浏览 53+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5488 | ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token' | smub | ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | Medium | 5.3 | 2026-04-24 03:27:06 | Deep Dive |
| CVE-2026-5464 | ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process | smub | ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | High | 7.2 | 2026-04-23 08:28:26 | Deep Dive |
| CVE-2026-5231 | WP Statistics <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter | veronalabs | WP Statistics – Simple, privacy-friendly Google Analytics alternative | High | 7.2 | 2026-04-17 01:24:38 | Deep Dive |
| CVE-2026-3488 | WP Statistics <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation | veronalabs | WP Statistics – Simple, privacy-friendly Google Analytics alternative | Medium | 6.5 | 2026-04-17 01:24:38 | Deep Dive |
| CVE-2026-3529 | Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024 | Drupal | Google Analytics GA4 | - | - | 2026-03-26 20:03:29 | Deep Dive |
| CVE-2026-1992 | ExactMetrics 8.6.0 - 9.0.2 - Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation | smub | ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | High | 8.8 | 2026-03-11 09:25:43 | Deep Dive |
| CVE-2026-1993 | ExactMetrics 7.1.0 - 9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update | smub | ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | High | 8.8 | 2026-03-11 09:25:42 | Deep Dive |
| CVE-2025-68028 | WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerability | Passionate Brains | GA4WP: Google Analytics for WordPress | Medium | 6.5 | 2026-02-20 15:46:36 | Deep Dive |
| CVE-2026-22517 | WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerability | Passionate Brains | GA4WP: Google Analytics for WordPress | Medium | 5.4 | 2026-01-08 16:22:10 | Deep Dive |
| CVE-2025-12540 | ShareThis Dashboard for Google Analytics <= 3.2.4 - Unauthenticated Google Analytics Data Exposure | sharethis | ShareThis Dashboard for Google Analytics | Medium | 4.7 | 2026-01-07 08:21:53 | Deep Dive |
| CVE-2025-63009 | WordPress WP Google Analytics Events plugin <= 2.8.2 - Sensitive Data Exposure vulnerability | yuvalo | WP Google Analytics Events | - | - | 2025-12-09 14:52:27 | Deep Dive |
| CVE-2025-10703 | Progress多款产品 代码注入漏洞 | Progress | DataDirect Connect for JDBC for Amazon Redshift | - | - | 2025-11-19 15:47:08 | Deep Dive |
| CVE-2025-10702 | Progress多款产品 代码注入漏洞 | Progress | DataDirect Connect for JDBC for Amazon Redshift | - | - | 2025-11-19 15:46:27 | Deep Dive |
| CVE-2025-12545 | Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more <= 1.49.2 - Unauthenticated Information Exposure | alekv | Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing | Medium | 5.3 | 2025-11-18 13:54:51 | Deep Dive |
| CVE-2025-64292 | WordPress Analytics Germanized for Google Analytics plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability | PascalBajorat | Analytics Germanized for Google Analytics | Medium | 6.5 | 2025-11-13 09:24:33 | Deep Dive |
| CVE-2025-9816 | WP Statistics <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header | veronalabs | WP Statistics – Simple, privacy-friendly Google Analytics alternative | High | 7.2 | 2025-09-27 04:26:58 | Deep Dive |
| CVE-2025-57935 | WordPress Bot Block – Stop Spam Referrals in Google Analytics Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability | Ricky Dawn | Bot Block – Stop Spam Referrals in Google Analytics | Medium | 5.9 | 2025-09-22 18:25:03 | Deep Dive |
| CVE-2025-28962 | WordPress Advanced Google Universal Analytics plugin <= 1.0.3 - Broken Access Control to Sensitive Data Exposure vulnerability | stefanoai | Advanced Google Universal Analytics | Medium | 6.5 | 2025-08-14 10:34:35 | Deep Dive |
| CVE-2025-6201 | Pixel Manager for WooCommerce (PRO) <= 1.49.0 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode | alekv | Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing | Medium | 6.4 | 2025-06-19 02:10:37 | Deep Dive |
| CVE-2024-12561 | Affiliate Sales in Google Analytics and other tools <= 2.0.0 - Open Redirect | wecantrack | Affiliate Sales in Google Analytics and other tools | Medium | 6.1 | 2025-05-21 09:21:52 | Deep Dive |