聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2022-41840 | Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. | 7.5 | 5.12% | 2022-11-18 | 2026-06-17 |
| CVE-2024-54385 | Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.83. | 7.2 | 5.11% | 2024-12-16 | 2026-06-17 |
| CVE-2025-49388 | Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Privilege Escalation.This issue affects Miraculous Core Plugin: from n/a through <= 2.0.7. | 9.8 | 5.07% | 2025-08-28 | 2026-06-17 |
| CVE-2022-47615 | Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | 9.3 | 5.06% | 2023-01-26 | 2026-06-17 |
| CVE-2025-47577 | Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.9.2. | 10.0 | 4.91% | 2025-05-19 | 2026-06-17 |
| CVE-2025-47445 | Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.26. | 7.5 | 4.65% | 2025-05-14 | 2026-06-17 |
| CVE-2024-43160 | Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6. | 10.0 | 4.62% | 2024-08-13 | 2026-06-17 |
| CVE-2022-27849 | Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 | 5.3 | 4.41% | 2022-04-15 | 2026-06-17 |
| CVE-2022-45808 | SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | 9.9 | 4.27% | 2023-01-26 | 2026-06-17 |
| CVE-2023-48777 | Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1. | 9.9 | 4.10% | 2024-03-26 | 2026-06-17 |
| CVE-2023-30868 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Christopher CMS Tree Page View plugin <= 1.6.7 versions. | 7.1 | 4.00% | 2023-05-18 | 2026-06-17 |
| CVE-2024-33559 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. | 9.3 | 3.55% | 2024-04-29 | 2026-06-17 |
| CVE-2022-33965 | Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress. | 9.3 | 3.35% | 2022-07-25 | 2026-06-17 |
| CVE-2023-30869 | Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. | 9.8 | 3.10% | 2023-05-02 | 2026-06-17 |
| CVE-2024-52433 | Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through <= 1.2. | 9.8 | 3.07% | 2024-11-18 | 2026-06-17 |
| CVE-2023-37999 | Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0. | 9.8 | 3.04% | 2024-05-17 | 2026-06-17 |
| CVE-2022-41978 | Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress. | 8.8 | 2.97% | 2022-11-09 | 2026-06-17 |
| CVE-2025-22785 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System course-booking-system allows SQL Injection.This issue affects Course Booking System: from n/a through <= 6.0.6. | 9.3 | 2.85% | 2025-01-15 | 2026-06-17 |
| CVE-2023-26540 | Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. | 9.8 | 2.73% | 2024-05-17 | 2026-06-17 |
| CVE-2023-26009 | Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. | 9.8 | 2.73% | 2024-05-17 | 2026-06-17 |