浏览 160+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5234 | LatePoint <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.3 | 2026-04-17 03:36:45 | Deep Dive |
| CVE-2026-4785 | LatePoint <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.4 | 2026-04-08 03:36:09 | Deep Dive |
| CVE-2026-5465 | Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter | ameliabooking | Booking for Appointments and Events Calendar – Amelia | High | 8.8 | 2026-04-07 06:43:41 | Deep Dive |
| CVE-2026-4668 | Amelia <= 2.1.2 - Authenticated (Manager+) SQL Injection via 'sort' Parameter | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 6.5 | 2026-03-31 23:25:47 | Deep Dive |
| CVE-2026-2231 | Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters | techjewel | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution | High | 7.2 | 2026-03-26 13:26:06 | Deep Dive |
| CVE-2026-2931 | Amelia Booking <= 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change | ameliabooking | Booking for Appointments and Events Calendar – Amelia | High | 8.8 | 2026-03-26 03:37:28 | Deep Dive |
| CVE-2026-32583 | WordPress Modern Events Calendar plugin <= 7.29.0 - Broken Access Control vulnerability | Webnus Inc. | Modern Events Calendar | Medium | 5.3 | 2026-03-16 15:11:29 | Deep Dive |
| CVE-2026-2324 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.1 | 2026-03-11 01:22:04 | Deep Dive |
| CVE-2026-3585 | The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import | stellarwp | The Events Calendar | High | 7.5 | 2026-03-10 03:33:51 | Deep Dive |
| CVE-2026-1487 | LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.5 | 2026-03-03 01:21:51 | Deep Dive |
| CVE-2026-1566 | LatePoint <= 5.2.7 - Authenticated (Agent+) Privilege Escalation | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 8.8 | 2026-03-02 23:22:56 | Deep Dive |
| CVE-2026-2694 | The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API | stellarwp | The Events Calendar | Medium | 5.4 | 2026-02-25 21:25:02 | Deep Dive |
| CVE-2026-1941 | WP Event Aggregator <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | xylus | WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into Event Calendar | Medium | 6.4 | 2026-02-18 08:26:03 | Deep Dive |
| CVE-2026-1655 | EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 4.3 | 2026-02-18 07:25:40 | Deep Dive |
| CVE-2026-1657 | EventPrime <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 5.3 | 2026-02-17 05:29:53 | Deep Dive |
| CVE-2025-14873 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request Forgery | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 4.3 | 2026-02-14 06:42:27 | Deep Dive |
| CVE-2026-1537 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.3 | 2026-02-12 02:23:25 | Deep Dive |
| CVE-2026-1922 | The Events Calendar Shortcode & Block <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | brianhogg | The Events Calendar Shortcode & Block | Medium | 6.4 | 2026-02-10 09:26:06 | Deep Dive |
| CVE-2026-24988 | WordPress The Events Calendar Shortcode & Block plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability | Brian Hogg | The Events Calendar Shortcode & Block | - | - | 2026-02-03 14:08:37 | Deep Dive |
| CVE-2026-0617 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Unauthenticated Stored Cross-Site Scripting | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 7.2 | 2026-02-03 06:38:02 | Deep Dive |