浏览 199+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-62110 | WordPress Rescue Shortcodes plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability | Rescue Themes | Rescue Shortcodes | Medium | 6.5 | 2026-04-23 11:05:08 | Deep Dive |
| CVE-2026-3885 | WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode | gn_themes | WP Shortcodes Plugin — Shortcodes Ultimate | Medium | 6.4 | 2026-04-16 02:25:17 | Deep Dive |
| CVE-2026-0737 | Shortcodes Ultimate <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode | gn_themes | WP Shortcodes Plugin — Shortcodes Ultimate | Medium | 6.4 | 2026-04-04 07:41:59 | Deep Dive |
| CVE-2026-0738 | Shortcodes Ultimate <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode | gn_themes | WP Shortcodes Plugin — Shortcodes Ultimate | Medium | 6.4 | 2026-04-04 07:41:58 | Deep Dive |
| CVE-2026-2480 | WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute | gn_themes | WP Shortcodes Plugin — Shortcodes Ultimate | Medium | 6.4 | 2026-03-31 22:26:04 | Deep Dive |
| CVE-2026-3617 | Paypal Shortcodes <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' and 'name' Shortcode Attributes | swergroup | Paypal Shortcodes | Medium | 6.4 | 2026-03-21 03:26:59 | Deep Dive |
| CVE-2026-4084 | fyyd podcast shortcodes <= 0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute | cbednarek | fyyd podcast shortcodes | Medium | 6.4 | 2026-03-21 03:26:42 | Deep Dive |
| CVE-2026-22384 | WordPress Applay - Shortcodes plugin <= 3.7 - PHP Object Injection vulnerability | leafcolor | Applay - Shortcodes | Critical | 9.8 | 2026-02-20 15:47:07 | Deep Dive |
| CVE-2026-1809 | HTML Shortcodes <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | jhoylman | HTML Shortcodes | Medium | 6.4 | 2026-02-11 08:26:27 | Deep Dive |
| CVE-2026-1099 | Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes | shazdeh | Administrative Shortcodes | Medium | 6.4 | 2026-01-24 07:26:48 | Deep Dive |
| CVE-2025-14903 | Simple Crypto Shortcodes <= 1.0.2 - Cross-Site Request Forgery to Plugin Settings Update | stefanristic | Simple Crypto Shortcodes | Medium | 4.3 | 2026-01-24 07:26:41 | Deep Dive |
| CVE-2026-1257 | Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute | shazdeh | Administrative Shortcodes | High | 7.5 | 2026-01-24 07:26:40 | Deep Dive |
| CVE-2026-24354 | WordPress Penci Shortcodes & Performance plugin <= 6.1 - Cross Site Scripting (XSS) vulnerability | PenciDesign | Penci Shortcodes & Performance | - | - | 2026-01-22 16:52:43 | Deep Dive |
| CVE-2025-12379 | Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget | averta | Shortcodes and extra features for Phlox theme | Medium | 6.4 | 2026-01-10 13:47:35 | Deep Dive |
| CVE-2025-14114 | 1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute | chrisblackwell | 1180px Shortcodes | Medium | 6.4 | 2026-01-07 09:21:05 | Deep Dive |
| CVE-2025-14147 | Easy GitHub Gist Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute | corsonr | Easy GitHub Gist Shortcodes | Medium | 6.4 | 2026-01-07 09:21:03 | Deep Dive |
| CVE-2025-14144 | Mstoic Shortcodes <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start' Shortcode Attribute | mstoic | Mstoic Shortcodes | Medium | 6.4 | 2026-01-07 09:20:59 | Deep Dive |
| CVE-2025-14113 | Viitor Button Shortcodes <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute | viitorcloudvc | Viitor Button Shortcodes | Medium | 6.4 | 2026-01-07 09:20:58 | Deep Dive |
| CVE-2025-14110 | WP Js List Pages Shortcodes <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute | pichel | WP Js List Pages Shortcodes | Medium | 6.4 | 2026-01-07 09:20:55 | Deep Dive |
| CVE-2025-14109 | AH Shortcodes <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'column' Shortcode Attribute | ahecht | AH Shortcodes | Medium | 6.4 | 2026-01-07 09:20:52 | Deep Dive |