聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2022-27850 | Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. | 5.4 | 0.37% | 2022-04-15 | 2026-06-17 |
| CVE-2022-27851 | Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key. | 5.4 | 0.37% | 2022-04-15 | 2026-06-17 |
| CVE-2022-27852 | Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions. | 6.1 | 0.66% | 2022-04-15 | 2026-06-17 |
| CVE-2022-27853 | Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9 | 4.8 | 0.50% | 2022-04-18 | 2026-06-17 |
| CVE-2022-27854 | Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. | 5.4 | 0.56% | 2022-04-26 | 2026-06-17 |
| CVE-2022-27855 | Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change. | 5.4 | 0.26% | 2022-11-08 | 2026-06-17 |
| CVE-2022-27856 | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atlas Gondal Export All URLs plugin <= 4.1 versions. | 3.4 | 0.38% | 2023-05-10 | 2026-06-17 |
| CVE-2022-27858 | CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. | 7.4 | 0.80% | 2022-11-08 | 2026-06-17 |
| CVE-2022-27859 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress. | 4.1 | 0.62% | 2022-06-15 | 2026-06-17 |
| CVE-2022-27860 | Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress. | 6.1 | 0.36% | 2022-04-28 | 2026-06-17 |
| CVE-2022-27861 | Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <= 4.7.5 versions. | 4.7 | 0.31% | 2023-08-10 | 2026-06-17 |
| CVE-2022-27862 | Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form. | 9.8 | 1.64% | 2022-04-19 | 2026-06-17 |
| CVE-2022-27863 | Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests. | 5.3 | 1.07% | 2022-04-19 | 2026-06-17 |
| CVE-2022-28612 | Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress. | 5.4 | 0.46% | 2022-06-15 | 2026-06-17 |
| CVE-2022-28666 | Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update. | 5.3 | 1.18% | 2022-07-21 | 2026-06-17 |
| CVE-2022-28700 | Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | 9.1 | 1.45% | 2022-07-21 | 2026-06-17 |
| CVE-2022-29406 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin <= 1.6.9 at WordPress. | 4.1 | 0.58% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29408 | Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. | 4.7 | 0.66% | 2022-05-25 | 2026-06-17 |
| CVE-2022-29409 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 無 | 0.04% | 2024-01-08 | 2024-01-08 |
| CVE-2022-29410 | Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). | 7.4 | 0.86% | 2022-04-28 | 2026-06-17 |