浏览 51+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-1651 | Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 6.5 | 2026-03-04 01:22:00 | Deep Dive |
| CVE-2025-14339 | weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion | wedevs | weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce | Medium | 6.5 | 2026-02-21 09:28:00 | Deep Dive |
| CVE-2025-12348 | Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 5.3 | 2025-12-12 09:20:29 | Deep Dive |
| CVE-2025-66055 | WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability | Icegram | Email Subscribers & Newsletters | High | 7.2 | 2025-11-21 12:29:54 | Deep Dive |
| CVE-2025-12484 | Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers <= 1.12.19 - Unauthenticated Stored Cross-Site Scripting | smub | Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers | High | 7.2 | 2025-11-19 07:46:07 | Deep Dive |
| CVE-2025-12349 | Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 5.3 | 2025-11-19 04:28:19 | Deep Dive |
| CVE-2025-9490 | Popup Maker <= 1.20.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter | danieliser | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder | Medium | 6.4 | 2025-09-26 05:27:21 | Deep Dive |
| CVE-2025-4205 | Popup Maker <= 1.20.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via popupID Parameter | danieliser | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder | Medium | 6.4 | 2025-06-03 11:22:26 | Deep Dive |
| CVE-2024-11924 | Email Subscribers < 5.7.52 - Admin+ Stored XSS | Unknown | Icegram Express formerly known as Email Subscribers | 低危 | - | 2025-04-17 06:00:08 | Deep Dive |
| CVE-2024-11582 | Subscribe2 – Form, Email Subscribers & Newsletters <= 10.43 - Unauthenticated Stored Cross-Site Scripting via IP Parameter | wedevs | Subscribe2 – Form, Email Subscribers & Newsletters | High | 7.2 | 2025-02-19 03:21:12 | Deep Dive |
| CVE-2024-13316 | Scratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation | akashmalik | Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more | Medium | 5.3 | 2025-02-18 08:21:43 | Deep Dive |
| CVE-2024-12568 | Email Subscribers < 5.7.45 - Admin+ Stored XSS | Unknown | Email Subscribers by Icegram Express | 中危 | - | 2025-01-13 06:00:11 | Deep Dive |
| CVE-2024-12567 | Email Subscribers < 5.7.45 - Admin+ Stored XSS | Unknown | Email Subscribers by Icegram Express | 中危 | - | 2025-01-13 06:00:10 | Deep Dive |
| CVE-2024-12566 | Email Subscribers < 5.7.45 - Admin+ Stored XSS | Unknown | Email Subscribers by Icegram Express | 中危 | - | 2025-01-13 06:00:08 | Deep Dive |
| CVE-2024-11636 | Email Subscribers < 5.7.45 - Admin+ Stored XSS | Unknown | Email Subscribers by Icegram Express | 中危 | - | 2025-01-13 06:00:01 | Deep Dive |
| CVE-2024-12311 | Email Subscribers < 5.7.44 - Admin+ SQL Injection | Unknown | Email Subscribers by Icegram Express | 中危 | - | 2025-01-06 06:00:16 | Deep Dive |
| CVE-2024-12545 | Scratch & Win – Giveaways and Contests <= 2.7.1 - Cross-Site Request Forgery via reset_installation Function | akashmalik | Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more | Medium | 5.4 | 2025-01-04 07:24:24 | Deep Dive |
| CVE-2024-10583 | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder <= 1.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | danieliser | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder | Medium | 5.4 | 2024-12-12 06:46:34 | Deep Dive |
| CVE-2024-11898 | Scratch & Win – Giveaways and Contests <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | akashmalik | Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more | Medium | 6.4 | 2024-12-03 07:34:58 | Deep Dive |
| CVE-2024-50522 | WordPress WeChat Subscribers Lite plugin <= 1.6.6 - Reflected Cross Site Scripting (XSS) vulnerability | redyyu | WeChat Subscribers Lite | High | 7.1 | 2024-11-19 16:32:13 | Deep Dive |