浏览 82+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-2830 | WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath' | wpallimport | WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets | Medium | 6.1 | 2026-03-06 07:22:51 | Deep Dive |
| CVE-2026-1582 | WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling | soflyy | WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel | Low | 3.7 | 2026-02-18 12:28:35 | Deep Dive |
| CVE-2026-1317 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | Medium | 6.5 | 2026-02-18 12:28:35 | Deep Dive |
| CVE-2025-14627 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | Medium | 6.4 | 2026-01-01 16:19:31 | Deep Dive |
| CVE-2025-12960 | Simple CSV Table <= 1.0.1 - Directory Traversal to Authenticated (Contributor+) Arbitrary File Read | iworks | Simple CSV Table | Medium | 6.5 | 2025-12-12 08:20:04 | Deep Dive |
| CVE-2025-13070 | CSV to SortTable <= 4.2 - Contributor+ LFI | Unknown | CSV to SortTable | - | - | 2025-12-09 06:00:08 | Deep Dive |
| CVE-2025-13894 | CSV Sumotto <= 1.0 - Reflected Cross-Site Scripting | sumotto | CSV Sumotto | Medium | 6.1 | 2025-12-06 05:49:35 | Deep Dive |
| CVE-2025-12894 | Import WP – Export and Import CSV and XML files to WordPress <= 2.14.17 - Unauthenticated Information Exposure | jcollings | Import WP – Export and Import CSV and XML files to WordPress | Medium | 5.3 | 2025-11-21 07:31:49 | Deep Dive |
| CVE-2025-13145 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | High | 7.2 | 2025-11-19 05:45:13 | Deep Dive |
| CVE-2025-12823 | CSV to SortTable <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | sscovil | CSV to SortTable | Medium | 6.4 | 2025-11-18 08:27:32 | Deep Dive |
| CVE-2025-12733 | Import any XML, CSV or Excel File to WordPress (WP All Import) <= 3.9.6 - Authenticated (Administrator+) Remote Code Execution via Conditional Logic | wpallimport | WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets | High | 8.8 | 2025-11-13 03:27:39 | Deep Dive |
| CVE-2025-12732 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.33 - Missing Authorization to Authenticated (Author+) Sensitive Information Exposure | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | Medium | 4.3 | 2025-11-12 08:28:04 | Deep Dive |
| CVE-2025-12137 | Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read | jcollings | Import WP – Export and Import CSV and XML files to WordPress | Medium | 4.9 | 2025-11-01 06:40:40 | Deep Dive |
| CVE-2025-62944 | WordPress MSTW CSV EXPORTER plugin <= 1.4 - Broken Access Control vulnerability | Mark O'Donnell | MSTW CSV EXPORTER | Medium | 5.3 | 2025-10-27 01:34:07 | Deep Dive |
| CVE-2025-10057 | WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection | smackcoders | WP Import – Ultimate CSV XML Importer for WordPress | High | 8.8 | 2025-09-17 05:18:45 | Deep Dive |
| CVE-2025-10058 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | High | 8.1 | 2025-09-17 05:18:45 | Deep Dive |
| CVE-2025-10001 | Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload | wpallimport | WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets | High | 7.2 | 2025-09-10 06:38:50 | Deep Dive |
| CVE-2025-10040 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | High | 7.7 | 2025-09-10 06:38:49 | Deep Dive |
| CVE-2025-54029 | WordPress WooCommerce csv import export Plugin <= 2.0.6 - Arbitrary File Deletion Vulnerability | extendons | WooCommerce csv import export | High | 7.7 | 2025-08-28 12:37:34 | Deep Dive |
| CVE-2020-36849 | AIT CSV import/export <= 3.0.3 - Unauthenticated Arbitrary File Upload | AIT Themes | AIT CSV import/export | Critical | 9.8 | 2025-07-12 11:23:40 | Deep Dive |