浏览 21+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-2002 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 4.4 | 2026-02-17 04:35:45 | Deep Dive |
| CVE-2025-14782 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 5.3 | 2026-01-09 06:34:53 | Deep Dive |
| CVE-2025-7638 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 4.9 | 2025-07-18 04:23:02 | Deep Dive |
| CVE-2025-6464 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | High | 7.5 | 2025-07-02 05:29:17 | Deep Dive |
| CVE-2025-6463 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | High | 8.8 | 2025-07-02 04:24:56 | Deep Dive |
| CVE-2025-5341 | Forminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.4 | 2025-06-05 11:15:06 | Deep Dive |
| CVE-2025-3487 | Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit' | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.4 | 2025-04-17 11:13:06 | Deep Dive |
| CVE-2025-3479 | Forminator <= 1.42.0 - Order Replay Vulnerability | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 5.3 | 2025-04-17 11:13:06 | Deep Dive |
| CVE-2025-0469 | Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.4 | 2025-02-27 04:21:44 | Deep Dive |
| CVE-2025-0470 | Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.1 | 2025-01-31 03:21:29 | Deep Dive |
| CVE-2024-9700 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 5.3 | 2024-10-31 05:31:24 | Deep Dive |
| CVE-2024-10402 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | High | 7.5 | 2024-10-26 11:38:03 | Deep Dive |
| CVE-2024-9352 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 4.3 | 2024-10-17 05:33:09 | Deep Dive |
| CVE-2024-9351 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 4.3 | 2024-10-17 05:33:09 | Deep Dive |
| CVE-2024-7389 | Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | High | 7.5 | 2024-08-02 04:29:55 | Deep Dive |
| CVE-2024-1794 | Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | High | 7.2 | 2024-04-09 18:58:39 | Deep Dive |
| CVE-2024-3053 | Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.4 | 2024-04-09 18:58:35 | Deep Dive |
| CVE-2023-6133 | Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 6.6 | 2023-11-15 06:40:46 | Deep Dive |
| CVE-2023-4596 | Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Critical | 9.8 | 2023-08-30 01:45:37 | Deep Dive |
| CVE-2021-4417 | Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass | wpmudev | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | Medium | 5.4 | 2023-07-12 03:40:46 | Deep Dive |