浏览 22+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32537 | WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclusion vulnerability | nK | Visual Portfolio, Photo Gallery & Post Grid | 中危 | - | 2026-03-25 16:15:11 | Deep Dive |
| CVE-2025-6067 | Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 6.4 | 2025-09-06 01:47:27 | Deep Dive |
| CVE-2025-49451 | WordPress Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery plugin <= 1.0.13 - Directory Traversal Vulnerability | yannisraft | Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery | High | 7.5 | 2025-06-17 15:01:42 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2024-11601 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | High | 8.1 | 2024-11-22 05:33:41 | Deep Dive |
| CVE-2024-11104 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | High | 8.1 | 2024-11-22 05:33:40 | Deep Dive |
| CVE-2024-9542 | Sky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor Template | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | Medium | 4.3 | 2024-11-21 11:02:20 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-4363 | Visual Portfolio, Photo Gallery & Post Grid <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter | nko | Visual Portfolio, Photo Gallery & Post Grid | Medium | 6.4 | 2024-05-14 23:31:45 | Deep Dive |
| CVE-2024-3020 | Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection | shapedplugin | Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel | High | 7.2 | 2024-04-10 04:30:22 | Deep Dive |
| CVE-2024-2949 | Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode' | shapedplugin | Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel | Medium | 6.4 | 2024-04-06 06:47:19 | Deep Dive |
| CVE-2024-1214 | Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 4.3 | 2024-03-12 23:33:51 | Deep Dive |
| CVE-2024-1278 | Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 6.4 | 2024-03-12 23:33:51 | Deep Dive |
| CVE-2024-1213 | Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 5.4 | 2024-03-12 23:33:50 | Deep Dive |
| CVE-2023-6883 | Easy Social Feed <= 6.5.2 - Missing Authorization to Settings Modification | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 4.3 | 2024-01-11 06:49:33 | Deep Dive |
| CVE-2023-45752 | WordPress Post Gallery Plugin <= 2.3.12 is vulnerable to Cross Site Request Forgery (CSRF) | 10 Quality | Post Gallery | Medium | 4.3 | 2023-10-16 10:06:58 | Deep Dive |
| CVE-2023-5291 | Blog Filter <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | awordpresslife | Blog Filter Post Filtering | Medium | 6.4 | 2023-10-04 01:52:40 | Deep Dive |
| CVE-2022-4765 | Portfolio for Elementor, Image Gallery & Post Grid | PowerFolio < 2.3.1 - Contributor+ Stored XSS via Shortcode | Unknown | Portfolio for Elementor, Image Gallery & Post Grid | PowerFolio | 中危 | - | 2023-01-30 20:31:51 | Deep Dive |
| CVE-2022-4060 | User Post Gallery <= 2.19 - Unauthenticated RCE | Unknown | User Post Gallery | 超危 | - | 2023-01-16 15:38:05 | Deep Dive |
| CVE-2022-2597 | Visual Portfolio < 2.19.0 - Contributor+ CSS Injection | Unknown | Visual Portfolio, Photo Gallery & Post Grid | 中危 | - | 2022-09-05 12:35:21 | Deep Dive |