浏览 2,017+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6725 | WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute | wpclever | WPC Smart Messages for WooCommerce | Medium | 6.4 | 2026-04-28 04:28:22 | Deep Dive |
| CVE-2026-28040 | WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability | Magepeople inc. | Taxi Booking Manager for WooCommerce | Medium | 6.5 | 2026-04-23 11:00:04 | Deep Dive |
| CVE-2026-4140 | Ni WooCommerce Order Export <= 3.1.6 - Cross-Site Request Forgery to Settings Update via ni_order_export_action AJAX Action | anzia | Ni WooCommerce Order Export | Medium | 4.3 | 2026-04-22 07:45:34 | Deep Dive |
| CVE-2026-3355 | Customer Reviews for WooCommerce <= 5.101.0 - Reflected Cross-Site Scripting via 'crsearch' | ivole | Customer Reviews for WooCommerce | Medium | 6.1 | 2026-04-16 06:44:53 | Deep Dive |
| CVE-2026-5050 | Payment Gateway for Redsys & WooCommerce Lite <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation | jconti | Payment Gateway for Redsys & WooCommerce Lite | High | 7.5 | 2026-04-16 05:29:54 | Deep Dive |
| CVE-2026-6370 | WordPress Mini Ajax Cart for WooCommerce plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability | HashThemes | Mini Ajax Cart for WooCommerce | Medium | 5.9 | 2026-04-15 16:02:15 | Deep Dive |
| CVE-2026-5617 | Login as User <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation via 'oclaup_original_admin' Cookie | royalnavneet | Login as User – Switch User & WooCommerce Login as Customer | High | 8.8 | 2026-04-15 07:45:30 | Deep Dive |
| CVE-2026-2582 | Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution | vendidero | Germanized for WooCommerce | Medium | 6.5 | 2026-04-14 06:43:52 | Deep Dive |
| CVE-2026-4479 | WholeSale Products Dynamic Pricing Management WooCommerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings | wpcodefactory | WholeSale Products Dynamic Pricing Management WooCommerce | Medium | 4.4 | 2026-04-14 03:37:34 | Deep Dive |
| CVE-2026-4059 | ShopLentor <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2026-04-14 03:37:34 | Deep Dive |
| CVE-2026-3830 | Product Filter for WooCommerce by WBW < 3.1.3 - Unauthenticated SQLi | Unknown | Product Filter for WooCommerce by WBW | 中危 | - | 2026-04-13 06:00:13 | Deep Dive |
| CVE-2026-4432 | YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR | Unknown | YITH WooCommerce Wishlist | 中危 | - | 2026-04-10 06:00:16 | Deep Dive |
| CVE-2026-4664 | Customer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter | ivole | Customer Reviews for WooCommerce | Medium | 5.3 | 2026-04-10 01:24:57 | Deep Dive |
| CVE-2026-3574 | Experto Dashboard for WooCommerce <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Navigation Font Size' Setting | uxdexperts | Experto Dashboard for WooCommerce | Medium | 4.4 | 2026-04-09 02:25:06 | Deep Dive |
| CVE-2026-3396 | WCAPF – WooCommerce Ajax Product Filter <= 4.2.3 - Unauthenticated Time-Based SQL Injection | shamimmoeen | WCAPF – Ajax Product Filter for WooCommerce | High | 7.5 | 2026-04-08 11:16:59 | Deep Dive |
| CVE-2026-1672 | BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification | realmag777 | BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net | Medium | 6.5 | 2026-04-08 11:16:59 | Deep Dive |
| CVE-2026-1673 | BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion | realmag777 | BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net | Medium | 4.3 | 2026-04-08 11:16:57 | Deep Dive |
| CVE-2026-39668 | WordPress Book Previewer for Woocommerce plugin <= 1.0.6 - Broken Access Control vulnerability | g5theme | Book Previewer for Woocommerce | - | - | 2026-04-08 08:30:39 | Deep Dive |
| CVE-2026-39671 | WordPress Extra Fees Plugin for WooCommerce plugin <= 4.3.3 - Cross Site Request Forgery (CSRF) vulnerability | Dotstore | Extra Fees Plugin for WooCommerce | - | - | 2026-04-08 08:30:39 | Deep Dive |
| CVE-2026-39662 | WordPress Product Price by Formula for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability | ProWCPlugins | Product Price by Formula for WooCommerce | - | - | 2026-04-08 08:30:37 | Deep Dive |