浏览 193+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6741 | LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 8.8 | 2026-04-27 19:36:47 | Deep Dive |
| CVE-2026-6810 | Booking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover | codepeople | Booking Calendar Contact Form | Medium | 5.3 | 2026-04-24 05:29:38 | Deep Dive |
| CVE-2026-5234 | LatePoint <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.3 | 2026-04-17 03:36:45 | Deep Dive |
| CVE-2026-4109 | Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | Medium | 4.3 | 2026-04-14 07:43:04 | Deep Dive |
| CVE-2026-4785 | LatePoint <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.4 | 2026-04-08 03:36:09 | Deep Dive |
| CVE-2026-5465 | Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter | ameliabooking | Booking for Appointments and Events Calendar – Amelia | High | 8.8 | 2026-04-07 06:43:41 | Deep Dive |
| CVE-2026-4668 | Amelia <= 2.1.2 - Authenticated (Manager+) SQL Injection via 'sort' Parameter | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 6.5 | 2026-03-31 23:25:47 | Deep Dive |
| CVE-2026-2231 | Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters | techjewel | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution | High | 7.2 | 2026-03-26 13:26:06 | Deep Dive |
| CVE-2026-2931 | Amelia Booking <= 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change | ameliabooking | Booking for Appointments and Events Calendar – Amelia | High | 8.8 | 2026-03-26 03:37:28 | Deep Dive |
| CVE-2026-25435 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.36 - Cross Site Scripting (XSS) vulnerability | wpdevart | Booking calendar, Appointment Booking System | High | 7.1 | 2026-03-25 16:14:49 | Deep Dive |
| CVE-2026-3658 | Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-19 11:15:31 | Deep Dive |
| CVE-2026-32358 | WordPress Booking Calendar plugin <= 10.14.15 - SQL Injection vulnerability | wpdevelop | Booking Calendar | 中危 | - | 2026-03-13 11:42:04 | Deep Dive |
| CVE-2026-1704 | Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 4.3 | 2026-03-13 07:23:39 | Deep Dive |
| CVE-2026-3045 | Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-13 07:23:39 | Deep Dive |
| CVE-2026-1708 | Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-11 07:36:25 | Deep Dive |
| CVE-2026-2324 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.1 | 2026-03-11 01:22:04 | Deep Dive |
| CVE-2026-1919 | Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints | arraytics | Booktics – Booking Calendar for Appointments and Service Businesses | Medium | 5.3 | 2026-03-10 02:21:50 | Deep Dive |
| CVE-2026-1920 | Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation | arraytics | Booktics – Booking Calendar for Appointments and Service Businesses | Medium | 5.3 | 2026-03-10 02:21:49 | Deep Dive |
| CVE-2026-1487 | LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.5 | 2026-03-03 01:21:51 | Deep Dive |
| CVE-2026-1566 | LatePoint <= 5.2.7 - Authenticated (Agent+) Privilege Escalation | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 8.8 | 2026-03-02 23:22:56 | Deep Dive |