浏览 82+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4330 | Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter | pr-gateway | Blog2Social: Social Media Auto Post & Scheduler | Medium | 4.3 | 2026-04-08 07:43:03 | Deep Dive |
| CVE-2026-34904 | WordPress Simple Social Media Share Buttons plugin <= 6.2.0 - Cross Site Request Forgery (CSRF) vulnerability | Analytify | Simple Social Media Share Buttons | High | 7.5 | 2026-04-07 08:22:26 | Deep Dive |
| CVE-2026-4331 | Blog2Social: Social Media Auto Post & Scheduler <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action | pr-gateway | Blog2Social: Social Media Auto Post & Scheduler | Medium | 4.3 | 2026-03-26 03:37:28 | Deep Dive |
| CVE-2026-4063 | Social Icons Widget & Block <= 4.5.8 - Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation | wpzoom | Social Icons Widget & Block – Social Media Icons & Share Buttons | Medium | 4.3 | 2026-03-13 09:25:01 | Deep Dive |
| CVE-2026-1942 | Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification | pr-gateway | Blog2Social: Social Media Auto Post & Scheduler | Medium | 6.5 | 2026-02-18 10:20:49 | Deep Dive |
| CVE-2025-14943 | Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure | pr-gateway | Blog2Social: Social Media Auto Post & Scheduler | Medium | 4.3 | 2026-01-10 06:32:34 | Deep Dive |
| CVE-2025-12076 | Social Media Auto Publish <= 3.6.5 - Reflected Cross-Site Scripting via PostMessage | f1logic | Social Media Auto Publish | Medium | 6.1 | 2025-12-13 04:31:28 | Deep Dive |
| CVE-2025-13558 | Blog2Social <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing | pr-gateway | Blog2Social: Social Media Auto Post & Scheduler | Medium | 5.4 | 2025-11-25 04:38:00 | Deep Dive |
| CVE-2025-12560 | Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url | pr-gateway | Blog2Social: Social Media Auto Post & Scheduler | Medium | 4.3 | 2025-11-06 05:31:25 | Deep Dive |
| CVE-2025-12563 | Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upload | pr-gateway | Blog2Social: Social Media Auto Post & Scheduler | Medium | 4.3 | 2025-11-06 04:36:22 | Deep Dive |
| CVE-2025-10166 | Social Media Shortcodes <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | tw2113 | Social Media Shortcodes | Medium | 6.4 | 2025-09-17 01:49:14 | Deep Dive |
| CVE-2025-58846 | WordPress WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule Plugin <= 2020.1.0 - Cross Site Request Forgery (CSRF) Vulnerability | Dejan Markovic | WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule | High | 7.1 | 2025-09-05 13:45:33 | Deep Dive |
| CVE-2025-5673 | Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter | pr-gateway | Blog2Social: Social Media Auto Post & Scheduler | Medium | 6.5 | 2025-06-17 01:44:11 | Deep Dive |
| CVE-2025-39498 | WordPress Spotlight - Social Media Feeds (Premium) plugin <= 1.7.1 - Sensitive Data Exposure vulnerability | Spotlight | Spotlight - Social Media Feeds (Premium) | Medium | 5.3 | 2025-05-26 14:05:22 | Deep Dive |
| CVE-2025-4133 | Blog2Social: Social Media Auto Post & Scheduler < 8.4.0 - Contributor+ Stored XSS | Unknown | Blog2Social: Social Media Auto Post & Scheduler | - | - | 2025-05-22 06:00:09 | Deep Dive |
| CVE-2024-10362 | Social Media Share Buttons < 2.9.0 - Admin+ Stored XSS | Unknown | Social Media Share Buttons & Social Sharing Icons | - | - | 2025-05-15 20:06:43 | Deep Dive |
| CVE-2025-39415 | WordPress Social Media Links plugin <= 1.0.3 - CSRF to Stored XSS vulnerability | Jayesh Parejiya | Social Media Links | High | 7.1 | 2025-04-17 15:17:13 | Deep Dive |
| CVE-2024-13610 | Simple Social Media Share Buttons < 6.0.0 - Admin+ Stored XSS | Unknown | Simple Social Media Share Buttons | - | - | 2025-04-15 06:00:10 | Deep Dive |
| CVE-2025-32267 | WordPress WP to Hootsuite plugin <= 1.5.8 - Cross Site Request Forgery (CSRF) vulnerability | wpzinc | Post to Social Media – WordPress to Hootsuite | Medium | 4.3 | 2025-04-04 15:59:42 | Deep Dive |
| CVE-2024-13615 | Social Media Plugin by Social Snap <= 1.3.6 - Admin+ Stored XSS | Unknown | Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap | 低危 | - | 2025-03-11 06:00:10 | Deep Dive |