支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 938

93.8%
立即捐款
漏洞列表
漏洞ID标题厂商产品风险等级CVSS 评分发布日期AI 分析
CVE-2026-3445 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass properfractionPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress 高危 7.1 2026-04-04 08:25:20 深度分析
CVE-2026-2826 Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload stellarwpKadence Blocks — Page Builder Toolkit for Gutenberg Editor 中危 4.3 2026-04-04 08:25:20 深度分析
CVE-2026-2437 WP Travel Engine - Travel and Tour Booking Plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode wptravelengineWP Travel Engine – Tour Booking Plugin – Tour Operator Software 中危 6.4 2026-04-04 08:25:19 深度分析
CVE-2026-5425 Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data trustindexWidgets for Social Photo Feed 高危 7.2 2026-04-04 08:25:19 深度分析
CVE-2026-4896 WCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product Manipulation wcloversWCFM – Frontend Manager for WooCommerce 高危 8.1 2026-04-04 07:42:00 深度分析
CVE-2025-13368 Xpro Addons — 140+ Widgets for Elementor <= 1.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting xproXpro Addons — 140+ Widgets for Elementor 中危 6.4 2026-04-04 07:42:00 深度分析
CVE-2026-0737 Shortcodes Ultimate <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode gn_themesWP Shortcodes Plugin — Shortcodes Ultimate 中危 6.4 2026-04-04 07:41:59 深度分析
CVE-2026-0552 Simple Shopping Cart <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsc_display_product' Shortcode mra13Simple Shopping Cart 中危 6.4 2026-04-04 07:41:59 深度分析
CVE-2026-0738 Shortcodes Ultimate <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode gn_themesWP Shortcodes Plugin — Shortcodes Ultimate 中危 6.4 2026-04-04 07:41:58 深度分析
CVE-2026-0664 Royal Elementor Addons <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass wproyalRoyal Addons for Elementor – Addons and Templates Kit for Elementor 中危 6.4 2026-04-04 07:41:58 深度分析
CVE-2026-2600 ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget roxnorElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor 中危 6.4 2026-04-04 07:41:58 深度分析
CVE-2025-15064 Ultimate Member <= 2.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via DOM Gadgets ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 中危 6.4 2026-04-04 07:41:57 深度分析
CVE-2026-2949 Xpro Addons 1.4.24 存储型跨站脚本漏洞 xproXpro Addons — 140+ Widgets for Elementor 中危 6.4 2026-04-04 02:26:21 深度分析
CVE-2026-2924 Gutenverse 3.4.6 认证跨站脚本存储漏洞 jegstudioGutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem 中危 6.4 2026-04-04 02:26:20 深度分析
CVE-2026-3571 Pie Register 3.8.4.8 未授权注册表单状态修改漏洞 genetechproductsPie Register – User Registration, Profiles & Content Restriction 中危 6.5 2026-04-04 01:24:06 深度分析
CVE-2026-35616 FortiClientEMS 7.4.5-7.4.6 访问控制漏洞 FortinetFortiClientEMS 超危 9.8 2026-04-04 00:38:36 深度分析
CVE-2026-34780 Electron 通过 contextBridge VideoFrame 绕过上下文隔离漏洞 electronelectron 高危 8.3 2026-04-04 00:02:02 深度分析
CVE-2026-34779 Electron macOS 应用移动函数 AppleScript 注入漏洞 electronelectron 中危 6.5 2026-04-04 00:00:42 深度分析
CVE-2026-34778 Electron 服务工作者可伪造 executeJavaScript IPC 回复漏洞 electronelectron 中危 5.9 2026-04-03 23:59:07 深度分析
CVE-2026-34777 Electron iframe 权限请求处理程序来源错误漏洞 electronelectron 中危 5.4 2026-04-03 23:57:36 深度分析