浏览 33+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-14444 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Medium | 5.3 | 2026-02-18 10:20:48 | Deep Dive |
| CVE-2026-1054 | RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Medium | 5.3 | 2026-01-28 07:27:35 | Deep Dive |
| CVE-2025-15403 | RegistrationMagic <= 6.0.7.1 - Unauthenticated Privilege Escalation via admin_order | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Critical | 9.8 | 2026-01-17 02:22:32 | Deep Dive |
| CVE-2025-13610 | RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Medium | 6.4 | 2025-12-15 14:25:11 | Deep Dive |
| CVE-2017-20208 | RegistrationMagic - Custom Registration Forms <= 3.7.9.2 - PHP Object Injection | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Critical | 9.8 | 2025-10-18 03:33:25 | Deep Dive |
| CVE-2025-11204 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 7.2 | 2025-10-08 04:23:40 | Deep Dive |
| CVE-2025-3281 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2025-05-06 07:24:22 | Deep Dive |
| CVE-2025-39363 | WordPress Custom Login and Registration <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability | AlphaEfficiencyTeam | Custom Login and Registration | Medium | 6.5 | 2025-05-05 06:10:51 | Deep Dive |
| CVE-2025-46535 | WordPress Custom Login and Registration plugin <= 1.0.0 - Broken Access Control vulnerability | AlphaEfficiencyTeam | Custom Login and Registration | Medium | 5.4 | 2025-04-25 08:05:57 | Deep Dive |
| CVE-2025-3284 | User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion | WPEverest | User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress Plugin | Medium | 4.3 | 2025-04-19 02:22:33 | Deep Dive |
| CVE-2025-3282 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2025-04-12 06:37:18 | Deep Dive |
| CVE-2025-3292 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 4.3 | 2025-04-12 06:37:17 | Deep Dive |
| CVE-2025-2836 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Medium | 6.4 | 2025-04-04 05:22:45 | Deep Dive |
| CVE-2025-1511 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.1 | 2025-02-28 05:23:14 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-4958 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 7.1 | 2024-06-01 07:35:57 | Deep Dive |
| CVE-2024-2417 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.8 | 2024-05-02 16:52:42 | Deep Dive |
| CVE-2024-3295 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.5 | 2024-05-02 16:52:21 | Deep Dive |
| CVE-2024-1991 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 8.8 | 2024-04-09 18:58:59 | Deep Dive |
| CVE-2024-1990 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 8.8 | 2024-04-09 18:58:52 | Deep Dive |