浏览 66+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-11762 | HubSpot All-In-One Marketing - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure | hubspotdev | HubSpot All-In-One Marketing – Forms, Popups, Live Chat | Medium | 4.3 | 2026-04-24 07:45:07 | Deep Dive |
| CVE-2026-2263 | Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation | wpmudev | Hustle – Email Marketing, Lead Generation, Optins, Popups | Medium | 5.3 | 2026-04-07 23:25:27 | Deep Dive |
| CVE-2026-4302 | WowOptin: Next-Gen Popup Maker <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API | wpxpo | WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation | High | 7.2 | 2026-03-21 01:24:38 | Deep Dive |
| CVE-2026-1720 | WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation | wpxpo | WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation | High | 8.8 | 2026-03-05 13:24:01 | Deep Dive |
| CVE-2025-13079 | Popup Builder - Create highly converting, mobile friendly marketing popups. <= 4.4.2 - Improper Authorization to Unauthenticated Subscriber Removal via Predictable Tokens | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | Medium | 5.3 | 2026-02-19 03:25:15 | Deep Dive |
| CVE-2025-12122 | Popup Box – Easily Create WordPress Popups <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpcalc | Popup Box – Easily Create WordPress Popups | Medium | 6.4 | 2026-02-18 05:29:18 | Deep Dive |
| CVE-2025-14895 | PopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion | roxnor | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | Medium | 5.4 | 2026-02-10 09:26:06 | Deep Dive |
| CVE-2025-13192 | Popup builder with Gamification <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints | roxnor | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | High | 8.2 | 2026-02-04 23:22:57 | Deep Dive |
| CVE-2026-25016 | WordPress Nelio Popups plugin <= 1.3.5 - Broken Access Control vulnerability | Nelio Software | Nelio Popups | Medium | 4.3 | 2026-02-03 14:08:39 | Deep Dive |
| CVE-2026-1165 | Popup Box <= 6.1.1 - Cross-Site Request Forgery to Popup Status Change | ays-pro | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups | Medium | 4.3 | 2026-01-31 14:22:29 | Deep Dive |
| CVE-2026-0911 | Hustle <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upoload via Module Import | wpmudev | Hustle – Email Marketing, Lead Generation, Optins, Popups | High | 7.5 | 2026-01-24 12:27:15 | Deep Dive |
| CVE-2026-24616 | WordPress WP Popups plugin <= 2.2.0.5 - Broken Access Control vulnerability | Damian | WP Popups | Medium | 6.5 | 2026-01-23 14:29:05 | Deep Dive |
| CVE-2025-14441 | Popupkit <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Subscriber Data Deletion | roxnor | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | Medium | 4.3 | 2026-01-06 04:31:56 | Deep Dive |
| CVE-2025-68568 | WordPress Claspo – Popups, Spin the Wheel & Email Capture plugin <= 1.0.7 - Broken Access Control vulnerability | Claspo Popup Builders | Claspo – Popups, Spin the Wheel & Email Capture | Medium | 5.3 | 2025-12-24 13:10:36 | Deep Dive |
| CVE-2025-9856 | Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | Medium | 6.4 | 2025-12-13 08:21:15 | Deep Dive |
| CVE-2025-63059 | WordPress Ninja Popups plugin <= 4.7.8 - Cross Site Scripting (XSS) vulnerability | arscode | Ninja Popups | Medium | 6.5 | 2025-12-09 14:52:33 | Deep Dive |
| CVE-2025-66111 | WordPress Nelio Popups plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | Nelio Software | Nelio Popups | Medium | 6.5 | 2025-11-21 12:30:05 | Deep Dive |
| CVE-2025-10861 | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.4 - Unauthenticated Server-Side Request Forgery | roxnor | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | High | 7.5 | 2025-10-24 11:25:46 | Deep Dive |
| CVE-2025-10862 | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.3 - Unauthenticated SQL Injection via 'id' | roxnor | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | High | 7.5 | 2025-10-09 08:23:17 | Deep Dive |
| CVE-2025-9490 | Popup Maker <= 1.20.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter | danieliser | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder | Medium | 6.4 | 2025-09-26 05:27:21 | Deep Dive |