Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 17, 2026, 2:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
224231 6.8 警告 XYZScripts - WordPress 用 Newsletter Manager プラグインにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2012-6629 2014-01-21 17:03 2012-05-15 Show GitHub Exploit DB Packet Storm
224232 4.3 警告 XYZScripts - WordPress 用 Newsletter Manager プラグインにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-6628 2014-01-21 17:03 2012-04-20 Show GitHub Exploit DB Packet Storm
224233 4.3 警告 XYZScripts - WordPress 用 Newsletter Manager プラグインの admin/test_mail.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-6627 2014-01-21 17:02 2012-05-15 Show GitHub Exploit DB Packet Storm
224234 4.3 警告 VastHTML - WordPress 用 ForumPress WP Forum Server プラグインにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-6623 2014-01-21 17:01 2012-07-14 Show GitHub Exploit DB Packet Storm
224235 4.3 警告 VastHTML - WordPress 用 ForumPress WP Forum Server プラグインにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-6622 2014-01-21 17:01 2012-04-18 Show GitHub Exploit DB Packet Storm
224236 7.5 危険 VastHTML - WordPress 用 ForumPress WP Forum Server プラグインにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2012-6625 2014-01-21 16:09 2012-04-18 Show GitHub Exploit DB Packet Storm
224237 4.3 警告 Mightymess - WordPress 用 SoundCloud Is Gold プラグインにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-6624 2014-01-21 16:08 2012-05-15 Show GitHub Exploit DB Packet Storm
224238 7.5 危険 Brian Cabunac - b2ePMS の verify-user.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2012-6626 2014-01-21 14:52 2012-05-11 Show GitHub Exploit DB Packet Storm
224239 4.3 警告 Vessio - Vessio NetBill におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-6632 2014-01-21 14:26 2012-05-11 Show GitHub Exploit DB Packet Storm
224240 6.8 警告 Vessio - Vessio NetBill の accounts/admin/index.php におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2012-6631 2014-01-21 14:24 2012-05-11 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 17, 2026, 4:19 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
197881 4.3 MEDIUM
Network 		designwall dw_question_\&_answer The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as upd… - CVE-2021-24805 2024-11-21 14:53 2022-04-26 Show GitHub Exploit DB Packet Storm
197882 4.3 MEDIUM
Network 		designwall dw_question_\&_answer The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2021-24800 2024-11-21 14:53 2022-04-26 Show GitHub Exploit DB Packet Storm
197883 6.1 MEDIUM
Network 		heateor sassy_social_share The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is … - CVE-2021-24746 2024-11-21 14:53 2022-03-29 Show GitHub Exploit DB Packet Storm
197884 8.0 HIGH
Network 		vsourz advanced_cf7_db The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted,… CWE-352
 Origin Validation Error 		CVE-2021-24905 2024-11-21 14:53 2022-03-22 Show GitHub Exploit DB Packet Storm
197885 5.4 MEDIUM
Network 		viitorcloud add_subtitle The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as lo… - CVE-2021-24897 2024-11-21 14:53 2022-03-15 Show GitHub Exploit DB Packet Storm
197886 4.8 MEDIUM
Network 		webbigt cybersoldier The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripti… CWE-79
Cross-site Scripting 		CVE-2021-24895 2024-11-21 14:53 2022-03-15 Show GitHub Exploit DB Packet Storm
197887 6.5 MEDIUM
Network 		tipsandtricks-hq simple_download_monitor The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector. - CVE-2021-24692 2024-11-21 14:53 2022-03-15 Show GitHub Exploit DB Packet Storm
197888 5.4 MEDIUM
Network 		custom_content_shortcode_project custom_content_shortcode The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to perform Cros… CWE-79
Cross-site Scripting 		CVE-2021-24826 2024-11-21 14:53 2022-03-7 Show GitHub Exploit DB Packet Storm
197889 4.3 MEDIUM
Network 		custom_content_shortcode_project custom_content_shortcode The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display a… - CVE-2021-24825 2024-11-21 14:53 2022-03-7 Show GitHub Exploit DB Packet Storm
197890 4.3 MEDIUM
Network 		custom_content_shortcode_project custom_content_shortcode The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This c… CWE-863
 Incorrect Authorization 		CVE-2021-24824 2024-11-21 14:53 2022-03-7 Show GitHub Exploit DB Packet Storm