浏览 31+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3139 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 4.3 | 2026-03-31 11:18:56 | Deep Dive |
| CVE-2026-27413 | WordPress Profile Builder Pro plugin < 3.14.0 - SQL Injection vulnerability | Cozmoslabs | Profile Builder Pro | Critical | 9.3 | 2026-03-19 05:28:13 | Deep Dive |
| CVE-2025-68514 | WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerability | Cozmoslabs | Paid Member Subscriptions | - | - | 2026-02-20 15:46:39 | Deep Dive |
| CVE-2025-66074 | WordPress WP Webhooks plugin <= 3.3.8 - Arbitrary File Upload vulnerability | Cozmoslabs | WP Webhooks | Critical | 9.0 | 2025-12-18 07:22:18 | Deep Dive |
| CVE-2025-66073 | WordPress WP Webhooks plugin <= 3.3.8 - PHP Object Injection vulnerability | Cozmoslabs | WP Webhooks | High | 7.2 | 2025-11-21 12:29:57 | Deep Dive |
| CVE-2025-13054 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.4 | 2025-11-19 05:45:12 | Deep Dive |
| CVE-2025-58592 | WordPress TranslatePress Plugin <= 2.10.2 - Deserialization of untrusted data Vulnerability | Cozmoslabs | TranslatePress | 中危 | - | 2025-11-06 15:54:21 | Deep Dive |
| CVE-2025-11835 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal | cozmoslabs | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | Medium | 5.3 | 2025-11-05 03:27:58 | Deep Dive |
| CVE-2025-58600 | WordPress Paid Member Subscriptions Plugin <= 2.15.9 - Broken Access Control Vulnerability | Cozmoslabs | Paid Member Subscriptions | Medium | 5.3 | 2025-09-03 14:36:39 | Deep Dive |
| CVE-2025-8895 | WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy | cozmoslabs | WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress | Critical | 9.8 | 2025-08-21 07:26:36 | Deep Dive |
| CVE-2025-54017 | WordPress Paid Member Subscriptions <= 2.15.4 - Local File Inclusion Vulnerability | Cozmoslabs | Paid Member Subscriptions | High | 7.5 | 2025-08-20 08:03:03 | Deep Dive |
| CVE-2025-8896 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.4 | 2025-08-16 06:39:22 | Deep Dive |
| CVE-2025-49870 | WordPress Paid Member Subscriptions plugin <= 2.15.1 - SQL Injection Vulnerability | Cozmoslabs | Paid Member Subscriptions | High | 7.5 | 2025-07-04 11:17:58 | Deep Dive |
| CVE-2025-49292 | WordPress Profile Builder plugin <= 3.13.8 - Content Spoofing Vulnerability | Cozmoslabs | Profile Builder | Medium | 4.3 | 2025-06-06 12:53:45 | Deep Dive |
| CVE-2025-4671 | Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.4 | 2025-06-03 11:22:26 | Deep Dive |
| CVE-2025-2314 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.4 | 2025-04-16 01:45:02 | Deep Dive |
| CVE-2025-31088 | WordPress Paid Member Subscriptions plugin <= 2.14.3 - Cross Site Scripting (XSS) Vulnerability | Cozmoslabs | Paid Member Subscriptions | Medium | 6.5 | 2025-03-28 09:39:55 | Deep Dive |
| CVE-2025-30773 | WordPress TranslatePress plugin <= 2.9.6 - PHP Object Injection Vulnerability | Cozmoslabs | TranslatePress | High | 7.2 | 2025-03-27 10:54:41 | Deep Dive |
| CVE-2024-5639 | User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update | cozmoslabs | User Profile Picture | Medium | 4.3 | 2024-06-21 06:58:18 | Deep Dive |
| CVE-2024-31341 | WordPress User Profile Builder plugin <= 3.11.2 - Bypass Vulnerability vulnerability | Cozmoslabs | Profile Builder | Medium | 5.3 | 2024-05-17 08:19:23 | Deep Dive |