浏览 60+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4949 | ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 4.3 | 2026-04-15 22:26:06 | Deep Dive |
| CVE-2026-3309 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.5 | 2026-04-04 11:16:15 | Deep Dive |
| CVE-2026-3445 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 7.1 | 2026-04-04 08:25:20 | Deep Dive |
| CVE-2026-32546 | WordPress Restrict Content plugin <= 3.2.22 - Broken Access Control vulnerability | StellarWP | Restrict Content | 中危 | - | 2026-03-25 16:15:12 | Deep Dive |
| CVE-2026-4136 | Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect | stellarwp | Membership Plugin – Restrict Content | Medium | 4.3 | 2026-03-20 03:37:03 | Deep Dive |
| CVE-2026-3453 | ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 8.1 | 2026-03-11 02:22:46 | Deep Dive |
| CVE-2026-1321 | Membership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level' | stellarwp | Membership Plugin – Restrict Content | High | 8.1 | 2026-03-05 07:30:56 | Deep Dive |
| CVE-2026-1304 | Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings | stellarwp | Membership Plugin – Restrict Content | Medium | 4.4 | 2026-02-18 05:29:19 | Deep Dive |
| CVE-2025-14844 | Membership Plugin – Restrict Content <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure | stellarwp | Membership Plugin – Restrict Content | High | 8.2 | 2026-01-16 09:23:47 | Deep Dive |
| CVE-2025-14000 | Membership Plugin – Restrict Content <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes | stellarwp | Membership Plugin – Restrict Content | Medium | 6.4 | 2025-12-23 11:13:49 | Deep Dive |
| CVE-2025-64244 | WordPress Restrict Elementor Widgets, Columns and Sections plugin <= 1.12 - Broken Access Control vulnerability | Codexpert, Inc | Restrict Elementor Widgets, Columns and Sections | Medium | 4.3 | 2025-12-16 08:12:49 | Deep Dive |
| CVE-2025-13642 | ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 5.4 | 2025-12-09 15:23:48 | Deep Dive |
| CVE-2025-9892 | Restrict User Registration <= 1.0.1 - Cross-Site Request Forgery to Settings Update | devrix | Restrict User Registration | Medium | 5.3 | 2025-10-03 11:17:17 | Deep Dive |
| CVE-2025-8878 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.5 | 2025-08-16 11:11:24 | Deep Dive |
| CVE-2025-7667 | Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion | josxha | Restrict File Access | High | 8.1 | 2025-07-15 11:20:04 | Deep Dive |
| CVE-2025-6070 | Restrict File Access <= 1.1.2 - Authenticated (Subscriber+) Arbitrary File Read | josxha | Restrict File Access | Medium | 6.5 | 2025-06-14 08:23:26 | Deep Dive |
| CVE-2025-47701 | Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047 | Drupal | Restrict route by IP | - | - | 2025-05-14 17:01:19 | Deep Dive |
| CVE-2025-27289 | WordPress Restrict Taxonomies Plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability | Antoine Guillien | Restrict Taxonomies | High | 7.1 | 2025-04-17 15:48:06 | Deep Dive |
| CVE-2025-32655 | WordPress Restrict User Registration plugin <= 1.0.1 - CSRF to Stored XSS vulnerability | DevriX | Restrict User Registration | High | 7.1 | 2025-04-17 15:47:03 | Deep Dive |
| CVE-2025-3453 | Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure | saadiqbal | Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content | Medium | 5.3 | 2025-04-17 11:13:05 | Deep Dive |