浏览 27+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-1258 | Mail Mint <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints | getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails | Medium | 4.9 | 2026-02-14 08:26:48 | Deep Dive |
| CVE-2026-1447 | Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails | Medium | 5.4 | 2026-02-03 06:38:06 | Deep Dive |
| CVE-2026-1051 | Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription | satollo | Newsletter – Send awesome emails from WordPress | Medium | 4.3 | 2026-01-20 01:22:46 | Deep Dive |
| CVE-2025-14626 | QR Code for WooCommerce order emails, PDF invoices, packing slips <= 1.9.42 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Attributes | www15to | QR Code for WooCommerce order emails, PDF invoices, packing slips | Medium | 6.4 | 2026-01-07 09:20:57 | Deep Dive |
| CVE-2025-11967 | Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload | getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails | High | 7.2 | 2025-11-08 09:28:12 | Deep Dive |
| CVE-2025-60041 | WordPress Emails Catch All plugin <= 3.5.3 - Broken Authentication vulnerability | Iulia Cazan | Emails Catch All | High | 8.8 | 2025-10-22 14:32:40 | Deep Dive |
| CVE-2025-10047 | Email Tracker <= 5.3.15 - Authenticated (Admin+) SQL Injection | pmbaldha | Email Tracker | Medium | 4.9 | 2025-10-22 08:27:12 | Deep Dive |
| CVE-2025-48251 | WordPress Additional Custom Emails & Recipients for WooCommerce plugin <= 3.5.1 - Cross Site Scripting (XSS) Vulnerability | WPFactory | Additional Custom Emails & Recipients for WooCommerce | Medium | 6.5 | 2025-05-19 14:44:57 | Deep Dive |
| CVE-2024-54388 | WordPress Multiple Admin Emails plugin <= 1.0 - CSRF to Stored XSS vulnerability | Phuc Pham | Multiple Admin Emails | High | 7.1 | 2024-12-16 14:14:07 | Deep Dive |
| CVE-2023-32507 | WordPress Woo Custom Emails plugin <= 2.2 - Broken Access Control vulnerability | Mehul Kaklotar | Woo Custom Emails | High | 7.3 | 2024-12-13 14:23:22 | Deep Dive |
| CVE-2024-43208 | WordPress Send Emails with Mandrill plugin <= 1.4.1 - Broken Access Control vulnerability | Matt Miller | Send Emails with Mandrill | Medium | 4.3 | 2024-11-01 14:17:42 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-37522 | WordPress CC & BCC for Woocommerce Order Emails plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability | Dario Curasì | CC & BCC for Woocommerce Order Emails | Medium | 5.9 | 2024-07-21 07:10:16 | Deep Dive |
| CVE-2024-5317 | Newsletter <= 8.3.4 - Unauthenticated Stored Cross-Site Scripting via np1 | satollo | Newsletter – Send awesome emails from WordPress | Medium | 6.4 | 2024-06-05 01:56:30 | Deep Dive |
| CVE-2023-6165 | Restrict Usernames Emails Characters Plugin < 3.1.4 - Admin+ Stored XSS | Unknown | Restrict Usernames Emails Characters | 中危 | - | 2024-01-29 14:44:28 | Deep Dive |
| CVE-2022-45360 | WordPress Commenter Emails Plugin <= 2.6.1 is vulnerable to CSV Injection | Scott Reilly | Commenter Emails | 超危 | - | 2023-11-07 16:58:21 | Deep Dive |
| CVE-2022-46821 | WordPress Emails & Newsletters with Jackmail Plugin <= 1.2.22 is vulnerable to CSV Injection | Jackmail & Sarbacane | Emails & Newsletters with Jackmail | 高危 | - | 2023-11-07 16:47:17 | Deep Dive |
| CVE-2023-45004 | WordPress Woo Custom Emails Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) | wp3sixty | Woo Custom Emails | High | 7.1 | 2023-10-17 11:05:54 | Deep Dive |
| CVE-2023-4772 | Newsletter <= 7.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | satollo | Newsletter – Send awesome emails from WordPress | Medium | 6.4 | 2023-09-07 01:52:16 | Deep Dive |
| CVE-2023-4315 | Woo Custom Emails <= 2.2 - Reflected Cross-Site Scripting via wcemails_edit | mehulkaklotar | Woo Custom Emails | Medium | 6.1 | 2023-08-31 05:33:09 | Deep Dive |