浏览 49+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4109 | Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | Medium | 4.3 | 2026-04-14 07:43:04 | Deep Dive |
| CVE-2025-68015 | WordPress Event Tickets with Ticket Scanner plugin <= 2.8.5 - Remote Code Execution (RCE) vulnerability | Vollstart | Event Tickets with Ticket Scanner | - | - | 2026-01-22 16:52:03 | Deep Dive |
| CVE-2025-14657 | Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.2 | 2026-01-09 07:22:13 | Deep Dive |
| CVE-2025-62027 | WordPress Event Tickets plugin <= 5.26.3 - Broken Access Control vulnerability | StellarWP | Event Tickets | - | - | 2025-10-22 14:32:51 | Deep Dive |
| CVE-2025-11517 | Event Tickets and Registration <= 5.26.5 - Unauthenticated Ticket Payment Bypass | stellarwp | Event Tickets and Registration | High | 7.5 | 2025-10-18 06:42:44 | Deep Dive |
| CVE-2025-9875 | Event Tickets, RSVPs, Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | ticketspot | Event Tickets, RSVPs, Calendar | Medium | 6.4 | 2025-10-03 11:17:11 | Deep Dive |
| CVE-2025-7813 | Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.2 | 2025-08-23 05:48:20 | Deep Dive |
| CVE-2025-4796 | Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 8.8 | 2025-08-08 18:26:27 | Deep Dive |
| CVE-2025-2799 | WP Event Manager <= 3.1.49 - Authenticated (Administrator+) Stored Cross-Site Scripting | wpeventmanager | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | Medium | 4.4 | 2025-07-16 05:23:51 | Deep Dive |
| CVE-2025-2800 | WP Event Manager <= 3.1.50 - Unauthenticated Stored Cross-Site Scripting via 'organizer_name' | wpeventmanager | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | High | 7.2 | 2025-07-16 05:23:51 | Deep Dive |
| CVE-2025-5568 | WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | magepeopleteam | Event Booking Manager for WooCommerce | Medium | 6.4 | 2025-06-07 11:17:51 | Deep Dive |
| CVE-2024-6711 | Event Tickets with Ticket Scanner < 2.3.8 - Admin+ Stored XSS | Unknown | Event Tickets with Ticket Scanner | - | - | 2025-05-15 20:09:47 | Deep Dive |
| CVE-2025-3419 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.5 | 2025-05-08 05:22:51 | Deep Dive |
| CVE-2025-3761 | My Tickets – Accessible Event Ticketing <= 2.0.16 - Authenticated (Subscriber+) Privilege Escalation | joedolson | My Tickets – Accessible Event Ticketing | High | 8.8 | 2025-04-24 06:57:06 | Deep Dive |
| CVE-2025-30794 | WordPress Event Tickets plugin <= 5.20.0 - Reflected Cross Site Scripting (XSS) vulnerability | StellarWP | Event Tickets | High | 7.1 | 2025-04-01 05:31:37 | Deep Dive |
| CVE-2025-1762 | Event Tickets with Ticket Scanner < 2.5.4 - Arbitrary Tickets Deletion via CSRF | Unknown | Event Tickets with Ticket Scanner | 中危 | - | 2025-03-28 06:00:04 | Deep Dive |
| CVE-2025-1770 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Authenticated (Contributor+) Local File Inclusion | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 8.8 | 2025-03-20 05:22:35 | Deep Dive |
| CVE-2025-1766 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Missing Authorization to Unauthenticated Payment Status Update | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | Medium | 5.3 | 2025-03-20 05:22:35 | Deep Dive |
| CVE-2025-1402 | Event Tickets and Registration <= 5.19.1.1 - Missing Authorization to Ticket Deletion | stellarwp | Event Tickets and Registration | Medium | 5.3 | 2025-02-21 11:09:35 | Deep Dive |
| CVE-2025-0507 | Ticketmeo – Sell Tickets – Event Ticketing <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | snexed | Ticketmeo – Sell Tickets – Event Ticketing | Medium | 6.4 | 2025-01-31 04:21:47 | Deep Dive |