Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

漏洞数据库 - AI 增强中文 CVE 平台 与情报

浏览 1,149+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。

Clear Filters
Found 1149 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-5488 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token' smubExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) Medium 5.3 2026-04-24 03:27:06 Deep Dive
CVE-2026-5464 ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process smubExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) High 7.2 2026-04-23 08:28:26 Deep Dive
CVE-2026-5721 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import wpdatatableswpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin Medium 4.7 2026-04-20 22:25:27 Deep Dive
CVE-2026-1559 Youzify <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter youzifyYouzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress Medium 6.4 2026-04-18 01:26:05 Deep Dive
CVE-2026-4817 MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters stylemixMasterStudy LMS WordPress Plugin – for Online Courses and Education Medium 6.5 2026-04-17 01:24:37 Deep Dive
CVE-2026-3614 AcyMailing 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation acybaAcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress High 8.8 2026-04-16 05:29:54 Deep Dive
CVE-2026-6227 BackWPup <= 5.6.6 - Authenticated (Administrator+) Local File Inclusion via 'block_name' Parameter wp_mediaBackWPup – WordPress Backup & Restore Plugin High 7.2 2026-04-14 02:25:48 Deep Dive
CVE-2026-4365 LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses Critical 9.1 2026-04-14 01:25:00 Deep Dive
CVE-2026-3498 BlockArt Blocks <= 2.2.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'clientId' Block Attribute wpblockartBlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library Medium 6.4 2026-04-11 01:24:59 Deep Dive
CVE-2026-4305 Royal WordPress Backup & Restore Plugin <= 1.0.16 - Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter wproyalRoyal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites Safely Medium 6.1 2026-04-10 01:25:01 Deep Dive
CVE-2023-54358 WordPress adivaha Travel Plugin 2.3 Reflected XSS via isMobile AdivahaWordPress adivaha Travel Plugin Medium 6.1 2026-04-09 20:54:49 Deep Dive
CVE-2023-54359 WordPress adivaha Travel Plugin 2.3 SQL Injection via pid AdivahaWordPress adivaha Travel Plugin High 8.2 2026-04-09 20:54:49 Deep Dive
CVE-2026-4654 Awesome Support <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' Parameter awesomesupportAwesome Support – WordPress HelpDesk & Support Plugin Medium 5.3 2026-04-08 07:43:03 Deep Dive
CVE-2026-4333 LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses Medium 6.4 2026-04-08 03:36:08 Deep Dive
CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook smubCharitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More Medium 5.3 2026-04-07 07:40:14 Deep Dive
CVE-2026-3225 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses Medium 4.3 2026-03-23 22:25:41 Deep Dive
CVE-2026-1886 Go Night Pro | WordPress Dark Mode Plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'margin' Shortcode Attribute hrs2015Go Night Pro | WordPress Dark Mode Plugin Medium 6.4 2026-03-21 03:26:45 Deep Dive
CVE-2026-3567 RepairBuddy <= 4.1132 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via wc_rep_shop_settings_submission AJAX Action sweetdaisy86RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress Medium 5.3 2026-03-20 23:25:13 Deep Dive
CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id webawaysNEX-Forms – Ultimate Forms Plugin for WordPress High 7.5 2026-03-15 01:19:06 Deep Dive
CVE-2026-1948 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license webawaysNEX-Forms – Ultimate Forms Plugin for WordPress Medium 4.3 2026-03-14 03:24:14 Deep Dive