVE-2025-28915 Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit themeegg-toolkit allows Upload a Web Shell to a Web Server.This issue affects ThemeEgg ToolKit: from n/a through <= 1.2.9. 9.1 1.19% 2025-03-11 2026-06-17
CVE-2025-22630 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Marketing Fire Widget Options widget-options allows OS Command Injection.This issue affects Widget Options: from n/a through <= 4.1.0. 9.9 1.12% 2025-02-14 2026-06-17
CVE-2025-25163 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer images-optimizer allows Path Traversal.This issue affects Plugin A/B Image Optimizer: from n/a through <= 3.3. 7.5 1.97% 2025-02-07 2026-06-17
CVE-2025-24587 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through <= 1.2.23. 7.6 32.47% 2025-01-24 2026-06-17
CVE-2025-23942 Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through <= 2.1.6. 9.1 2.62% 2025-01-22 2026-06-17
CVE-2024-51818 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3. 9.3 16.26% 2025-01-21 2026-06-17
CVE-2025-23922 Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder embed-ispring allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through <= 1.0. 10.0 1.03% 2025-01-16 2026-06-17
CVE-2025-23915 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Event Lite fat-event-lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through <= 1.1. 7.5 1.04% 2025-01-16 2026-06-17
CVE-2025-22785 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System course-booking-system allows SQL Injection.This issue affects Course Booking System: from n/a through <= 6.0.6. 9.3 2.85% 2025-01-15 2026-06-17
cvelogic Threat Intelligence