CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 8110016961 条结果
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2021-45729 The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps. 5.4 0.68% 2022-01-25 2026-06-17
CVE-2022-23975 Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin. 6.5 0.47% 2022-04-18 2026-06-17
CVE-2022-23976 Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). 8.1 0.47% 2022-04-18 2026-06-17
CVE-2022-23979 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15). 4.8 0.56% 2022-01-28 2026-06-17
CVE-2022-23980 Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'. 4.7 0.79% 2022-02-04 2026-06-17
CVE-2022-23981 The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4). 4.3 0.61% 2022-02-18 2026-06-17
CVE-2022-23982 The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure. 4.3 1.16% 2022-02-18 2026-06-17
CVE-2022-23983 Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4). 4.3 0.40% 2022-02-21 2026-06-17
CVE-2022-23984 Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). 3.7 1.07% 2022-02-21 2026-06-17
CVE-2022-25599 Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). 5.4 0.39% 2022-02-21 2026-06-17
CVE-2022-25600 Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). 5.4 0.55% 2022-03-11 2026-06-17
CVE-2022-25601 Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). 4.7 0.98% 2022-03-11 2026-06-17
CVE-2022-25602 Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). 8.3 1.26% 2022-03-18 2026-06-17
CVE-2022-25603 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). 4.8 0.54% 2022-03-18 2026-06-17
CVE-2022-25604 Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). 4.1 0.55% 2022-03-18 2026-06-17
CVE-2022-25605 Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. 4.8 0.54% 2022-03-18 2026-06-17
CVE-2022-25606 Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. 4.8 0.54% 2022-03-25 2026-06-17
CVE-2022-25607 Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727). 6.6 0.80% 2022-03-18 2026-06-17
CVE-2022-25608 Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. 5.4 0.29% 2022-03-23 2026-06-17
CVE-2022-25609 Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code. 5.4 0.51% 2022-03-23 2026-06-17
cvelogic Threat Intelligence