聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2022-29414 | Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subsc | 5.4 | 0.36% | 2022-04-29 | 2026-06-17 |
| CVE-2022-29451 | Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. | 8.8 | 0.56% | 2022-04-29 | 2026-06-17 |
| CVE-2021-36844 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. | 3.4 | 0.52% | 2022-05-02 | 2026-06-16 |
| CVE-2022-29444 | Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack. | 6.5 | 0.53% | 2022-05-02 | 2026-06-17 |
| CVE-2021-36912 | Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role. | 5.4 | 0.53% | 2022-05-06 | 2026-06-16 |
| CVE-2022-29420 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2. | 5.9 | 0.40% | 2022-05-06 | 2026-06-17 |
| CVE-2022-29421 | Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. | 4.7 | 0.70% | 2022-05-06 | 2026-06-17 |
| CVE-2022-29422 | Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters. | 4.8 | 0.52% | 2022-05-06 | 2026-06-17 |
| CVE-2022-29423 | Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. | 3.8 | 1.03% | 2022-05-06 | 2026-06-17 |
| CVE-2022-29433 | Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress. | 4.1 | 0.53% | 2022-05-13 | 2026-06-17 |
| CVE-2022-29429 | Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery. | 8.8 | 0.89% | 2022-05-17 | 2026-06-17 |
| CVE-2022-29435 | Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets. | 5.4 | 0.37% | 2022-05-17 | 2026-06-17 |
| CVE-2022-29436 | Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code). | 4.7 | 0.36% | 2022-05-17 | 2026-06-17 |
| CVE-2022-29445 | Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress. | 6.8 | 1.00% | 2022-05-18 | 2026-06-17 |
| CVE-2022-25617 | Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter. | 4.7 | 0.76% | 2022-05-18 | 2026-06-17 |
| CVE-2022-29446 | Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress. | 6.8 | 0.98% | 2022-05-19 | 2026-06-17 |
| CVE-2022-29449 | Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress. | 4.1 | 0.50% | 2022-05-19 | 2026-06-17 |
| CVE-2021-36833 | Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode's MC4WP plugin <= 4.8.6 at WordPress. | 4.8 | 0.49% | 2022-05-20 | 2026-06-16 |
| CVE-2022-29424 | Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress. | 4.8 | 0.49% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29425 | Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress. | 6.1 | 0.66% | 2022-05-20 | 2026-06-17 |