CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 18120016964 筆結果
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2022-25649 Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress. 5.0 0.69% 2022-08-05 2026-06-17
CVE-2022-33201 Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key. 6.3 0.30% 2022-08-05 2026-06-17
CVE-2022-36284 Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page. 6.4 0.51% 2022-08-05 2026-06-17
CVE-2022-36296 Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin <= 0.2.27 at WordPress allows unauthenticated post update/create/delete. 6.5 0.57% 2022-08-05 2026-06-17
CVE-2021-36847 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress. 4.8 0.46% 2022-08-22 2026-06-16
CVE-2021-36852 Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. 4.3 0.31% 2022-08-22 2026-06-16
CVE-2021-36857 Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress. 4.8 0.46% 2022-08-22 2026-06-16
CVE-2022-33900 PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. 4.1 0.65% 2022-08-22 2026-06-17
CVE-2022-34149 Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. 9.8 0.97% 2022-08-22 2026-06-17
CVE-2022-34347 Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. 4.2 0.29% 2022-08-22 2026-06-17
CVE-2022-34857 Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress 6.1 0.47% 2022-08-22 2026-06-17
CVE-2022-34858 Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress. 9.8 1.27% 2022-08-22 2026-06-17
CVE-2022-36346 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress. 4.3 0.32% 2022-08-22 2026-06-17
CVE-2022-29476 Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress. 6.1 0.43% 2022-08-23 2026-06-17
CVE-2022-33142 Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. 7.7 0.87% 2022-08-23 2026-06-17
CVE-2022-34648 Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. 4.8 0.43% 2022-08-23 2026-06-17
CVE-2022-34658 Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. 5.4 0.43% 2022-08-23 2026-06-17
CVE-2022-34868 Authenticated Arbitrary Settings Update vulnerability in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. 8.8 0.85% 2022-08-23 2026-06-17
CVE-2022-35235 Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. 4.9 0.94% 2022-08-23 2026-06-17
CVE-2022-35242 Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress. 6.5 0.53% 2022-08-23 2026-06-17
cvelogic Threat Intelligence