浏览 70+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5428 | Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2026-04-24 05:29:39 | Deep Dive |
| CVE-2026-5162 | Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2026-04-17 01:24:37 | Deep Dive |
| CVE-2026-40763 | WordPress Royal Elementor Addons plugin <= 1.7.1056 - Broken Access Control vulnerability | WP Royal | Royal Elementor Addons | 中危 | - | 2026-04-15 10:21:35 | Deep Dive |
| CVE-2026-0664 | Royal Elementor Addons <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2026-04-04 07:41:58 | Deep Dive |
| CVE-2026-2373 | Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 5.3 | 2026-03-17 03:36:25 | Deep Dive |
| CVE-2025-13067 | Royal Addons for Elementor <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | High | 8.8 | 2026-03-11 04:25:47 | Deep Dive |
| CVE-2026-28135 | WordPress Royal Elementor Addons plugin <= 1.7.1052 - Other vulnerability Type vulnerability | WP Royal | Royal Elementor Addons | 中危 | - | 2026-03-05 05:54:32 | Deep Dive |
| CVE-2025-11363 | Royal Elementor Addons and Templates < 1.7.1037 - Unauthenticated Media File Upload | Unknown | Royal Addons for Elementor | - | - | 2025-12-15 06:00:03 | Deep Dive |
| CVE-2025-5092 | Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library | lightgalleryteam | LightGallery WP | Medium | 6.4 | 2025-11-20 06:38:42 | Deep Dive |
| CVE-2025-6251 | Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2025-11-19 03:29:40 | Deep Dive |
| CVE-2025-5338 | Royal Elementor Addons <= 1.7.1028 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2025-06-26 09:22:03 | Deep Dive |
| CVE-2025-3813 | Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2025-05-31 07:22:12 | Deep Dive |
| CVE-2025-39361 | WordPress Royal Elementor Addons plugin <= 1.7.1017 - Cross Site Scripting (XSS) vulnerability | WP Royal | Royal Elementor Addons | Medium | 6.5 | 2025-05-07 09:03:06 | Deep Dive |
| CVE-2024-12120 | Royal Elementor Addons and Templates <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 5.4 | 2025-05-07 07:21:41 | Deep Dive |
| CVE-2025-39543 | WordPress Royal Elementor Addons plugin <= 1.3.977 - Cross Site Scripting (XSS) vulnerability | WP Royal | Royal Elementor Addons | Medium | 6.5 | 2025-04-16 12:44:41 | Deep Dive |
| CVE-2025-26990 | WordPress Royal Elementor Addons plugin <= 1.7.1006 - Server Side Request Forgery (SSRF) vulnerability | WP Royal | Royal Elementor Addons | Medium | 4.4 | 2025-04-15 11:59:07 | Deep Dive |
| CVE-2025-1456 | Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2025-04-12 08:22:41 | Deep Dive |
| CVE-2025-1455 | Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2025-04-12 08:22:40 | Deep Dive |
| CVE-2025-1441 | Royal Elementor Addons and Templates <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.1 | 2025-02-19 04:21:29 | Deep Dive |
| CVE-2025-0393 | Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Reflected Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.1 | 2025-01-14 08:23:14 | Deep Dive |