浏览 86+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-28973 | WordPress Pro Bulk Watermark Plugin for WordPress <= 2.0 - Path Traversal Vulnerability | AA-Team | Pro Bulk Watermark Plugin for WordPress | 中危 | - | 2025-12-31 20:02:11 | Deep Dive |
| CVE-2025-67962 | WordPress Broken Link Checker plugin <= 1.2.6 - SQL Injection vulnerability | AIOSEO Plugin Team | Broken Link Checker | High | 7.6 | 2025-12-16 08:12:58 | Deep Dive |
| CVE-2025-13403 | Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification | emarket-design | Employee Spotlight – Team Member Showcase & Meet the Team Plugin | Medium | 4.3 | 2025-12-13 03:20:24 | Deep Dive |
| CVE-2025-12090 | Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | emarket-design | Employee Spotlight – Team Member Showcase & Meet the Team Plugin | Medium | 6.4 | 2025-11-01 05:40:23 | Deep Dive |
| CVE-2025-8427 | Beaver Builder Plugin (Starter Version) <= 2.9.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'auto_play' | The Beaver Builder Team | Beaver Builder Plugin (Starter Version) | Medium | 6.4 | 2025-10-23 12:32:32 | Deep Dive |
| CVE-2025-4956 | WordPress Pro Bulk Watermark Plugin for WordPress Theme <= 2.0 - Path Traversal Vulnerability | AA-Team | Pro Bulk Watermark Plugin for WordPress | Medium | 4.3 | 2025-08-30 01:49:20 | Deep Dive |
| CVE-2025-53243 | WordPress Employee Directory – Staff Listing & Team Directory plugin for WordPress plugin <= 4.5.5 - PHP Object Injection vulnerability | emarket-design | Employee Directory – Staff Listing & Team Directory Plugin for WordPress | High | 8.1 | 2025-08-28 12:37:23 | Deep Dive |
| CVE-2025-8295 | Employee Directory <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter | emarket-design | Employee Directory – Staff & Team Directory | Medium | 6.4 | 2025-08-05 07:24:16 | Deep Dive |
| CVE-2025-4102 | Beaver Builder Plugin (Starter Version) <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload | The Beaver Builder Team | Beaver Builder Plugin (Starter Version) | High | 7.2 | 2025-06-20 11:16:40 | Deep Dive |
| CVE-2025-5531 | Staff Directory – Employee Directory for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | emarket-design | Employee Directory – Staff & Team Directory | Medium | 6.4 | 2025-06-04 03:40:58 | Deep Dive |
| CVE-2025-3521 | Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpspeedo | Team Members Showcase | Medium | 6.4 | 2025-05-01 06:40:16 | Deep Dive |
| CVE-2025-2541 | WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.4 | 2025-04-11 11:11:56 | Deep Dive |
| CVE-2025-3100 | WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.4 | 2025-04-09 04:21:20 | Deep Dive |
| CVE-2024-13439 | Team – Team Members Showcase Plugin <= 4.4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Update | techlabpro1 | Team – Team Members Showcase Plugin | Medium | 4.3 | 2025-02-15 11:26:48 | Deep Dive |
| CVE-2024-13500 | WP Project Manager <= 2.6.17 - Authenticated (Subscriber+) SQL Injection via orderby Parameter | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2025-02-15 11:26:48 | Deep Dive |
| CVE-2024-13752 | WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2025-02-15 09:24:24 | Deep Dive |
| CVE-2024-12195 | WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2025-01-04 11:24:20 | Deep Dive |
| CVE-2024-10548 | WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2024-12-19 01:45:14 | Deep Dive |
| CVE-2024-10520 | WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 5.3 | 2024-11-20 11:33:11 | Deep Dive |
| CVE-2024-10174 | WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | High | 7.3 | 2024-11-13 03:20:08 | Deep Dive |