Secure Gatev1.0.0新着セキュリティニュース バックナンバー

新着セキュリティニュース バックナンバー

直近表示から外れた情報を確認できます。診断結果とは別情報として扱います。

総件数209982件
表示件数50件/ページ
ページ4

CVE-2026-57352

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce <= 2.2.0 versions.

CVE-2026-57351

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in HandL UTM Grabber <= 2.9.2 versions.

CVE-2026-57350

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in WP Debugging <= 2.12.2 versions.

CVE-2026-57349

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS Feed Fetcher <= 2.8.17 versions.

CVE-2026-57348

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.

CVE-2026-57347

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 6.0.3 versions.

CVE-2026-57345

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Internal Links Manager <= 3.0.3 versions.

CVE-2026-57344

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions.

CVE-2026-57343

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Real Estate 7 <= 3.5.9 versions.

CVE-2026-57342

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.

CVE-2026-56037

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3.

CVE-2026-49779

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.

CVE-2026-42382

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Local File Inclusion in Audrey <= 1.5 versions.

CVE-2026-39448

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.

CVE-2026-27436

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.

CVE-2026-27433

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.

CVE-2026-27430

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions.

CVE-2026-27426

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.

CVE-2026-27425

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.

CVE-2026-27419

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.

CVE-2026-27414

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions.

CVE-2026-27412

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.

CVE-2026-27408

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.

CVE-2026-27404

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions.

CVE-2026-27402

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions.

CVE-2026-27060

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.

CVE-2026-14449

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components

CVE-2026-11946

Threat Intelligence NVD CVE 危険度: high 緊急度: high

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string (up to ~4.09 GB via the UInt32 length field) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configurations. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master.

CVE-2025-69156

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.

CVE-2025-69155

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions.

CVE-2025-69154

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions.

CVE-2025-69153

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.

CVE-2025-69152

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions.

CVE-2025-69134

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions.

CVE-2025-69133

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions.

CVE-2025-69132

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.

CVE-2025-69094

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber SQL Injection in Unicamp <= 2.2.2 versions.

CVE-2025-66076

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Broken Access Control in Woostify Sites Library <= 1.6.2 versions.

CVE-2025-58902

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12 versions.

CVE-2026-54431

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

In liboauth2 the Demonstrating Proof-of-Possession (DPoP) verifier accepts a proof whose JSON Web Key (jwk) header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2_token_verify() function returns success for a malformed DPoP proof that embeds the private Elliptic Curve (EC) key in the header. This issue was fixed in version 2.3.0

CVE-2026-54430

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to alb_base_url without URL encoding or path sanitization, and the HTTP GET is issued before signature verification. This allows an attacker to force the server to send a GET request to an attacker-chosen internal path. This issue was fixed in version 2.3.0

CVE-2026-9834

Threat Intelligence NVD CVE 危険度: high 緊急度: high

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the `wp_db_exclude_table` parameter. This is due to the direct concatenation of user-supplied `$_POST['wp_db_exclude_table']` values into the `mysqldump` shell command string in the `mysqldump()` function of `includes/admin/class-wpdb-admin.php` without wrapping them in `escapeshellarg()`—every other argument in the same command (DB_USER, DB_PASSWORD, host, filename, DB_NAME) is properly escaped, making the exclude-table values the sole exception—and because the only applied filtering, `sanitize_text_field()` via `recursive_sanitize_text_field()`, strips HTML tags but leaves shell metacharacters such as `;`, `|`, `` ` ``, and `$()` intact. This makes it possible for authenticated attackers, with administrator-level access and above, to execute arbitrary operating system commands on the server, potentially enabling full remote code execution. The injection is stored: malicious values submitted through the plugin settings form are persisted to the WordPress options table via `update_option('wp_db_exclude_table')` and later retrieved with `get_option()` and passed unsanitized to `shell_exec()` whenever a backup operation runs.

