浏览 22+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-13713 | WPExperts Square For GiveWP <= 1.3.1 - Authenticated (Subscriber+) SQL Injection | saadiqbal | WPExperts Square For GiveWP | Medium | 6.5 | 2025-02-21 11:09:34 | Deep Dive |
| CVE-2024-12475 | WP Multi Store Locator <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpexpertsio | WP Multistore Locator — WP Store Locator Plugin: Effortless Integration With Snazzy Maps | Medium | 6.4 | 2025-01-04 11:16:32 | Deep Dive |
| CVE-2024-11201 | myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 6.4 | 2024-12-06 05:26:14 | Deep Dive |
| CVE-2024-10187 | myCred <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_link Shortcode | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 6.4 | 2024-11-08 09:29:34 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-8658 | myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification <= 2.7.3 - Missing Authorization to Unauthenticated Database Upgrade | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 5.3 | 2024-09-25 05:32:10 | Deep Dive |
| CVE-2024-5861 | WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection | saadiqbal | WP Easy Pay – Payment and Donation form Builder for Square | Medium | 5.3 | 2024-07-24 03:17:16 | Deep Dive |
| CVE-2024-1639 | License Manager for WooCommerce <= 3.0.6 - Improper Authorization to Authenticated(Contributor+) Sensitive Information Exposure | saadiqbal | License Manager for WooCommerce | Medium | 6.5 | 2024-06-21 02:05:43 | Deep Dive |
| CVE-2024-5207 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2024-05-30 05:33:15 | Deep Dive |
| CVE-2024-0437 | Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 - Missing Authorization to Sensitive Information Exposure | saadiqbal | Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content | Medium | 4.3 | 2024-05-14 23:31:47 | Deep Dive |
| CVE-2024-27959 | WordPress APIExperts Square for WooCommerce plugin <= 4.2.9 - Cross Site Scripting (XSS) vulnerability | Wpexpertsio | WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management | High | 7.1 | 2024-03-17 16:27:35 | Deep Dive |
| CVE-2024-0656 | Password Protected <= 2.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting | saadiqbal | Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content | Medium | 4.4 | 2024-02-20 18:56:40 | Deep Dive |
| CVE-2023-6875 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Critical | 9.8 | 2024-01-11 08:33:06 | Deep Dive |
| CVE-2023-7027 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2024-01-03 04:29:34 | Deep Dive |
| CVE-2023-6629 | POST SMTP Mailer <= 2.8.6 - Reflected Cross-Site Scripting via msg | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 6.1 | 2024-01-03 04:29:34 | Deep Dive |
| CVE-2023-50902 | WordPress New User Approve Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF) | WPExpertsio | New User Approve | Medium | 4.3 | 2023-12-29 12:28:47 | Deep Dive |
| CVE-2023-49842 | WordPress Rocket Maintenance Mode & Coming Soon Page Plugin <= 4.3 is vulnerable to Cross Site Scripting (XSS) | wpexpertsio | Rocket Maintenance Mode & Coming Soon Page | Medium | 5.9 | 2023-12-14 16:15:42 | Deep Dive |
| CVE-2022-47181 | WordPress Email Templates Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF) | wpexpertsio | Email Templates Customizer and Designer for WordPress and WooCommerce | 高危 | - | 2023-11-07 17:23:38 | Deep Dive |
| CVE-2021-4422 | POST SMTP Mailer <= 2.0.20 - Cross-Site Request Forgery Bypass | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 4.3 | 2023-07-12 06:52:35 | Deep Dive |
| CVE-2023-3082 | Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2023-07-12 04:38:46 | Deep Dive |