浏览 1,517+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-42410 | WordPress TheGem theme Elements (for Elementor) plugin < 5.12.1.1 - Cross Site Scripting (XSS) vulnerability | CodexThemes | TheGem Theme Elements (for Elementor) | Medium | 6.5 | 2026-04-27 10:41:04 | Deep Dive |
| CVE-2026-5428 | Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2026-04-24 05:29:39 | Deep Dive |
| CVE-2026-6393 | BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage | wpdevteam | BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor | Medium | 4.3 | 2026-04-24 03:27:06 | Deep Dive |
| CVE-2026-4106 | HT Mega < 3.0.7 – Unauthenticated PII Disclosure | Unknown | HT Mega Addons for Elementor | - | - | 2026-04-23 06:00:06 | Deep Dive |
| CVE-2026-6048 | Flipbox Addon for Elementor <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes | dragwyb | Flipbox Addon for Elementor | Medium | 6.4 | 2026-04-18 03:37:06 | Deep Dive |
| CVE-2026-4659 | Unlimited Elements For Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal | unitecms | Unlimited Elements For Elementor | High | 7.5 | 2026-04-17 06:44:50 | Deep Dive |
| CVE-2026-5162 | Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2026-04-17 01:24:37 | Deep Dive |
| CVE-2026-3875 | BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | wpdevteam | BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor | Medium | 6.4 | 2026-04-16 06:44:52 | Deep Dive |
| CVE-2026-1572 | Livemesh Addons by Elementor <= 9.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via Plugin Settings | livemesh | Livemesh Addons by Elementor | Medium | 6.4 | 2026-04-16 06:44:51 | Deep Dive |
| CVE-2026-1620 | Livemesh Addons by Elementor <= 9.0 - Authenticated (Contributor+) Local File Inclusion via Widget Template Parameter | livemesh | Livemesh Addons by Elementor | High | 8.8 | 2026-04-16 06:44:50 | Deep Dive |
| CVE-2026-40745 | WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability | bdthemes | Element Pack Elementor Addons | 中危 | - | 2026-04-15 10:21:35 | Deep Dive |
| CVE-2026-40763 | WordPress Royal Elementor Addons plugin <= 1.7.1056 - Broken Access Control vulnerability | WP Royal | Royal Elementor Addons | 中危 | - | 2026-04-15 10:21:35 | Deep Dive |
| CVE-2026-4326 | Vertex Addons for Elementor <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation via 'afeb_activate_required_plugins' | webilia | Vertex Addons for Elementor | High | 8.8 | 2026-04-09 01:25:56 | Deep Dive |
| CVE-2026-39702 | WordPress Animation Addons for Elementor plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability | Wealcoder | Animation Addons for Elementor | - | - | 2026-04-08 08:30:47 | Deep Dive |
| CVE-2026-39703 | WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.8.1 - Cross Site Scripting (XSS) vulnerability | wpbits | WPBITS Addons For Elementor Page Builder | - | - | 2026-04-08 08:30:47 | Deep Dive |
| CVE-2026-39636 | WordPress Livemesh Addons for Elementor plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability | livemesh | Livemesh Addons for Elementor | - | - | 2026-04-08 08:30:30 | Deep Dive |
| CVE-2026-39500 | WordPress themesflat-addons-for-elementor plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability | Themesflat | themesflat-addons-for-elementor | - | - | 2026-04-08 08:30:13 | Deep Dive |
| CVE-2026-4655 | Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2026-04-08 07:43:01 | Deep Dive |
| CVE-2026-3311 | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2026-04-08 05:29:00 | Deep Dive |
| CVE-2026-4341 | Prime Slider <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2026-04-08 03:36:09 | Deep Dive |