浏览 32+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4659 | Unlimited Elements For Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal | unitecms | Unlimited Elements For Elementor | High | 7.5 | 2026-04-17 06:44:50 | Deep Dive |
| CVE-2026-2724 | Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields | unitecms | Unlimited Elements For Elementor | High | 7.2 | 2026-03-10 09:58:58 | Deep Dive |
| CVE-2025-14274 | Unlimited Elements for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Border Hero Widget | unitecms | Unlimited Elements For Elementor | Medium | 5.4 | 2026-02-03 05:30:14 | Deep Dive |
| CVE-2025-13692 | Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload | unitecms | Unlimited Elements for Elementor (Premium) | High | 7.2 | 2025-11-27 13:53:13 | Deep Dive |
| CVE-2025-8603 | Unlimited Elements For Elementor <= 1.5.148 - Authenticated (Contributor+) Stored Cross-Site Scripting | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2025-08-28 03:42:44 | Deep Dive |
| CVE-2025-1663 | Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2025-04-03 07:21:23 | Deep Dive |
| CVE-2024-13155 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.140 - Authenticated (Contributor+) Stored Cross-Site Scripting via Transparent Split Hero Widget | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2025-02-20 07:33:37 | Deep Dive |
| CVE-2024-13153 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2025-01-09 08:24:24 | Deep Dive |
| CVE-2024-10784 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.126 - Authenticated (Contributor+) Stored Cross-Site Scripting | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2024-12-12 06:46:32 | Deep Dive |
| CVE-2024-49271 | WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.121 - Remote Code Execution (RCE) vulnerability | Unlimited Elements | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Critical | 9.1 | 2024-10-16 12:55:41 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-45454 | WordPress Unlimited Elements for Elementor plugin <= 1.5.121 - Reflected Cross Site Scripting (XSS) vulnerability | Unlimited Elements | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | High | 7.1 | 2024-10-06 11:47:25 | Deep Dive |
| CVE-2024-6169 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username' | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2024-07-09 04:32:56 | Deep Dive |
| CVE-2024-6170 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email' | unitecms | Unlimited Elements For Elementor | Medium | 6.4 | 2024-07-09 04:32:56 | Deep Dive |
| CVE-2024-6166 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection | unitecms | Unlimited Elements For Elementor | High | 8.8 | 2024-07-09 04:32:54 | Deep Dive |
| CVE-2024-6171 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam Bypass | unitecms | Unlimited Elements For Elementor | Medium | 5.3 | 2024-07-09 04:32:53 | Deep Dive |
| CVE-2023-31080 | WordPress Unlimited Elements For Elementor plugin <= 1.5.65 - Multiple Broken Access Control vulnerability | Unlimited Elements | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | High | 8.3 | 2024-06-09 09:27:47 | Deep Dive |
| CVE-2024-5329 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter | unitecms | Unlimited Elements For Elementor | High | 8.8 | 2024-06-06 09:34:02 | Deep Dive |
| CVE-2024-35674 | WordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Broken Access Control vulnerability | Unlimited Elements | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Medium | 4.3 | 2024-06-05 16:19:34 | Deep Dive |
| CVE-2023-33930 | WordPress Unlimited Elements For Elementor plugin <= 1.5.66 - Unrestricted Zip Extraction vulnerability | Unlimited Elements | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | Critical | 9.1 | 2024-06-04 07:08:04 | Deep Dive |