聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2021-36879 | Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. | 9.8 | 2.11% | 2021-09-27 | 2024-11-21 |
| CVE-2021-36880 | Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom. | 8.6 | 2.07% | 2021-09-27 | 2024-11-21 |
| CVE-2021-36908 | Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. WP Reset PRO plugin <= 5.98 versions. | 8.8 | 0.69% | 2021-11-18 | 2024-11-21 |
| CVE-2021-36909 | Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. | 8.8 | 1.83% | 2021-11-18 | 2024-11-21 |
| CVE-2021-36916 | The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as "X-Forwarded-For." As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible. | 8.6 | 1.80% | 2021-11-24 | 2024-11-21 |
| CVE-2021-36888 | Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. | 9.8 | 6.74% | 2021-12-15 | 2024-11-21 |
| CVE-2022-25602 | Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). | 8.3 | 1.26% | 2022-03-18 | 2024-11-21 |
| CVE-2022-23976 | Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). | 8.1 | 0.47% | 2022-04-18 | 2024-11-21 |
| CVE-2022-27862 | Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form. | 9.8 | 1.64% | 2022-04-19 | 2024-11-21 |
| CVE-2022-29411 | SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). | 8.3 | 1.02% | 2022-04-28 | 2024-11-21 |
| CVE-2022-29451 | Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. | 8.8 | 0.56% | 2022-04-29 | 2024-11-21 |
| CVE-2022-29429 | Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery. | 8.8 | 0.89% | 2022-05-17 | 2024-11-21 |
| CVE-2022-28700 | Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | 9.1 | 1.42% | 2022-07-21 | 2025-02-20 |
| CVE-2022-33198 | Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. | 9.8 | 2.60% | 2022-07-21 | 2024-11-21 |
| CVE-2022-34487 | Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | 9.8 | 2.60% | 2022-07-21 | 2024-11-21 |
| CVE-2022-30998 | Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress. | 9.1 | 0.70% | 2022-07-22 | 2024-11-21 |
| CVE-2022-33960 | Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. | 8.5 | 0.66% | 2022-07-22 | 2024-11-21 |
| CVE-2022-33965 | Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress. | 9.3 | 3.35% | 2022-07-25 | 2026-03-06 |
| CVE-2022-34149 | Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | 9.8 | 0.97% | 2022-08-22 | 2024-11-21 |
| CVE-2022-34858 | Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress. | 9.8 | 1.27% | 2022-08-22 | 2024-11-21 |