浏览 28+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3554 | Sherk Custom Post Type Displays <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute | sherkspear | Sherk Custom Post Type Displays | Medium | 6.4 | 2026-03-21 03:27:06 | Deep Dive |
| CVE-2025-14056 | Custom Post Type UI <= 1.18.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'label' Import Parameter | webdevstudios | Custom Post Type UI | Medium | 4.4 | 2025-12-13 03:20:26 | Deep Dive |
| CVE-2025-12826 | Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification | webdevstudios | Custom Post Type UI | Medium | 4.8 | 2025-12-04 06:48:41 | Deep Dive |
| CVE-2025-13142 | Custom Post Type <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion | farvehandleren | Custom Post Type | Medium | 4.3 | 2025-11-21 07:31:51 | Deep Dive |
| CVE-2025-64224 | WordPress Grand Conference Theme Custom Post Type plugin < 2.6.4 - Cross Site Scripting (XSS) vulnerability | ThemeGoods | Grand Conference Theme Custom Post Type | High | 7.1 | 2025-11-06 15:56:10 | Deep Dive |
| CVE-2025-62907 | WordPress Custom Post Type Attachment plugin <= 3.4.6 - Cross Site Scripting (XSS) vulnerability | aviplugins.com | Custom Post Type Attachment | Medium | 6.5 | 2025-10-27 01:33:53 | Deep Dive |
| CVE-2025-60116 | WordPress Grand Conference Theme Custom Post Type plugin < 2.6.4 - Broken Access Control vulnerability | ThemeGoods | Grand Conference Theme Custom Post Type | Medium | 5.4 | 2025-09-26 08:31:34 | Deep Dive |
| CVE-2025-58255 | WordPress Custom Post Type Images Plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability | yonisink | Custom Post Type Images | Critical | 9.6 | 2025-09-22 18:23:26 | Deep Dive |
| CVE-2025-5940 | Osom Blocks <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter | osompress | Osom Blocks | Medium | 6.4 | 2025-06-27 07:22:23 | Deep Dive |
| CVE-2025-29013 | WordPress Custom Category/Post Type Post order plugin <= 1.6.0 - Broken Access Control Vulnerability | faaiq | Custom Category/Post Type Post order | Medium | 5.4 | 2025-06-06 12:54:25 | Deep Dive |
| CVE-2025-30616 | WordPress Latest Custom Post Type Updates plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability | David Wood | Latest Custom Post Type Updates | High | 7.1 | 2025-04-03 13:27:08 | Deep Dive |
| CVE-2025-1510 | Custom Post Type Date Archives <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcode Execution | keesiemeijer | Custom Post Type Date Archives | High | 7.3 | 2025-02-22 03:21:00 | Deep Dive |
| CVE-2025-23500 | WordPress Simple Custom post type custom field plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability | faaiq | Simple Custom post type custom field | High | 7.1 | 2025-01-22 14:29:13 | Deep Dive |
| CVE-2025-23530 | WordPress Custom Post Type Lockdown plugin <= 1.11 - CSRF to Privilege Escalation vulnerability | yonisink | Custom Post Type Lockdown | High | 8.8 | 2025-01-16 20:06:11 | Deep Dive |
| CVE-2023-36526 | WordPress Duplicate Post Page Menu & Custom Post Type plugin <= 2.4.1 - Broken Access Control vulnerability | Inqsys Technology | Duplicate Post Page Menu & Custom Post Type | Medium | 5.4 | 2024-12-13 14:23:44 | Deep Dive |
| CVE-2024-53769 | WordPress Custom Post Type to Map Store plugin <= 1.1.0 - CSRF to Stored XSS vulnerability | lriaudel | Custom Post Type to Map Store | High | 7.1 | 2024-12-02 13:48:32 | Deep Dive |
| CVE-2024-51683 | WordPress Custom post type templates for Elementor plugin <= 1.10.1 - Stored Cross Site Scripting (XSS) vulnerability | Michael | Custom post type templates for Elementor | Medium | 6.5 | 2024-11-04 14:11:51 | Deep Dive |
| CVE-2024-4546 | Custom Post Type Attachment <= 3.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pdf_attachment Shortcode | avimegladon | Custom Post Type Attachment | Medium | 6.4 | 2024-05-16 07:32:43 | Deep Dive |
| CVE-2024-34430 | WordPress TT Custom Post Type Creator plugin <=1.0 - Cross Site Scripting (XSS) vulnerability | Rashed Latif | TT Custom Post Type Creator | Medium | 5.9 | 2024-05-09 11:12:10 | Deep Dive |
| CVE-2023-50372 | WordPress Custom Post Type Page Template Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) | Hiroaki Miyashita | Custom Post Type Page Template | Medium | 4.3 | 2023-12-18 10:15:29 | Deep Dive |