聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2022-29448 | Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5.2 at WordPress. | 6.8 | 0.98% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29426 | Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team's Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress. | 5.4 | 0.49% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29427 | Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disable Right Click For WP plugin <= 1.1.6 at WordPress. | 4.3 | 0.40% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29428 | Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin <= 1.4.5 at WordPress. | 4.1 | 0.49% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29430 | Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality. | 4.7 | 0.34% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29431 | Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base. | 5.4 | 0.36% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29432 | Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters. | 3.4 | 0.49% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29434 | Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. | 6.3 | 0.66% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29447 | Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress. | 6.8 | 0.98% | 2022-05-20 | 2026-06-17 |
| CVE-2022-29408 | Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. | 4.7 | 0.66% | 2022-05-25 | 2026-06-17 |
| CVE-2021-36866 | Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. | 4.8 | 0.52% | 2022-06-02 | 2026-06-16 |
| CVE-2021-36890 | Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress. | 4.3 | 0.40% | 2022-06-02 | 2026-06-16 |
| CVE-2022-29455 | DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. | 4.7 | 23.18% | 2022-06-13 | 2026-06-17 |
| CVE-2021-36901 | Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress. | 6.1 | 0.74% | 2022-06-15 | 2026-06-16 |
| CVE-2022-27859 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress. | 4.1 | 0.62% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29406 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin <= 1.6.9 at WordPress. | 4.1 | 0.58% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29437 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | 5.4 | 0.41% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29438 | Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | 4.8 | 0.51% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29439 | Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides. | 5.4 | 0.39% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29440 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin <= 3.3.4 at WordPress. | 5.4 | 0.51% | 2022-06-15 | 2026-06-17 |