浏览 32+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39644 | WordPress Wp Ultimate Review plugin <= 2.3.8 - Broken Access Control vulnerability | Roxnor | Wp Ultimate Review | - | - | 2026-04-08 08:30:33 | Deep Dive |
| CVE-2026-2600 | ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget | roxnor | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | Medium | 6.4 | 2026-04-04 07:41:58 | Deep Dive |
| CVE-2026-3474 | EmailKit <= 1.6.3 - Authenticated (Administrator+) Path Traversal via 'emailkit-editor-template' REST API Parameter | roxnor | EmailKit – Email Customizer for WooCommerce & WP | Medium | 4.9 | 2026-03-20 23:25:14 | Deep Dive |
| CVE-2026-2879 | GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion | roxnor | GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools | Medium | 5.4 | 2026-03-13 08:25:17 | Deep Dive |
| CVE-2026-2257 | GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Stored Cross-Site Scripting via REST API | roxnor | GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools | Medium | 6.4 | 2026-03-13 08:25:16 | Deep Dive |
| CVE-2026-23693 | ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint | Roxnor | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | Critical | 10.0 | 2026-02-23 20:33:55 | Deep Dive |
| CVE-2026-1925 | EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification | roxnor | EmailKit – Email Customizer for WooCommerce & WP | Medium | 4.3 | 2026-02-18 04:35:47 | Deep Dive |
| CVE-2025-14895 | PopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion | roxnor | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | Medium | 5.4 | 2026-02-10 09:26:06 | Deep Dive |
| CVE-2025-13192 | Popup builder with Gamification <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints | roxnor | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | High | 8.2 | 2026-02-04 23:22:57 | Deep Dive |
| CVE-2026-0633 | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value | roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor | Low | 3.7 | 2026-01-24 08:26:36 | Deep Dive |
| CVE-2026-24356 | WordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerability | Roxnor | GetGenie | Medium | 4.9 | 2026-01-22 16:52:44 | Deep Dive |
| CVE-2026-1003 | GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools <= 4.3.0 - Missing Authorization to Authenticated (Author+) Arbitrary Post Deletion | roxnor | GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools | Medium | 4.3 | 2026-01-16 07:23:09 | Deep Dive |
| CVE-2025-14059 | EmailKit <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path Traversal | roxnor | EmailKit – Email Customizer for WooCommerce & WP | Medium | 6.5 | 2026-01-07 03:21:04 | Deep Dive |
| CVE-2025-14441 | Popupkit <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Subscriber Data Deletion | roxnor | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | Medium | 4.3 | 2026-01-06 04:31:56 | Deep Dive |
| CVE-2025-69026 | WordPress PopupKit plugin <= 2.1.5 - Sensitive Data Exposure vulnerability | Roxnor | PopupKit | Medium | 4.3 | 2025-12-30 10:47:56 | Deep Dive |
| CVE-2025-14314 | WordPress PopupKit plugin <= 2.1.5 - SQL Injection vulnerability | Roxnor | PopupKit | High | 8.5 | 2025-12-18 07:21:41 | Deep Dive |
| CVE-2025-63057 | WordPress Wp Ultimate Review plugin <= 2.3.7 - Cross Site Scripting (XSS) vulnerability | Roxnor | Wp Ultimate Review | Medium | 6.5 | 2025-12-09 14:52:33 | Deep Dive |
| CVE-2025-13620 | Wp Social Login and Register Social Counter <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter Tampering | roxnor | Wp Social Login and Register Social Counter | Medium | 5.3 | 2025-12-05 10:57:56 | Deep Dive |
| CVE-2025-12358 | ShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation | roxnor | ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution | Medium | 4.3 | 2025-12-03 12:29:56 | Deep Dive |
| CVE-2025-11888 | ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update | roxnor | ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution | Low | 2.7 | 2025-10-25 05:31:22 | Deep Dive |