浏览 53+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-2826 | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-04-04 08:25:20 | Deep Dive |
| CVE-2026-32546 | WordPress Restrict Content plugin <= 3.2.22 - Broken Access Control vulnerability | StellarWP | Restrict Content | 中危 | - | 2026-03-25 16:15:12 | Deep Dive |
| CVE-2026-3079 | LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter | StellarWP | LearnDash LMS | Medium | 6.5 | 2026-03-24 01:25:21 | Deep Dive |
| CVE-2026-4136 | Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect | stellarwp | Membership Plugin – Restrict Content | Medium | 4.3 | 2026-03-20 03:37:03 | Deep Dive |
| CVE-2026-3585 | The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import | stellarwp | The Events Calendar | High | 7.5 | 2026-03-10 03:33:51 | Deep Dive |
| CVE-2026-1321 | Membership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level' | stellarwp | Membership Plugin – Restrict Content | High | 8.1 | 2026-03-05 07:30:56 | Deep Dive |
| CVE-2026-2694 | The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API | stellarwp | The Events Calendar | Medium | 5.4 | 2026-02-25 21:25:02 | Deep Dive |
| CVE-2026-27056 | WordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerability | StellarWP | iThemes Sync | - | - | 2026-02-19 08:20:33 | Deep Dive |
| CVE-2026-2633 | Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-02-18 06:42:43 | Deep Dive |
| CVE-2026-1857 | Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-02-18 06:42:40 | Deep Dive |
| CVE-2026-1304 | Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings | stellarwp | Membership Plugin – Restrict Content | Medium | 4.4 | 2026-02-18 05:29:19 | Deep Dive |
| CVE-2026-2608 | Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 4.3 | 2026-02-17 11:20:37 | Deep Dive |
| CVE-2025-15043 | The Events Calendar <= 6.15.13 - Missing Authorization to Authenticated (Subscriber+) Data Migration Control | stellarwp | The Events Calendar | Medium | 5.4 | 2026-01-20 14:26:33 | Deep Dive |
| CVE-2025-14844 | Membership Plugin – Restrict Content <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure | stellarwp | Membership Plugin – Restrict Content | High | 8.2 | 2026-01-16 09:23:47 | Deep Dive |
| CVE-2025-69352 | WordPress The Events Calendar plugin <= 6.15.12.2 - Broken Access Control vulnerability | StellarWP | The Events Calendar | Medium | 5.4 | 2026-01-06 16:36:41 | Deep Dive |
| CVE-2025-14000 | Membership Plugin – Restrict Content <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes | stellarwp | Membership Plugin – Restrict Content | Medium | 6.4 | 2025-12-23 11:13:49 | Deep Dive |
| CVE-2025-66533 | WordPress GiveWP plugin <= 4.13.1 - Arbitrary Shortocde Execution vulnerability | StellarWP | GiveWP | Medium | 5.3 | 2025-12-09 15:03:54 | Deep Dive |
| CVE-2025-67467 | WordPress GiveWP plugin <= 4.13.1 - Cross Site Request Forgery (CSRF) vulnerability | StellarWP | GiveWP | Medium | 5.4 | 2025-12-09 15:03:54 | Deep Dive |
| CVE-2025-13387 | Kadence WooCommerce Email Designer <= 1.5.17 - Unauthenticated Stored Cross-Site Scripting | stellarwp | Kadence WooCommerce Email Designer | High | 7.2 | 2025-12-02 04:37:14 | Deep Dive |
| CVE-2025-13206 | GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' | stellarwp | GiveWP – Donation Plugin and Fundraising Platform | High | 7.2 | 2025-11-19 07:46:08 | Deep Dive |