CVE-2026-9188

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

The Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 2.7.6 via the `appointmentkey` parameter due to the appointment `edit_key` — the sole authorization token consumed by `tryCancel()` — being generated as a predictable, unsalted MD5 hash of only `client_id` (a sequential integer), `start_at` (a publicly observable appointment timestamp), and `staff_id` (a small enumerable integer), with no secret salt or random component, and the unauthenticated cancellation and rescheduling REST endpoints performing no ownership or identity verification beyond matching this reconstructible key. This makes it possible for unauthenticated attackers to compute valid `edit_key` values for appointments belonging to other users and cancel or reschedule those appointments arbitrarily. Exploitation requires the `allow_cancellation` or `allow_rescheduling` setting to be enabled on the site, both of which are common configurations for active booking deployments; an attacker can obtain the inputs needed to reconstruct a victim's key by booking their own appointment to observe their sequential `client_id` and correlating publicly visible appointment times and enumerable staff identifiers.

CVE-2026-9145

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the create_entry_el() function in versions up to, and including, 1.5.1. The function reads raw_value from Elementor Pro's Form_Record object for upload-type fields and passes it directly to PHP's copy() without validating that the value corresponds to a legitimately uploaded file — when no file is present in $_FILES, raw_value reflects the attacker-controlled POST string. copy() accepts both local filesystem paths and URL sources, so the attacker can target any file readable by the PHP process or supply an attacker-controlled remote URL. Elementor Pro is a prerequisite for triggering the code path (it owns the elementor_pro/forms/new_record hook and populates the Form_Record object), but the bug itself is entirely in Contact Form Entries' handler. This could allow unauthenticated attackers to disclose arbitrary files on the affected site's server. The file is copied to a directory unknown to the attacker; the hashed directory name provides defense-in-depth but is generated from non-cryptographic sources (uniqid() + rand()) and should not be relied upon as the primary mitigation.

CVE-2026-8482

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.

CVE-2026-8441

Threat Intelligence NVD CVE 危険度: high 緊急度: high

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprp_load_more_revs AJAX action in versions up to, and including, 12.7.2. The parameter is read via $_POST['notinstring'] and passed through sanitize_text_field() — which strips HTML and whitespace but does not provide SQL safety. The value is then concatenated directly into a numeric/unquoted `AND id NOT IN (...)` clause and executed via $wpdb->get_results() without $wpdb->prepare() or intval() casting. Because the value sits in an unquoted numeric context, WordPress's wp_magic_quotes protection (which only escapes embedded quotes) is ineffective. The AJAX hook is registered via wp_ajax_nopriv_wprp_load_more_revs, and the required check_ajax_referer nonce is publicly available via wp_localize_script on any frontend page that renders the plugin shortcode, so an unauthenticated attacker who can reach a public page hosting the plugin can extract arbitrary data from the database via blind/time-based injection.

CVE-2026-14336

Threat Intelligence NVD CVE 危険度: high 緊急度: high

PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith(' https://ci.eclipse.org ') in is_issuer_known, pia/models.py:139) instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer such as https://ci.eclipse.org@evil.host (userinfo trick) or https://ci.eclipse.org.evil.host (suffix trick) that satisfies the prefix check while pointing the OIDC discovery and JWKS fetches at a server the attacker controls. An unauthenticated caller of POST /v1/upload/sbom can use this to force PIA to make outbound HTTP(S) requests to an arbitrary attacker-chosen host, and to have oidc.verify_token accept a JWT signed with the attacker's own key.

CVE-2026-14029

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation requires the attacker to hold a Groundhogg custom role with the view_contacts capability, which is granted by default to several built-in Groundhogg roles above the base subscriber level.

CVE-2026-13459

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to retrieve every distinct value stored under any arbitrary wp_postmeta key on the site — including WooCommerce billing PII such as _billing_email, _billing_phone, and _billing_address fields, order totals, attachment paths, and any third-party plugin credentials or tokens stored in post meta — provided at least one published JetFormBuilder form with a get_from_db generator field exists on the site. Exploitation requires that the target site has at least one published jet-form-builder post containing a field whose generator_function is set to get_from_db; an attacker must supply a matching form ID, field name, and generator ID in the request, but all of these can be discovered by browsing the site's public forms.

CVE-2026-13369

Threat Intelligence NVD CVE 危険度: high 緊急度: high

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Arbitrary File Read via the attach_files() function in versions up to, and including, 3.3.29. This is due to the get_files_for_attachment() function accepting a raw attacker-controlled 'files' array when the process() method returns early due to a client-supplied saveProgress flag, bypassing all upload validation, path normalization, and database record creation steps, and allowing an attacker-supplied file_path value to reach wp_mail() as an email attachment with only a file_exists() check. This makes it possible for unauthenticated attackers to read arbitrary files on the affected site's server.