浏览 44+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | High | 8.1 | 2026-04-20 19:27:08 | Deep Dive |
| CVE-2026-6203 | User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.1 | 2026-04-13 22:25:54 | Deep Dive |
| CVE-2026-1865 | User Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[] | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.5 | 2026-04-08 11:16:57 | Deep Dive |
| CVE-2026-3296 | Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | Critical | 9.8 | 2026-04-08 01:24:44 | Deep Dive |
| CVE-2026-3300 | Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field | WPEverest | Everest Forms Pro | Critical | 9.8 | 2026-03-31 01:24:58 | Deep Dive |
| CVE-2026-32488 | WordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerability | wpeverest | User Registration | 中危 | - | 2026-03-25 16:14:58 | Deep Dive |
| CVE-2026-4056 | User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.4 | 2026-03-23 23:25:50 | Deep Dive |
| CVE-2026-27070 | WordPress Everest Forms Pro plugin <= 1.9.12 - Cross Site Scripting (XSS) vulnerability | WPEverest | Everest Forms Pro | High | 7.1 | 2026-03-19 08:43:56 | Deep Dive |
| CVE-2026-1492 | User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Critical | 9.8 | 2026-03-03 04:33:21 | Deep Dive |
| CVE-2026-2356 | User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2026-02-26 02:23:56 | Deep Dive |
| CVE-2026-1779 | User Registration & Membership <= 5.1.2 - Authentication Bypass | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.1 | 2026-02-26 02:23:56 | Deep Dive |
| CVE-2026-22422 | WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability | wpeverest | Everest Forms | - | - | 2026-02-19 08:26:48 | Deep Dive |
| CVE-2026-24353 | WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability | wpeverest | User Registration | Medium | 4.3 | 2026-01-22 16:52:43 | Deep Dive |
| CVE-2025-67956 | WordPress User Registration plugin <= 4.4.6 - Broken Access Control vulnerability | wpeverest | User Registration | - | - | 2026-01-22 16:51:56 | Deep Dive |
| CVE-2025-14976 | User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.4 | 2026-01-10 08:22:57 | Deep Dive |
| CVE-2025-13367 | User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.4 | 2025-12-15 14:25:10 | Deep Dive |
| CVE-2025-8871 | Everest Forms (Pro) <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature | WPEverest | Everest Forms Pro | Medium | 5.6 | 2025-11-05 02:25:52 | Deep Dive |
| CVE-2025-60210 | WordPress Everest Forms - Frontend Listing plugin <= 1.0.5 - PHP Object Injection Vulnerability | wpeverest | Everest Forms - Frontend Listing | - | - | 2025-10-22 14:32:43 | Deep Dive |
| CVE-2025-9085 | User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 4.9 | 2025-09-06 02:24:18 | Deep Dive |
| CVE-2025-6831 | User Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.4 | 2025-07-22 01:44:28 | Deep Dive |