聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2025-53314 | Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer wp-optimizer allows SQL Injection.This issue affects WP Optimizer: from n/a through <= 2.5.0. | 9.6 | 0.09% | 2025-06-27 | 2026-06-17 |
| CVE-2025-52797 | Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap wp-storymap allows SQL Injection.This issue affects StoryMap: from n/a through <= 2.1. | 8.2 | 0.09% | 2025-08-14 | 2026-06-17 |
| CVE-2026-40764 | Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2. | 8.1 | 0.10% | 2026-04-15 | 2026-06-17 |
| CVE-2026-57655 | Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions. | 8.2 | 0.11% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57659 | Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions. | 8.8 | 0.13% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57751 | Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions. | 8.1 | 0.14% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57766 | Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions. | 8.8 | 0.14% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57759 | Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions. | 8.8 | 0.14% | 2026-07-02 | 2026-07-02 |
| CVE-2026-39640 | Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2. | 9.6 | 0.14% | 2026-04-08 | 2026-06-17 |
| CVE-2026-39621 | Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through <= 2.3.2.5. | 8.8 | 0.14% | 2026-04-08 | 2026-06-17 |
| CVE-2026-39620 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5. | 9.6 | 0.14% | 2026-04-08 | 2026-06-17 |
| CVE-2026-39619 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= 2.5.2. | 9.6 | 0.14% | 2026-04-08 | 2026-06-17 |
| CVE-2026-39617 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3. | 9.6 | 0.14% | 2026-04-08 | 2026-06-17 |
| CVE-2025-68052 | Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions. | 8.8 | 0.14% | 2026-06-26 | 2026-06-26 |
| CVE-2024-56203 | Cross-Site Request Forgery (CSRF) vulnerability in gholme4 Wayne Audio Player wayne-audio-player allows Privilege Escalation.This issue affects Wayne Audio Player: from n/a through <= 1.0. | 8.8 | 0.15% | 2024-12-31 | 2026-06-17 |
| CVE-2025-58997 | Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow mow allows Code Injection.This issue affects Mow: from n/a through <= 4.10. | 9.6 | 0.15% | 2025-09-09 | 2026-06-17 |
| CVE-2025-60156 | Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 8.34. | 9.6 | 0.15% | 2025-09-26 | 2026-06-17 |
| CVE-2025-59572 | Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Cross Site Request Forgery.This issue affects WorkScout-Core: from n/a through < 1.7.06. | 8.8 | 0.15% | 2025-09-22 | 2026-06-17 |
| CVE-2025-58255 | Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code Injection.This issue affects Custom Post Type Images: from n/a through <= 0.5. | 9.6 | 0.15% | 2025-09-22 | 2026-06-17 |
| CVE-2025-58244 | Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo constructo allows Object Injection.This issue affects Constructo: from n/a through <= 4.3.9. | 8.8 | 0.15% | 2025-09-22 | 2026-06-17 |