浏览 31+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32349 | WordPress Embed PDF Viewer plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability | Andy Fragen | Embed PDF Viewer | 中危 | - | 2026-03-13 11:41:59 | Deep Dive |
| CVE-2026-2569 | Dear Flipbook <= 2.4.20 - Authenticated (Auhtor+) Stored Cross-Site Scripting via PDF Page Labels | dearhive | Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer | Medium | 6.4 | 2026-03-10 23:21:12 | Deep Dive |
| CVE-2025-12885 | Embed Any Document <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting | awsmin | Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files | Medium | 6.4 | 2025-12-18 01:51:13 | Deep Dive |
| CVE-2025-10647 | Embed PDF for WPForms <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Upload | salzano | Embed PDF for WPForms | High | 8.8 | 2025-09-19 08:23:58 | Deep Dive |
| CVE-2025-5314 | Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source' | dearhive | Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer | Medium | 6.1 | 2025-07-01 11:27:12 | Deep Dive |
| CVE-2025-1043 | Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files <= 2.7.5 - Authenticated (Contributor+) Blind Server-Side Request Forgery via embeddoc Shortcode | awsmin | Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files | Medium | 6.4 | 2025-02-20 11:09:31 | Deep Dive |
| CVE-2025-23807 | WordPress Spiderpowa Embed PDF plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | jim2212001 | Spiderpowa Embed PDF | Medium | 6.5 | 2025-01-16 20:07:11 | Deep Dive |
| CVE-2024-11830 | Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting | dearhive | Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer | Medium | 6.4 | 2025-01-08 11:09:25 | Deep Dive |
| CVE-2024-56256 | WordPress Embed PDF Viewer plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability | Andy Fragen | Embed PDF Viewer | Medium | 5.9 | 2024-12-31 10:15:37 | Deep Dive |
| CVE-2024-11203 | EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name' | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-11-28 08:47:31 | Deep Dive |
| CVE-2024-8717 | PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip <= 2.3.32 - Reflected Cross-Site Scripting | dearhive | Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer | Medium | 6.1 | 2024-10-24 08:32:22 | Deep Dive |
| CVE-2024-9451 | Embed PDF Viewer <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via height and width Parameters | afragen | Embed PDF Viewer | Medium | 6.4 | 2024-10-09 07:33:36 | Deep Dive |
| CVE-2024-1565 | EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-06-13 08:31:32 | Deep Dive |
| CVE-2024-5571 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-06-05 08:33:16 | Deep Dive |
| CVE-2024-1803 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 4.3 | 2024-05-23 12:43:29 | Deep Dive |
| CVE-2024-4316 | EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-05-09 20:03:23 | Deep Dive |
| CVE-2024-3244 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-04-09 18:59:00 | Deep Dive |
| CVE-2024-3245 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-04-06 02:32:04 | Deep Dive |
| CVE-2024-2468 | EmbedPress <= 3.9.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Attribute | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-03-23 02:32:56 | Deep Dive |
| CVE-2024-2688 | EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color' | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 5.4 | 2024-03-23 02:32:56 | Deep Dive |