浏览 60+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39694 | WordPress Simply Schedule Appointments plugin <= 1.6.10.2 - Broken Access Control vulnerability | NSquared | Simply Schedule Appointments | - | - | 2026-04-08 08:30:46 | Deep Dive |
| CVE-2026-39495 | WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability | NSquared | Simply Schedule Appointments | - | - | 2026-04-08 08:30:12 | Deep Dive |
| CVE-2026-3658 | Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-19 11:15:31 | Deep Dive |
| CVE-2026-3045 | Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-13 07:23:39 | Deep Dive |
| CVE-2026-1704 | Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 4.3 | 2026-03-13 07:23:39 | Deep Dive |
| CVE-2026-1708 | Appointment Booking Calendar <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-03-11 07:36:25 | Deep Dive |
| CVE-2025-69315 | WordPress Simply Schedule Appointments plugin <= 1.6.9.15 - Broken Access Control vulnerability | NSquared | Simply Schedule Appointments | - | - | 2026-01-22 16:52:32 | Deep Dive |
| CVE-2025-12166 | Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-01-14 22:23:51 | Deep Dive |
| CVE-2025-14718 | Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow Manipulation | publishpress | Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories | Medium | 5.4 | 2026-01-09 06:34:55 | Deep Dive |
| CVE-2025-11723 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.5 | 2026-01-06 03:21:39 | Deep Dive |
| CVE-2025-13754 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 5.3 | 2025-12-19 06:48:22 | Deep Dive |
| CVE-2025-13741 | Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) Authors' Emails Exposure | publishpress | Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories | Medium | 4.3 | 2025-12-16 11:15:45 | Deep Dive |
| CVE-2025-12954 | Timetable and Event Schedule by MotoPress < 2.4.16 - Contributor+ Event Disclosure via IDOR | Unknown | Timetable and Event Schedule by MotoPress | - | - | 2025-12-03 06:00:06 | Deep Dive |
| CVE-2025-13149 | Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.1 - Authenticated (Author+) Missing Authorization to Post/Page Status Modification | publishpress | Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories | Medium | 4.3 | 2025-11-21 08:28:13 | Deep Dive |
| CVE-2025-9852 | Yoga Schedule Momoyoga <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | momostefan | Yoga Schedule Momoyoga | Medium | 6.4 | 2025-09-30 03:35:27 | Deep Dive |
| CVE-2025-58846 | WordPress WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule Plugin <= 2020.1.0 - Cross Site Request Forgery (CSRF) Vulnerability | Dejan Markovic | WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule | High | 7.1 | 2025-09-05 13:45:33 | Deep Dive |
| CVE-2025-4667 | Simply Schedule Appointments <= 1.6.8.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 6.4 | 2025-06-14 09:23:34 | Deep Dive |
| CVE-2024-0249 | Advanced Schedule Posts <= 2.1.8 - Reflected XSS | Unknown | Advanced Schedule Posts | - | - | 2025-05-15 20:09:29 | Deep Dive |
| CVE-2025-22523 | WordPress Schedule Plugin <= 1.0.0 - SQL Injection vulnerability | scheduler | Schedule | Critical | 9.3 | 2025-03-28 15:12:26 | Deep Dive |
| CVE-2025-1119 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.3 | 2025-03-13 06:56:57 | Deep Dive |