浏览 31+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6443 | Essentialplugin Plugins (Various Versions) - Injected Backdoor | essentialplugin | Accordion and Accordion Slider | Critical | 9.8 | 2026-04-17 06:44:49 | Deep Dive |
| CVE-2026-3017 | Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection | shapedplugin | Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts | High | 7.2 | 2026-04-14 05:30:33 | Deep Dive |
| CVE-2025-11373 | Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Safe File Type Upload | averta | Depicter — Popup & Slider Builder | Medium | 4.3 | 2025-11-05 06:35:01 | Deep Dive |
| CVE-2025-57955 | WordPress Post Carousel Slider for Elementor Plugin <= 1.7.0 - Broken Access Control Vulnerability | Plugin Devs | Post Carousel Slider for Elementor | Medium | 6.5 | 2025-09-22 18:24:48 | Deep Dive |
| CVE-2025-8481 | Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid <= 1.1.7 - Cross-Site Request Forgery | mdimran41 | Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid | Medium | 4.3 | 2025-09-11 07:24:58 | Deep Dive |
| CVE-2025-3863 | Post Carousel Slider for Elementor <= 1.6.0 - Authenticated (Subscriber+) Missing Authorization via process_wbelps_promo_form Function | plugindevs | Post Carousel Slider for Elementor | Medium | 4.3 | 2025-06-26 02:06:32 | Deep Dive |
| CVE-2025-4567 | Post Slider and Carousel with Widget < 3.2.10 - Admin+ Stored XSS | Unknown | Post Slider and Post Carousel with Post Vertical Scrolling Widget | - | - | 2025-06-03 06:00:18 | Deep Dive |
| CVE-2024-9645 | Post Grid and Gutenberg Blocks < 2.2.93 - Contributor+ Stored XSS | Unknown | Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry | - | - | 2025-05-15 20:07:22 | Deep Dive |
| CVE-2025-2011 | Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter | averta | Depicter — Popup & Slider Builder | High | 7.5 | 2025-05-06 09:21:49 | Deep Dive |
| CVE-2025-23977 | WordPress Post Carousel Slider plugin <= 2.0.1 - CSRF to Stored XSS vulnerability | Bhaskar Dhote | Post Carousel Slider | High | 7.1 | 2025-01-31 08:23:56 | Deep Dive |
| CVE-2025-24782 | WordPress Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin <= 1.6.10 - Local File Inclusion vulnerability | wpWax | Post Grid, Slider & Carousel Ultimate | Medium | 6.5 | 2025-01-27 14:22:20 | Deep Dive |
| CVE-2024-13408 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 7.5 | 2025-01-24 11:07:33 | Deep Dive |
| CVE-2024-13409 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler() | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 7.5 | 2025-01-24 11:07:31 | Deep Dive |
| CVE-2025-22750 | WordPress Post Carousel & Slider plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | Patel | Post Carousel & Slider | High | 7.1 | 2025-01-15 15:23:29 | Deep Dive |
| CVE-2024-10536 | FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 6.0.0 - Missing Authorization to Authenticated (Subscriber+) Shortcode Export | wpqode | FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor | Medium | 4.3 | 2025-01-07 05:24:09 | Deep Dive |
| CVE-2024-11770 | Post Carousel & Slider <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | tarakpatel18 | Post Carousel & Slider | Medium | 6.4 | 2024-12-14 04:23:42 | Deep Dive |
| CVE-2024-4633 | Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.2.1- Authenticated (Author+) Stored Cross-Site Scripting | averta | Depicter — Popup & Slider Builder | Medium | 6.4 | 2024-12-06 13:45:20 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2024-53749 | WordPress Post Carousel Slider for Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability | Plugin Devs | Post Carousel Slider for Elementor | Medium | 6.5 | 2024-12-01 21:21:51 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |