浏览 51+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-1651 | Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 6.5 | 2026-03-04 01:22:00 | Deep Dive |
| CVE-2025-68507 | WordPress Icegram plugin <= 3.1.35 - Broken Access Control vulnerability | Icegram | Icegram | Medium | 6.5 | 2026-01-22 16:52:07 | Deep Dive |
| CVE-2025-68038 | WordPress Icegram Express Pro plugin < 5.9.14 - PHP Object Injection vulnerability | Icegram | Icegram Express Pro | High | 7.2 | 2025-12-24 13:10:25 | Deep Dive |
| CVE-2025-12348 | Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 5.3 | 2025-12-12 09:20:29 | Deep Dive |
| CVE-2025-66055 | WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability | Icegram | Email Subscribers & Newsletters | High | 7.2 | 2025-11-21 12:29:54 | Deep Dive |
| CVE-2025-12349 | Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 5.3 | 2025-11-19 04:28:19 | Deep Dive |
| CVE-2025-49917 | WordPress Icegram Express Pro plugin <= 5.9.5 - Server Side Request Forgery (SSRF) vulnerability | Icegram | Icegram Express Pro | Medium | 4.4 | 2025-10-22 14:32:13 | Deep Dive |
| CVE-2025-47527 | WordPress Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.18 - Broken Access Control Vulnerability | Icegram | Icegram Collect | High | 7.1 | 2025-06-09 15:54:10 | Deep Dive |
| CVE-2024-13482 | Icegram Engage < 3.1.32 - Admin+ Stored XSS | Unknown | Icegram Engage | - | - | 2025-05-15 20:07:02 | Deep Dive |
| CVE-2024-13486 | Icegram Engage < 3.1.32 - Admin+ Stored XSS | Unknown | Icegram Engage | - | - | 2025-05-15 20:07:02 | Deep Dive |
| CVE-2025-0671 | Email Subscribers < 5.7.50 - Admin+ Stored XSS in Template | Unknown | Icegram Express | 中危 | - | 2025-04-25 06:00:10 | Deep Dive |
| CVE-2024-11924 | Email Subscribers < 5.7.52 - Admin+ Stored XSS | Unknown | Icegram Express formerly known as Email Subscribers | 低危 | - | 2025-04-17 06:00:08 | Deep Dive |
| CVE-2025-24542 | WordPress Icegram Engage plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability | Icegram | Icegram | Medium | 6.5 | 2025-01-24 17:24:21 | Deep Dive |
| CVE-2024-12568 | Email Subscribers < 5.7.45 - Admin+ Stored XSS | Unknown | Email Subscribers by Icegram Express | 中危 | - | 2025-01-13 06:00:11 | Deep Dive |
| CVE-2024-12567 | Email Subscribers < 5.7.45 - Admin+ Stored XSS | Unknown | Email Subscribers by Icegram Express | 中危 | - | 2025-01-13 06:00:10 | Deep Dive |
| CVE-2024-12566 | Email Subscribers < 5.7.45 - Admin+ Stored XSS | Unknown | Email Subscribers by Icegram Express | 中危 | - | 2025-01-13 06:00:08 | Deep Dive |
| CVE-2024-11636 | Email Subscribers < 5.7.45 - Admin+ Stored XSS | Unknown | Email Subscribers by Icegram Express | 中危 | - | 2025-01-13 06:00:01 | Deep Dive |
| CVE-2024-12311 | Email Subscribers < 5.7.44 - Admin+ SQL Injection | Unknown | Email Subscribers by Icegram Express | 中危 | - | 2025-01-06 06:00:16 | Deep Dive |
| CVE-2024-12302 | Icegram Engage < 3.1.32 - Author+ Stored XSS | Unknown | Icegram Engage | 中危 | - | 2025-01-06 06:00:15 | Deep Dive |
| CVE-2024-39625 | WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Message Duplication Vulnerability | icegram | Icegram | Medium | 5.3 | 2024-11-01 14:17:55 | Deep Dive |