浏览 82+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40745 | WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability | bdthemes | Element Pack Elementor Addons | 中危 | - | 2026-04-15 10:21:35 | Deep Dive |
| CVE-2026-4655 | Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2026-04-08 07:43:01 | Deep Dive |
| CVE-2026-4341 | Prime Slider <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2026-04-08 03:36:09 | Deep Dive |
| CVE-2026-24362 | WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability | bdthemes | Ultimate Post Kit | Medium | 6.4 | 2026-03-25 16:14:31 | Deep Dive |
| CVE-2026-1793 | Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.5 | 2026-02-15 03:24:34 | Deep Dive |
| CVE-2025-31413 | WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability | bdthemes | Element Pack Elementor Addons | Medium | 4.3 | 2026-01-22 16:51:39 | Deep Dive |
| CVE-2026-0808 | Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter | bdthemes | Spin Wheel – Interactive spinning wheel that offers coupons | Medium | 5.3 | 2026-01-17 06:42:21 | Deep Dive |
| CVE-2025-69336 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.9.4 - Broken Access Control vulnerability | bdthemes | Ultimate Store Kit Elementor Addons | 中危 | - | 2026-01-06 16:36:39 | Deep Dive |
| CVE-2025-68500 | WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability | bdthemes | Prime Slider – Addons For Elementor | Medium | 4.9 | 2025-12-24 12:31:20 | Deep Dive |
| CVE-2025-14277 | Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery | bdthemes | Prime Slider – Addons for Elementor | Medium | 4.3 | 2025-12-18 12:22:26 | Deep Dive |
| CVE-2025-13196 | Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 5.4 | 2025-11-18 09:27:36 | Deep Dive |
| CVE-2025-12134 | ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable | bdthemes | ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns | Medium | 5.3 | 2025-10-24 09:23:31 | Deep Dive |
| CVE-2025-49903 | WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability | bdthemes | ZoloBlocks | Medium | 5.3 | 2025-10-22 14:32:10 | Deep Dive |
| CVE-2025-11536 | Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 5.0 | 2025-10-20 21:23:48 | Deep Dive |
| CVE-2025-9075 | ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns | Medium | 6.4 | 2025-10-01 03:25:24 | Deep Dive |
| CVE-2025-60161 | WordPress ZoloBlocks Plugin <= 2.3.11 - Server Side Request Forgery (SSRF) Vulnerability | bdthemes | ZoloBlocks | Medium | 5.4 | 2025-09-26 08:31:59 | Deep Dive |
| CVE-2025-58017 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.8.6 - Cross Site Scripting (XSS) vulnerability | bdthemes | Ultimate Store Kit Elementor Addons | Medium | 6.5 | 2025-09-22 18:24:04 | Deep Dive |
| CVE-2025-58230 | WordPress ZoloBlocks plugin <= 2.3.12 - Cross Site Scripting (XSS) vulnerability | bdthemes | ZoloBlocks | Medium | 6.5 | 2025-09-22 18:23:43 | Deep Dive |
| CVE-2025-53210 | WordPress ZoloBlocks Plugin <= 2.3.2 - Local File Inclusion Vulnerability | bdthemes | ZoloBlocks | High | 7.5 | 2025-08-20 08:03:18 | Deep Dive |
| CVE-2025-8100 | Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 5.4 | 2025-08-06 03:40:59 | Deep Dive |