浏览 24+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39510 | WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Insecure Direct Object References (IDOR) vulnerability | WP Chill | Image Photo Gallery Final Tiles Grid | - | - | 2026-04-08 08:30:14 | Deep Dive |
| CVE-2026-25375 | WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.10 - Broken Access Control vulnerability | WP Chill | Image Photo Gallery Final Tiles Grid | - | - | 2026-02-19 08:27:01 | Deep Dive |
| CVE-2026-1254 | Modula Image Gallery – Photo Grid & Video Gallery <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing | wpchill | Modula Image Gallery – Photo Grid & Video Gallery | Medium | 4.3 | 2026-02-14 08:26:47 | Deep Dive |
| CVE-2025-15466 | Image Photo Gallery Final Tiles Grid <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management | wpchill | Image Photo Gallery Final Tiles Grid | Medium | 5.4 | 2026-01-19 23:21:53 | Deep Dive |
| CVE-2025-27004 | WordPress Famous - Responsive Image And Video Grid Gallery WordPress Plugin plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | LambertGroup | Famous - Responsive Image And Video Grid Gallery WordPress Plugin | High | 7.1 | 2026-01-08 09:17:42 | Deep Dive |
| CVE-2025-13693 | Image Photo Gallery Final Tiles Grid <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting | wpchill | Image Photo Gallery Final Tiles Grid | Medium | 6.4 | 2025-12-21 03:20:05 | Deep Dive |
| CVE-2025-14455 | Image Photo Gallery Final Tiles Grid <= 3.6.7 - Missing Authorization to Authenticated (Contributor+) Gallery Management | wpchill | Image Photo Gallery Final Tiles Grid | Medium | 5.4 | 2025-12-19 09:29:49 | Deep Dive |
| CVE-2025-14003 | Image Gallery – Photo Grid & Video Gallery <= 2.13.3 - Missing Authorization to Authenticated (Author+) Arbitrary Gallery Modification | wpchill | Modula Image Gallery – Photo Grid & Video Gallery | Medium | 4.3 | 2025-12-15 14:25:10 | Deep Dive |
| CVE-2025-13891 | Image Gallery – Photo Grid & Video Gallery (Modula) <= 2.13.3 - Missing Authorization to Arbitrary Directory Listing | wpchill | Modula Image Gallery – Photo Grid & Video Gallery | Medium | 6.5 | 2025-12-12 07:20:35 | Deep Dive |
| CVE-2025-13646 | Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Upload via Race Condition | wpchill | Image Gallery – Photo Grid & Video Gallery | High | 7.5 | 2025-12-03 02:25:30 | Deep Dive |
| CVE-2025-13645 | Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion | wpchill | Image Gallery – Photo Grid & Video Gallery | High | 7.2 | 2025-12-03 02:25:29 | Deep Dive |
| CVE-2025-12494 | Image Gallery – Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move | wpchill | Modula Image Gallery – Photo Grid & Video Gallery | Medium | 4.3 | 2025-11-15 05:45:34 | Deep Dive |
| CVE-2025-49451 | WordPress Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery plugin <= 1.0.13 - Directory Traversal Vulnerability | yannisraft | Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery | High | 7.5 | 2025-06-17 15:01:42 | Deep Dive |
| CVE-2024-6261 | Image Photo Gallery Final Tiles Grid <= 3.6.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | wpchill | Image Photo Gallery Final Tiles Grid | Medium | 6.4 | 2025-02-27 05:23:05 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-3710 | Image Photo Gallery Final Tiles Grid < 3.6.0 - Contributor+ Stored XSS | Unknown | Image Photo Gallery Final Tiles Grid | - | - | 2024-07-13 06:00:04 | Deep Dive |
| CVE-2024-1897 | Grid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated (Contributor+) PHP Object Injection via shortcode | awordpresslife | Grid Gallery for Images | High | 7.5 | 2024-05-02 16:51:59 | Deep Dive |
| CVE-2024-3020 | Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection | shapedplugin | Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel | High | 7.2 | 2024-04-10 04:30:22 | Deep Dive |
| CVE-2024-2949 | Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode' | shapedplugin | Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel | Medium | 6.4 | 2024-04-06 06:47:19 | Deep Dive |