浏览 38+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-13006 | SurveyFunnel – Survey Plugin for WordPress <= 1.1.5 - Unauthenticated Information Exposure | wpeka-club | SurveyFunnel – Survey Plugin for WordPress | Medium | 5.3 | 2025-12-05 04:29:13 | Deep Dive |
| CVE-2025-12417 | SurveyFunnel – Survey Plugin for WordPress <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpeka-club | SurveyFunnel – Survey Plugin for WordPress | Medium | 6.4 | 2025-12-05 04:29:11 | Deep Dive |
| CVE-2025-3421 | Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Medium | 6.1 | 2025-04-11 12:42:25 | Deep Dive |
| CVE-2025-3439 | Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Critical | 9.8 | 2025-04-11 12:42:24 | Deep Dive |
| CVE-2025-3422 | Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Medium | 5.4 | 2025-04-11 12:42:24 | Deep Dive |
| CVE-2025-1128 | Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Critical | 9.8 | 2025-02-25 06:58:31 | Deep Dive |
| CVE-2024-13596 | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) SQL Injection | pantherius | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress | Medium | 6.5 | 2025-01-30 13:42:07 | Deep Dive |
| CVE-2024-12112 | Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | hassantafreshi | Easy Form Builder by WhiteStudio — Drag & Drop Form Builder | Medium | 6.4 | 2025-01-08 03:18:11 | Deep Dive |
| CVE-2024-11826 | Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | mdmag | Quill Forms | Conversational Multi Step Forms, Surveys & quizzes | Medium | 6.4 | 2025-01-07 11:11:12 | Deep Dive |
| CVE-2024-12528 | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | pantherius | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress | Medium | 6.4 | 2025-01-07 03:21:55 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-1945 | ARForms Form Builder <= 1.6.4 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion | reputeinfosystems | Contact Form, Survey, Quiz & Popup Form Builder – ARForms | High | 7.1 | 2024-05-02 16:51:41 | Deep Dive |
| CVE-2023-6828 | ARForms <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url | reputeinfosystems | Contact Form, Survey, Quiz & Popup Form Builder – ARForms | High | 7.2 | 2024-01-11 08:32:38 | Deep Dive |
| CVE-2023-26524 | WordPress Quiz And Survey Master Plugin <= 8.0.10 is vulnerable to Cross Site Request Forgery (CSRF) | ExpressTech | Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress | Medium | 4.3 | 2023-11-12 23:55:19 | Deep Dive |
| CVE-2023-0292 | Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion | expresstech | Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | Medium | 5.4 | 2023-06-09 05:33:33 | Deep Dive |
| CVE-2023-0291 | Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion | expresstech | Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | High | 7.2 | 2023-06-09 05:33:20 | Deep Dive |
| CVE-2022-46862 | WordPress Quiz And Survey Master Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF) | ExpressTech | Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress | Medium | 4.3 | 2023-02-14 11:26:14 | Deep Dive |
| CVE-2023-23490 | WordPress Plugin The Survey Maker SQL注入漏洞 | - | Survey Maker WordPress Plugin | 高危 | - | 2023-01-20 00:00:00 | Deep Dive |
| CVE-2023-0038 | Survey Maker – Best WordPress Survey Plugin <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting | ays-pro | Survey Maker | High | 7.2 | 2023-01-03 13:58:25 | Deep Dive |
| CVE-2022-4033 | Quiz and Survey Master <= 8.0.4 - Improper Input Validation | expresstech | Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | Medium | 5.3 | 2022-11-29 20:25:27 | Deep Dive |