浏览 24+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-1280 | Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter | nmedia | Frontend File Manager Plugin | High | 7.5 | 2026-01-28 11:23:41 | Deep Dive |
| CVE-2026-0844 | Simple User Registration <= 6.7 - Authenticated (Subscriber+) Privilege Escalation via profile_save_field | nmedia | Simple User Registration | High | 8.8 | 2026-01-28 11:23:40 | Deep Dive |
| CVE-2025-13382 | Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming | nmedia | Frontend File Manager Plugin | Medium | 4.3 | 2025-11-25 07:28:24 | Deep Dive |
| CVE-2025-13389 | Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information Disclosure | nmedia | Admin and Customer Messages After Order for WooCommerce: OrderConvo | Medium | 5.3 | 2025-11-25 07:28:22 | Deep Dive |
| CVE-2025-13452 | Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages | nmedia | Admin and Customer Messages After Order for WooCommerce: OrderConvo | Medium | 4.3 | 2025-11-25 07:28:20 | Deep Dive |
| CVE-2025-12160 | Simple User Registration <= 6.6 - Unauthenticated Stored Cross-Site Scripting | nmedia | Simple User Registration | High | 7.2 | 2025-11-21 09:27:01 | Deep Dive |
| CVE-2023-7306 | Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion | nmedia | Frontend File Manager Plugin | High | 7.5 | 2025-07-25 08:22:50 | Deep Dive |
| CVE-2025-4334 | Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation | nmedia | Simple User Registration | Critical | 9.8 | 2025-06-26 02:06:35 | Deep Dive |
| CVE-2025-30613 | WordPress Nmedia MailChimp plugin <= 5.4 - Cross Site Scripting (XSS) Vulnerability | N-Media | Nmedia MailChimp | Medium | 6.5 | 2025-04-01 05:31:36 | Deep Dive |
| CVE-2024-13456 | Easy Quiz Maker <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | nmedia | Easy Quiz Maker | Medium | 6.4 | 2025-02-12 09:22:50 | Deep Dive |
| CVE-2024-12826 | GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update | nmedia | GoHero Store Customizer for WooCommerce | Medium | 4.3 | 2025-01-25 07:24:20 | Deep Dive |
| CVE-2024-13355 | Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting | nmedia | Admin and Customer Messages After Order for WooCommerce: OrderConvo | Medium | 5.4 | 2025-01-16 09:39:14 | Deep Dive |
| CVE-2016-15042 | Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload | nmedia | N-Media Post Front-end Form | Critical | 9.8 | 2024-10-16 07:31:50 | Deep Dive |
| CVE-2024-0629 | 2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins | nmedia | 2Checkout Payment Gateway for WooCommerce | Medium | 5.3 | 2024-05-02 16:52:33 | Deep Dive |
| CVE-2024-0829 | Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization | nmedia | Comments Extra Fields For Post,Pages and CPT | Medium | 4.3 | 2024-03-13 15:27:15 | Deep Dive |
| CVE-2024-0830 | Comments Extra Fields For Post,Pages and CPT <= 5.0 - Cross-Site Request Forgery | nmedia | Comments Extra Fields For Post,Pages and CPT | Medium | 4.3 | 2024-03-13 15:27:05 | Deep Dive |
| CVE-2021-4369 | Frontend File Manager <= 18.2 - Unauthenticated Content Injection | nmedia | Frontend File Manager Plugin | Medium | 5.8 | 2023-06-07 01:51:42 | Deep Dive |
| CVE-2021-4368 | Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload | nmedia | Frontend File Manager Plugin | Critical | 9.9 | 2023-06-07 01:51:38 | Deep Dive |
| CVE-2021-4365 | Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting | nmedia | Frontend File Manager Plugin | High | 7.2 | 2023-06-07 01:51:37 | Deep Dive |
| CVE-2021-4359 | Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion | nmedia | Frontend File Manager Plugin | Medium | 6.5 | 2023-06-07 01:51:29 | Deep Dive |