浏览 38+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-25397 | WordPress File Uploader for WooCommerce plugin <= 1.0.4 - Path Traversal vulnerability | Snowray Software | File Uploader for WooCommerce | High | 7.5 | 2026-03-25 16:14:48 | Deep Dive |
| CVE-2025-13329 | File Uploader for WooCommerce <= 1.0.3 - Unauthenticated Arbitrary File Upload via add-image-data | snowray | File Uploader for WooCommerce | Critical | 9.8 | 2025-12-20 03:20:24 | Deep Dive |
| CVE-2025-14045 | URL Media Uploader <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload | apprhyme | URL Media Uploader | Medium | 4.3 | 2025-12-12 03:20:45 | Deep Dive |
| CVE-2025-14344 | Multi Uploader for Gravity Forms <= 1.1.7 - Unauthenticated Arbitrary File Deletion | sh1zen | Multi Uploader for Gravity Forms | Critical | 9.8 | 2025-12-12 03:20:43 | Deep Dive |
| CVE-2025-53283 | WordPress Drop Uploader for CF7 - Drag&Drop File Uploader Addon Plugin <= 2.4.1 - Arbitrary File Upload Vulnerability | borisolhor | Drop Uploader for CF7 - Drag&Drop File Uploader Addon | 中危 | - | 2025-11-06 15:54:04 | Deep Dive |
| CVE-2025-29866 | TAGFREE X‑Free Uploader 安全漏洞 | TAGFREE | X-Free Uploader | - | - | 2025-08-07 05:09:53 | Deep Dive |
| CVE-2025-29865 | TAGFREE X‑Free Uploader 安全漏洞 | TAGFREE | X-Free Uploader | - | - | 2025-08-07 01:30:38 | Deep Dive |
| CVE-2024-7074 | Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution | WSO2 | WSO2 Enterprise Integrator | Medium | 6.8 | 2025-06-02 16:42:19 | Deep Dive |
| CVE-2023-7088 | Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Author+ Stored XSS via SVG | Unknown | Add SVG Support for Media Uploader | inventivo | - | - | 2025-05-15 20:09:22 | Deep Dive |
| CVE-2024-9238 | AVIF & SVG Uploader <= 1.1.0 - Author+ Stored XSS via SVG Uplaod | Unknown | AVIF Uploader | - | - | 2025-05-15 20:07:21 | Deep Dive |
| CVE-2025-1662 | URL Media Uploader <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebinding | apprhyme | URL Media Uploader | Medium | 6.4 | 2025-02-28 08:23:18 | Deep Dive |
| CVE-2025-24574 | WordPress PeproDev WooCommerce Receipt Uploader plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability | Pepro Dev. Group | PeproDev WooCommerce Receipt Uploader | High | 7.1 | 2025-02-03 14:22:47 | Deep Dive |
| CVE-2024-13707 | WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion | filipmedia | WP Image Uploader | High | 8.8 | 2025-01-30 13:42:00 | Deep Dive |
| CVE-2024-13720 | WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion | filipmedia | WP Image Uploader | High | 8.8 | 2025-01-30 13:41:57 | Deep Dive |
| CVE-2024-13706 | WP Image Uploader <= 1.0.1 - Reflected Cross-Site Scripting | filipmedia | WP Image Uploader | Medium | 6.1 | 2025-01-30 11:10:20 | Deep Dive |
| CVE-2025-23921 | WordPress Multi Uploader for Gravity Forms plugin <= 1.1.3 - Arbitrary File Upload vulnerability | sh1zen | Multi Uploader for Gravity Forms | Critical | 9.0 | 2025-01-22 14:29:24 | Deep Dive |
| CVE-2024-8873 | PeproDev WooCommerce Receipt Uploader <= 2.6.9 - Reflected Cross-Site Scripting | peprodev | PeproDev WooCommerce Receipt Uploader | Medium | 6.1 | 2024-11-16 03:20:52 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-9060 | AVIF & SVG Uploader <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | grandplugins | AVIF Uploader | Medium | 6.4 | 2024-10-01 09:30:32 | Deep Dive |
| CVE-2024-42418 | Avtec Outpost Use of Hard-coded Cryptographic Key | Avtec | Outpost 0810 | High | 7.5 | 2024-08-22 19:52:33 | Deep Dive |