浏览 25+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4001 | Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula | acowebs | Woocommerce Custom Product Addons Pro | Critical | 9.8 | 2026-03-23 23:25:49 | Deep Dive |
| CVE-2026-32457 | WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.18 - Broken Access Control vulnerability | Wombat Plugins | Advanced Product Fields (Product Addons) for WooCommerce | 中危 | - | 2026-03-13 11:42:23 | Deep Dive |
| CVE-2026-2296 | Product Addons for Woocommerce – Product Options with Custom Fields <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter | acowebs | Product Addons for Woocommerce – Product Options with Custom Fields | High | 7.2 | 2026-02-18 06:42:43 | Deep Dive |
| CVE-2025-13924 | Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and Publication | maartenbelmans | Advanced Product Fields (Product Addons) for WooCommerce | Medium | 4.3 | 2025-12-09 17:23:32 | Deep Dive |
| CVE-2025-11691 | PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated SQL Injection | themeisle | PPOM – Product Addons & Custom Fields for WooCommerce | High | 7.5 | 2025-10-18 06:42:49 | Deep Dive |
| CVE-2025-11391 | PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload | themeisle | PPOM – Product Addons & Custom Fields for WooCommerce | Critical | 9.8 | 2025-10-18 06:42:48 | Deep Dive |
| CVE-2025-58786 | WordPress Ibtana – Ecommerce Product Addons plugin <= 0.4.7.6 - Cross Site Scripting (XSS) vulnerability | VW THEMES | Ibtana – Ecommerce Product Addons | Medium | 6.5 | 2025-09-05 13:44:56 | Deep Dive |
| CVE-2024-8030 | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object Injection | bdthemes | Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor | Critical | 9.8 | 2024-08-28 02:05:47 | Deep Dive |
| CVE-2024-5335 | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 1.6.4 - Unauthenticated PHP Object Injection | bdthemes | Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor | Critical | 9.8 | 2024-08-21 08:29:15 | Deep Dive |
| CVE-2024-3962 | Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file | themeisle | PPOM – Product Addons & Custom Fields for WooCommerce | Critical | 9.8 | 2024-04-26 08:29:20 | Deep Dive |
| CVE-2023-2256 | Product Addons & Fields for WooCommerce < 32.0.7 - Reflected Cross-Site Scripting | Unknown | Product Addons & Fields for WooCommerce | 中危 | - | 2023-05-30 07:49:09 | Deep Dive |
| CVE-2023-1839 | Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting | Unknown | Product Addons & Fields for WooCommerce | 中危 | - | 2023-05-15 12:15:46 | Deep Dive |
| CVE-2022-4707 | Royal Elementor Addons <= 1.3.59 - Cross-Site Request Forgery to Menu Template creation | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 4.3 | 2023-01-10 16:55:52 | Deep Dive |
| CVE-2022-4701 | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Activation | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 4.3 | 2023-01-10 16:55:47 | Deep Dive |
| CVE-2022-4703 | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Import Deletion | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 4.3 | 2023-01-10 16:55:43 | Deep Dive |
| CVE-2022-4705 | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Activation | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 4.3 | 2023-01-10 16:55:39 | Deep Dive |
| CVE-2022-4704 | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Import | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 5.4 | 2023-01-10 16:55:34 | Deep Dive |
| CVE-2022-4710 | Royal Elementor Addons <= 1.3.59 - Reflected Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.1 | 2023-01-10 16:55:30 | Deep Dive |
| CVE-2022-4708 | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Conditions Modification | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 4.3 | 2023-01-10 16:55:21 | Deep Dive |
| CVE-2022-4711 | Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 4.3 | 2023-01-10 16:55:15 | Deep Dive |