聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2022-23982 | The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure. | 4.3 | 1.16% | 2022-02-18 | 2024-11-21 |
| CVE-2021-26256 | Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6). | 4.7 | 0.82% | 2022-02-21 | 2024-11-21 |
| CVE-2022-23983 | Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4). | 4.3 | 0.40% | 2022-02-21 | 2024-11-21 |
| CVE-2022-23984 | Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). | 3.7 | 1.07% | 2022-02-21 | 2024-11-21 |
| CVE-2022-25599 | Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). | 5.4 | 0.39% | 2022-02-21 | 2024-11-21 |
| CVE-2022-25600 | Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). | 5.4 | 0.55% | 2022-03-11 | 2025-05-07 |
| CVE-2022-25601 | Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). | 4.7 | 0.98% | 2022-03-11 | 2024-11-21 |
| CVE-2021-23150 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 versions. | 4.8 | 0.53% | 2022-03-18 | 2024-11-21 |
| CVE-2021-23209 | Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32). | 4.8 | 0.53% | 2022-03-18 | 2024-11-21 |
| CVE-2021-44760 | Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions. | 4.8 | 0.52% | 2022-03-18 | 2024-11-21 |
| CVE-2022-25602 | Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). | 8.3 | 1.26% | 2022-03-18 | 2024-11-21 |
| CVE-2022-25603 | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). | 4.8 | 0.54% | 2022-03-18 | 2024-11-21 |
| CVE-2022-25604 | Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). | 4.1 | 0.55% | 2022-03-18 | 2024-11-21 |
| CVE-2022-25605 | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. | 4.8 | 0.54% | 2022-03-18 | 2024-11-21 |
| CVE-2022-25607 | Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727). | 6.6 | 0.80% | 2022-03-18 | 2024-11-21 |
| CVE-2022-25608 | Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. | 5.4 | 0.29% | 2022-03-23 | 2024-11-21 |
| CVE-2022-25609 | Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code. | 5.4 | 0.51% | 2022-03-23 | 2024-11-21 |
| CVE-2022-25606 | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. | 4.8 | 0.54% | 2022-03-25 | 2024-11-21 |
| CVE-2022-25610 | Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. | 3.4 | 0.69% | 2022-03-25 | 2024-11-21 |
| CVE-2022-25611 | Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. | 4.1 | 0.55% | 2022-03-25 | 2024-11-21 |