CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資，深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型，動態追蹤 Exploit 資源與 PoC 公開狀態，研判可利用性。結合官方修補與修復方案，優化漏洞管理優先級，縮短回應週期，保障資產安全。

指派機構（CNA / 來源）：[email protected] 移除此篩選

EPSS 分數

≥ 1% ≥ 5% ≥ 10% ≥ 30% ≥ 50%

CVSS 分數

≥ 6 ≥ 7 ≥ 8 ≥ 9

CVE	描述	最高 CVSS	EPSS %	公開時間	更新時間
CVE-2021-36879	Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.	9.8	2.11%	2021-09-27	2026-06-16
CVE-2021-36888	Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin.	9.8	6.74%	2021-12-15	2026-06-16
CVE-2022-27862	Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form.	9.8	1.64%	2022-04-19	2026-06-17
CVE-2022-28700	Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.	9.1	1.42%	2022-07-21	2026-06-17
CVE-2022-33198	Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.	9.8	2.60%	2022-07-21	2026-06-17
CVE-2022-34487	Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.	9.8	2.60%	2022-07-21	2026-06-17
CVE-2022-30998	Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress.	9.1	0.70%	2022-07-22	2026-06-17
CVE-2022-33965	Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.	9.3	3.35%	2022-07-25	2026-06-17
CVE-2022-34149	Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.	9.8	0.97%	2022-08-22	2026-06-17
CVE-2022-34858	Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.	9.8	1.27%	2022-08-22	2026-06-17
CVE-2022-36386	Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.	9.1	1.08%	2022-09-21	2026-06-17
CVE-2022-40200	Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.	9.9	0.89%	2022-11-17	2026-06-17
CVE-2022-42497	Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.	10.0	1.06%	2022-11-18	2026-06-17
CVE-2022-42698	Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.	9.8	0.89%	2022-11-18	2026-06-17
CVE-2022-44584	Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.	9.1	0.82%	2022-11-18	2026-06-17
CVE-2022-45822	Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.	10.0	0.75%	2022-12-05	2026-06-17
CVE-2022-42888	Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress.	9.8	0.69%	2022-12-06	2026-06-17
CVE-2022-45359	Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress.	9.8	13.51%	2022-12-06	2026-06-17
CVE-2022-42699	Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress.	9.1	1.32%	2022-12-06	2026-06-17
CVE-2022-44588	Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress.	9.9	2.27%	2022-12-15	2026-06-17

cvelogic Threat Intelligence