浏览 32+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3657 | My Sticky Bar <= 2.8.6 - Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action | premio | My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu) | High | 7.5 | 2026-03-12 02:22:36 | Deep Dive |
| CVE-2026-0554 | NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | Medium | 4.3 | 2026-01-20 14:26:34 | Deep Dive |
| CVE-2025-15380 | NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview' | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | High | 7.2 | 2026-01-20 14:26:34 | Deep Dive |
| CVE-2025-12412 | Top Bar Notification <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting | josereyev | Top Bar Notification | Medium | 6.1 | 2025-11-04 04:27:13 | Deep Dive |
| CVE-2025-9895 | Notification Bar <= 2.2 - Cross-Site Request Forgery | umarbajwa | Notification Bar | Medium | 4.3 | 2025-10-03 11:17:21 | Deep Dive |
| CVE-2024-2643 | My Sticky Bar < 2.6.8 - Admin+ Stored XSS | Unknown | Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme | - | - | 2025-05-15 20:09:44 | Deep Dive |
| CVE-2025-31610 | WordPress Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability | gingerplugins | Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme | Medium | 5.9 | 2025-03-31 12:55:39 | Deep Dive |
| CVE-2025-1672 | Notibar <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | ninjateam | Notibar – Notification Bar for WordPress | Medium | 5.5 | 2025-03-06 09:21:20 | Deep Dive |
| CVE-2025-22641 | WordPress FM Notification Bar plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability | Prem Tiwari | FM Notification Bar | Medium | 5.9 | 2025-02-04 14:21:57 | Deep Dive |
| CVE-2024-11012 | Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text | ninjateam | Notibar – Notification Bar for WordPress | Medium | 6.3 | 2024-12-13 09:27:28 | Deep Dive |
| CVE-2024-11727 | NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | Medium | 4.4 | 2024-12-12 06:46:33 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-7133 | My Sticky Bar < 2.7.3 - Admin+ Stored XSS | Unknown | Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme | - | - | 2024-09-13 06:00:04 | Deep Dive |
| CVE-2024-4090 | My Sticky Bar < 2.7.2 - Admin+ Stored XSS | Unknown | Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme | - | - | 2024-08-01 06:00:05 | Deep Dive |
| CVE-2024-37556 | WordPress WordPress Notification Bar plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerability | SeedProd | WordPress Notification Bar | Medium | 5.9 | 2024-07-21 06:53:17 | Deep Dive |
| CVE-2024-3031 | Fluid Notification Bar <= 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting | shrinitech | Fluid Notification Bar | Medium | 4.4 | 2024-06-04 05:32:14 | Deep Dive |
| CVE-2024-35647 | WordPress Global Notification Bar plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | Global Notification Bar | Global Notification Bar | Medium | 5.9 | 2024-06-01 23:16:20 | Deep Dive |
| CVE-2024-29819 | WordPress WPFront Notification Bar plugin <= 3.3.2 - Cross Site Scripting (XSS) vulnerability | Syam Mohan | WPFront Notification Bar | Medium | 5.9 | 2024-03-27 10:15:37 | Deep Dive |
| CVE-2024-1698 | NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | Critical | 9.8 | 2024-02-27 05:33:12 | Deep Dive |
| CVE-2024-0625 | WPFront Notification Bar <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class] | syammohanm | WPFront Notification Bar | Medium | 4.4 | 2024-01-25 02:32:36 | Deep Dive |