浏览 21+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-25023 | WordPress Run Contests, Raffles, and Giveaways with ContestsWP plugin <= 2.0.7 - Sensitive Data Exposure vulnerability | mdedev | Run Contests, Raffles, and Giveaways with ContestsWP | Medium | 5.3 | 2026-02-03 14:08:41 | Deep Dive |
| CVE-2025-66064 | WordPress Giveaways and Contests by RafflePress plugin <= 1.12.20 - Cross Site Request Forgery (CSRF) vulnerability | Syed Balkhi | Giveaways and Contests by RafflePress | Medium | 4.3 | 2025-11-21 12:29:55 | Deep Dive |
| CVE-2025-12484 | Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers <= 1.12.19 - Unauthenticated Stored Cross-Site Scripting | smub | Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers | High | 7.2 | 2025-11-19 07:46:07 | Deep Dive |
| CVE-2025-49997 | WordPress Giveaways and Contests by RafflePress plugin <= 1.12.18 - Broken Access Control + CSRF Vulnerability | Syed Balkhi | Giveaways and Contests by RafflePress | Medium | 5.3 | 2025-06-20 15:04:06 | Deep Dive |
| CVE-2024-10107 | Giveaways and Contests by RafflePress < 1.12.17 - Admin+ Stored XSS | Unknown | Giveaways and Contests by RafflePress | - | - | 2025-05-15 20:06:41 | Deep Dive |
| CVE-2025-32634 | WordPress Run Contests, Raffles, and Giveaways plugin <= 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | mdedev | Run Contests, Raffles, and Giveaways with ContestsWP | High | 7.1 | 2025-04-17 15:47:11 | Deep Dive |
| CVE-2024-13316 | Scratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation | akashmalik | Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more | Medium | 5.3 | 2025-02-18 08:21:43 | Deep Dive |
| CVE-2025-23934 | WordPress Giveaways and Contests by PromoSimple plugin <= 1.24 - Cross Site Scripting (XSS) vulnerability | Sam Brodie | Giveaways and Contests by PromoSimple | Medium | 6.5 | 2025-01-16 20:08:03 | Deep Dive |
| CVE-2024-12545 | Scratch & Win – Giveaways and Contests <= 2.7.1 - Cross-Site Request Forgery via reset_installation Function | akashmalik | Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more | Medium | 5.4 | 2025-01-04 07:24:24 | Deep Dive |
| CVE-2024-11898 | Scratch & Win – Giveaways and Contests <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | akashmalik | Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more | Medium | 6.4 | 2024-12-03 07:34:58 | Deep Dive |
| CVE-2024-11456 | Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.3 - Reflected Cross-Site Scripting | mdedev | Run Contests, Raffles, and Giveaways with ContestsWP | Medium | 6.1 | 2024-11-21 08:31:11 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-6887 | Giveaways and Contests by RafflePress < 1.12.16 - Editor+ Stored XSS | Unknown | Giveaways and Contests by RafflePress | - | - | 2024-09-12 06:00:04 | Deep Dive |
| CVE-2024-3963 | RafflePress Lite < 1.12.14 - Editor+ Stored XSS | Unknown | Giveaways and Contests by RafflePress | - | - | 2024-07-13 06:00:05 | Deep Dive |
| CVE-2024-4745 | WordPress Giveaways and Contests by RafflePress plugin <= 1.12.4 - Broken Access Control vulnerability | RafflePress | Giveaways and Contests by RafflePress | Medium | 4.3 | 2024-06-10 08:09:15 | Deep Dive |
| CVE-2024-32827 | WordPress Giveaways and Contests by RafflePress plugin <= 1.12.7 - IP Restriction Bypass vulnerability | RafflePress | Giveaways and Contests | Medium | 5.3 | 2024-05-17 09:39:48 | Deep Dive |
| CVE-2024-1935 | Giveaways and Contests by RafflePress <= 1.12.5 - Unauthenticated Stored Cross-Site Scripting | smub | Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers | High | 7.2 | 2024-03-13 15:26:40 | Deep Dive |
| CVE-2023-31086 | WordPress Simple Giveaways Plugin <= 2.46.0 is vulnerable to Cross Site Request Forgery (CSRF) | Igor Benic | Simple Giveaways – Grow your business, email lists and traffic with contests | Medium | 5.4 | 2023-11-09 22:57:04 | Deep Dive |
| CVE-2023-5049 | Giveaways and Contests by RafflePress <= 1.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | smub | Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers | Medium | 6.4 | 2023-10-30 13:49:00 | Deep Dive |
| CVE-2023-0176 | Giveaways and Contests by RafflePress < 1.11.3 - Contributor+ Stored XSS | Unknown | Giveaways and Contests by RafflePress | 中危 | - | 2023-02-06 19:59:46 | Deep Dive |