浏览 30+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-1901 | QuestionPro Surveys <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | questionpro | QuestionPro Surveys | Medium | 6.4 | 2026-02-14 06:42:27 | Deep Dive |
| CVE-2025-10694 | User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Information Disclosure | smub | UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds | Medium | 5.3 | 2025-10-25 05:31:23 | Deep Dive |
| CVE-2025-3794 | WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | Medium | 5.4 | 2025-05-09 22:22:13 | Deep Dive |
| CVE-2025-1530 | Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | Medium | 4.3 | 2025-03-15 11:13:29 | Deep Dive |
| CVE-2024-13497 | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.9 - Unauthenticated Stored Cross-Site Scripting | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | High | 7.2 | 2025-03-15 04:22:08 | Deep Dive |
| CVE-2025-28878 | WordPress Awesome Surveys plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability | Will Brubaker | Awesome Surveys | Medium | 5.9 | 2025-03-11 21:00:42 | Deep Dive |
| CVE-2024-12522 | Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | yayforms | Yay! Forms | Medium | 6.4 | 2025-02-19 07:32:08 | Deep Dive |
| CVE-2024-13829 | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | Medium | 5.3 | 2025-02-05 05:22:32 | Deep Dive |
| CVE-2024-13403 | WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | Medium | 6.4 | 2025-02-04 08:21:07 | Deep Dive |
| CVE-2025-22295 | WordPress Tripetto plugin <= 8.0.6 - Cross Site Scripting (XSS) vulnerability | Tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | 中危 | - | 2025-01-09 15:39:33 | Deep Dive |
| CVE-2024-55998 | WordPress Popup Surveys & Polls for WordPress (Mare.io) plugin <= 1.36 - Settings Change vulnerability | Eric Sloan | Popup Surveys & Polls for WordPress (Mare.io) | Medium | 5.4 | 2024-12-16 14:13:37 | Deep Dive |
| CVE-2024-11205 | WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | High | 8.5 | 2024-12-10 04:23:41 | Deep Dive |
| CVE-2024-43338 | WordPress Crowdsignal Polls & Ratings plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerability | Automattic | Crowdsignal Dashboard – Polls, Surveys & more | Medium | 4.3 | 2024-11-19 16:32:36 | Deep Dive |
| CVE-2024-10260 | Tripetto <= 8.0.11 - Unauthentiated Stored Cross-Site Scripting via Form File Upload | tripetto | WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | High | 7.2 | 2024-11-15 05:30:56 | Deep Dive |
| CVE-2024-10593 | WPForms – Easy Form Builder for WordPress <= 1.9.1.6 - Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion | smub | WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | Medium | 4.3 | 2024-11-13 02:33:17 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-7134 | LiquidPoll <= 3.3.78 - Unauthenticated Stored Cross-Site Scripting via form_data Parameter | liquidpoll | LiquidPoll – Polls, Surveys, NPS and Feedback Reviews | High | 7.2 | 2024-08-21 05:30:20 | Deep Dive |
| CVE-2024-5902 | UserFeedback Lite <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Name Parameter | smub | UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds | High | 7.2 | 2024-07-12 21:30:46 | Deep Dive |
| CVE-2024-1812 | Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | High | 7.2 | 2024-04-09 18:59:24 | Deep Dive |
| CVE-2024-31257 | WordPress Formsite plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability | Formsite | Formsite | Embed online forms to collect orders, registrations, leads, and surveys | Medium | 6.5 | 2024-04-07 17:45:57 | Deep Dive |