浏览 69+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4432 | YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR | Unknown | YITH WooCommerce Wishlist | 中危 | - | 2026-04-10 06:00:16 | Deep Dive |
| CVE-2026-39588 | WordPress NM Gift Registry and Wishlist Lite plugin <= 5.13 - Broken Access Control vulnerability | nmerii | NM Gift Registry and Wishlist Lite | - | - | 2026-04-08 08:30:21 | Deep Dive |
| CVE-2026-25445 | WordPress WishList Member X plugin <= 3.29.0 - PHP Object Injection vulnerability | Membership Software | WishList Member X | High | 8.8 | 2026-03-19 08:37:54 | Deep Dive |
| CVE-2026-32407 | WordPress WPC Smart Wishlist for WooCommerce plugin <= 5.0.8 - Broken Access Control vulnerability | WPClever | WPC Smart Wishlist for WooCommerce | 中危 | - | 2026-03-13 11:42:14 | Deep Dive |
| CVE-2025-68024 | WordPress Addonify – WooCommerce Wishlist plugin <= 2.0.15 - Settings Change vulnerability | Addonify | Addonify – WooCommerce Wishlist | - | - | 2026-02-20 15:46:36 | Deep Dive |
| CVE-2025-69334 | WordPress Wishlist for WooCommerce plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability | WPFactory | Wishlist for WooCommerce | 中危 | - | 2026-01-06 16:36:38 | Deep Dive |
| CVE-2025-13838 | WishSuite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute | htplugins | WishSuite – Wishlist for WooCommerce | Medium | 6.4 | 2025-12-21 02:20:32 | Deep Dive |
| CVE-2025-67929 | WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Broken Access Control vulnerability | templateinvaders | TI WooCommerce Wishlist | Medium | 5.3 | 2025-12-16 08:12:57 | Deep Dive |
| CVE-2025-9207 | TI WooCommerce Wishlist <= 2.10.0 - Unauthenticated HTML Injection | templateinvaders | TI WooCommerce Wishlist | Medium | 5.3 | 2025-12-13 07:21:04 | Deep Dive |
| CVE-2025-13440 | Premmerce Wishlist for WooCommerce <= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist Deletion | premmerce | Premmerce Wishlist for WooCommerce | Medium | 5.3 | 2025-12-12 03:20:51 | Deep Dive |
| CVE-2025-13157 | QODE Wishlist for WooCommerce <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist Update | qodeinteractive | QODE Wishlist for WooCommerce | Medium | 5.3 | 2025-11-27 06:42:13 | Deep Dive |
| CVE-2025-12040 | Wishlist for WooCommerce <= 1.1.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation | themehunk | Wishlist for WooCommerce | Medium | 6.5 | 2025-11-25 07:28:21 | Deep Dive |
| CVE-2025-12427 | YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename | yithemes | YITH WooCommerce Wishlist | Medium | 5.3 | 2025-11-19 03:29:40 | Deep Dive |
| CVE-2025-12777 | YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion | yithemes | YITH WooCommerce Wishlist | Medium | 5.3 | 2025-11-19 03:29:39 | Deep Dive |
| CVE-2025-12087 | Wishlist and Save for later for Woocommerce <= 1.1.22 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item Deletion | acowebs | Wishlist and Save for later for Woocommerce | Medium | 4.3 | 2025-11-12 04:29:09 | Deep Dive |
| CVE-2025-60191 | WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.10 - Local File Inclusion vulnerability | Premmerce | Premmerce Wishlist for WooCommerce | High | 7.5 | 2025-11-06 15:54:49 | Deep Dive |
| CVE-2025-11742 | WPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure | wpclever | WPC Smart Wishlist for WooCommerce | Medium | 4.3 | 2025-10-18 05:41:57 | Deep Dive |
| CVE-2025-11518 | WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation | wpclever | WPC Smart Wishlist for WooCommerce | Medium | 5.3 | 2025-10-11 08:29:17 | Deep Dive |
| CVE-2025-58247 | WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Broken Access Control vulnerability | templateinvaders | TI WooCommerce Wishlist | Medium | 5.3 | 2025-09-22 18:23:32 | Deep Dive |
| CVE-2025-49319 | WordPress Wishlist for WooCommerce <= 3.2.3 - Broken Access Control Vulnerability | WPFactory | Wishlist for WooCommerce | Medium | 6.5 | 2025-07-16 11:27:59 | Deep Dive |