浏览 78+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4021 | Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 8.1 | 2026-03-23 23:25:50 | Deep Dive |
| CVE-2026-4549 | mickasmt next-saas-stripe-starter Stripe API open-customer-portal.ts openCustomerPortal authorization | mickasmt | next-saas-stripe-starter | Low | 3.1 | 2026-03-22 13:47:25 | Deep Dive |
| CVE-2026-4548 | mickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorization | mickasmt | next-saas-stripe-starter | Medium | 6.3 | 2026-03-22 13:02:44 | Deep Dive |
| CVE-2026-4547 | mickasmt next-saas-stripe-starter Checkout generate-user-stripe.ts generateUserStripe logic error | mickasmt | next-saas-stripe-starter | Medium | 4.3 | 2026-03-22 13:02:42 | Deep Dive |
| CVE-2026-28115 | WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - SQL Injection vulnerability | loopus | WP Attractive Donations System - Easy Stripe & Paypal donations | 中危 | - | 2026-03-05 05:54:28 | Deep Dive |
| CVE-2026-3180 | Contest Gallery <= 28.1.4 - Unauthenticated SQL Injection | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 7.5 | 2026-03-02 17:23:36 | Deep Dive |
| CVE-2026-0751 | Payment Page | Payment Form for Stripe <= 1.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'pricing_plan_select_text_font_family' Parameter | brandonfire | Payment Page | Payment Form for Stripe | Medium | 6.4 | 2026-02-14 06:42:26 | Deep Dive |
| CVE-2022-50797 | Stripe Green Downloads Wordpress Plugin 2.03 Persistent XSS via Settings | halfdata | Stripe Green Downloads | Medium | 6.4 | 2026-02-01 12:15:52 | Deep Dive |
| CVE-2021-47885 | Payment Terminal Multiple Versions Non-Persistent Cross-Site Scripting | CriticalGears | PayPal PRO Payment Terminal | Medium | 6.4 | 2026-02-01 12:15:46 | Deep Dive |
| CVE-2026-1295 | Buy Now Plus <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | supercleanse | Buy Now Plus — Payments with Stripe | Medium | 6.4 | 2026-01-28 06:43:43 | Deep Dive |
| CVE-2025-14978 | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification | peachpay | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | Medium | 5.3 | 2026-01-20 01:22:45 | Deep Dive |
| CVE-2025-22715 | WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Arbitrary Content Deletion vulnerability | loopus | WP Attractive Donations System - Easy Stripe & Paypal donations | High | 7.5 | 2026-01-08 09:17:40 | Deep Dive |
| CVE-2025-68602 | WordPress Accept Donations with PayPal plugin <= 1.5.2 - Open Redirection vulnerability | Scott Paterson | Accept Donations with PayPal & Stripe | Medium | 4.7 | 2025-12-24 13:10:47 | Deep Dive |
| CVE-2025-58999 | WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Cross Site Request Forgery (CSRF) vulnerability | loopus | WP Attractive Donations System - Easy Stripe & Paypal donations | - | - | 2025-12-16 08:12:47 | Deep Dive |
| CVE-2025-12834 | Accept Stripe Payments Using Contact Form 7 <= 3.1 - Reflected Cross-Site Scripting via failure_message | zealopensource | Accept Stripe Payments Using Contact Form 7 | Medium | 6.1 | 2025-12-12 03:20:59 | Deep Dive |
| CVE-2025-12849 | Contest Gallery <= 28.0.2 - Missing Authorization | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Medium | 5.3 | 2025-11-15 06:41:31 | Deep Dive |
| CVE-2025-48085 | WordPress Simple Stripe plugin <= 0.9.17 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | ZIPANG | Simple Stripe | High | 7.1 | 2025-11-06 15:53:42 | Deep Dive |
| CVE-2025-9322 | Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection | themeisle | Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions | High | 7.5 | 2025-10-25 06:49:23 | Deep Dive |
| CVE-2025-49963 | WordPress Simple Stripe Checkout plugin <= 1.1.28 - Cross Site Scripting (XSS) vulnerability | growniche | Simple Stripe Checkout | - | - | 2025-10-22 14:32:22 | Deep Dive |
| CVE-2025-11254 | Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.3 - Unauthenticated CSV Injection | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Medium | 4.3 | 2025-10-11 08:29:16 | Deep Dive |