浏览 36+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39571 | WordPress Instantio plugin <= 3.3.30 - Sensitive Data Exposure vulnerability | Themefic | Instantio | - | - | 2026-04-08 08:30:20 | Deep Dive |
| CVE-2026-39543 | WordPress Tourfic plugin <= 2.21.4 - Broken Access Control vulnerability | Themefic | Tourfic | - | - | 2026-04-08 08:30:18 | Deep Dive |
| CVE-2026-39541 | WordPress Hydra Booking plugin <= 1.1.38 - Cross Site Scripting (XSS) vulnerability | Themefic | Hydra Booking | - | - | 2026-04-08 08:30:17 | Deep Dive |
| CVE-2026-32460 | WordPress Ultimate Addons for Contact Form 7 plugin <= 3.5.36 - Cross Site Scripting (XSS) vulnerability | Themefic | Ultimate Addons for Contact Form 7 | 中危 | - | 2026-03-13 11:42:23 | Deep Dive |
| CVE-2026-24945 | WordPress Ultimate Addons for Contact Form 7 plugin <= 3.5.34 - Broken Access Control vulnerability | Themefic | Ultimate Addons for Contact Form 7 | - | - | 2026-02-03 14:08:33 | Deep Dive |
| CVE-2026-24940 | WordPress Travelfic Toolkit plugin <= 1.3.3 - Broken Access Control vulnerability | Themefic | Travelfic Toolkit | - | - | 2026-02-03 14:08:33 | Deep Dive |
| CVE-2025-68027 | WordPress Hydra Booking plugin <= 1.1.32 - Privilege Escalation vulnerability | Themefic | Hydra Booking | - | - | 2026-01-22 16:52:05 | Deep Dive |
| CVE-2025-68055 | WordPress Hydra Booking plugin <= 1.1.32 - SQL Injection vulnerability | Themefic | Hydra Booking | High | 8.5 | 2025-12-16 08:13:00 | Deep Dive |
| CVE-2025-14356 | Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF | themefic | Ultra Addons for Contact Form 7 | Medium | 4.3 | 2025-12-12 06:32:58 | Deep Dive |
| CVE-2025-12788 | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Missing Payment Verification to Unauthenticated Payment Bypass | themefic | Hydra Booking — Appointment Scheduling & Booking Calendar | Medium | 5.3 | 2025-11-11 11:03:46 | Deep Dive |
| CVE-2025-12787 | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation | themefic | Hydra Booking — Appointment Scheduling & Booking Calendar | Medium | 5.3 | 2025-11-11 11:03:45 | Deep Dive |
| CVE-2025-49377 | WordPress Hydra Booking plugin <= 1.1.9 - Broken Access Control vulnerability | Themefic | Hydra Booking | Medium | 6.3 | 2025-10-22 14:32:09 | Deep Dive |
| CVE-2025-49378 | WordPress Hydra Booking plugin <= 1.1.10 - SQL Injection vulnerability | Themefic | Hydra Booking | High | 8.5 | 2025-10-22 14:32:09 | Deep Dive |
| CVE-2024-8860 | Tourfic <= 2.14.5 - Missing Authorization in Multiple Functions | themefic | Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin | Medium | 4.3 | 2025-08-26 07:06:04 | Deep Dive |
| CVE-2025-7689 | Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback Function | themefic | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings | High | 8.8 | 2025-07-29 09:23:46 | Deep Dive |
| CVE-2025-6756 | Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode | themefic | Ultra Addons for Contact Form 7 | Medium | 6.4 | 2025-07-01 09:25:05 | Deep Dive |
| CVE-2025-6212 | Ultra Addons for Contact Form 7 3.5.11 - 3.5.19 - Unauthenticated Stored Cross-Site Scripting via Database module | themefic | Ultra Addons for Contact Form 7 | High | 7.2 | 2025-06-26 09:22:03 | Deep Dive |
| CVE-2025-6220 | Ultimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options' | themefic | Ultra Addons for Contact Form 7 | High | 7.2 | 2025-06-18 11:16:31 | Deep Dive |
| CVE-2025-49323 | WordPress Hydra Booking plugin <= 1.1.10 - SQL Injection Vulnerability | Themefic | Hydra Booking | High | 8.5 | 2025-06-06 12:53:55 | Deep Dive |
| CVE-2025-47549 | WordPress BEAF plugin <= 4.6.10 - Arbitrary File Upload Vulnerability | Themefic | BEAF | Critical | 9.1 | 2025-05-07 14:20:20 | Deep Dive |