聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2022-29441 | Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages. | 4.3 | 0.39% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29442 | Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress. | 5.4 | 0.51% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29453 | Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update. | 5.4 | 0.41% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29443 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress. | 4.1 | 0.48% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29450 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress. | 5.4 | 0.39% | 2022-06-15 | 2026-06-17 |
| CVE-2021-36891 | Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. | 5.4 | 0.37% | 2022-06-15 | 2026-06-16 |
| CVE-2022-28612 | Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress. | 5.4 | 0.45% | 2022-06-15 | 2026-06-17 |
| CVE-2022-29452 | Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. | 3.4 | 0.48% | 2022-06-15 | 2026-06-17 |
| CVE-2022-32280 | Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro's XO Slider plugin <= 3.3.2 at WordPress. | 5.4 | 0.48% | 2022-06-15 | 2026-06-17 |
| CVE-2021-36827 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label". | 4.8 | 0.47% | 2022-06-16 | 2026-06-16 |
| CVE-2021-36849 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress. | 3.4 | 0.42% | 2022-07-20 | 2026-06-16 |
| CVE-2022-29454 | Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated. | 3.1 | 0.25% | 2022-07-20 | 2026-06-17 |
| CVE-2022-29923 | Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1. | 5.9 | 0.42% | 2022-07-20 | 2026-06-17 |
| CVE-2022-32289 | Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change. | 5.4 | 0.26% | 2022-07-21 | 2026-06-17 |
| CVE-2022-28666 | Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update. | 5.3 | 1.18% | 2022-07-21 | 2026-06-17 |
| CVE-2022-30337 | Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings. | 5.4 | 0.26% | 2022-07-21 | 2026-06-17 |
| CVE-2022-28700 | Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | 9.1 | 1.45% | 2022-07-21 | 2026-06-17 |
| CVE-2022-30536 | Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress. | 3.4 | 0.59% | 2022-07-21 | 2026-06-17 |
| CVE-2022-31475 | Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | 5.5 | 0.67% | 2022-07-21 | 2026-06-17 |
| CVE-2022-33198 | Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. | 9.8 | 2.65% | 2022-07-21 | 2026-06-17 |