漏洞平台

漏洞ID	漏洞标题	风险等级	分配者	发布日期
CVE-2025-1328	Typed JS: 一款打字机风格的动画 <= 1.2.0 - 经认证(贡献者+)通过typespeed参数存储型跨站脚本漏洞	中危	Wordfence	2025-02-20 09:21:41
CVE-2024-13802	Bandsintown Events <= 1.3.1 - 经认证(XSS)漏洞(贡献者+)	中危	Wordfence	2025-02-20 09:21:40
CVE-2024-13792	WooCommerce Food - Restaurant Menu & Food ordering <= 3.3.2 任意短代码执行漏洞	高危	Wordfence	2025-02-20 09:21:40
CVE-2024-13476	LTL Freight Quotes – GlobalTranz Edition <= 2.3.11 - 未认证的SQL注入漏洞	高危	Wordfence	2025-02-20 09:21:39
CVE-2024-13753	Ultimate Classified Listings <= 1.4存在跨站请求伪造至账号接管漏洞	高危	Wordfence	2025-02-20 09:21:39
CVE-2024-13855	Prime Addons for Elementor <= 2.0.1 版本存在经由 pae_global_block 短代码进行的认证用户(Contributor+)不安全直接对象引用漏洞	中危	Wordfence	2025-02-20 09:21:39
CVE-2025-0866	Legoeso PDF Manager <= 1.2.2 版本中的 checkedVals 参数存在经认证的 (Author+) SQL注入漏洞	中危	Wordfence	2025-02-20 09:21:38
CVE-2024-13789	Ravpage <= 2.31 应用程序存在PHP对象注入漏洞	超危	Wordfence	2025-02-20 09:21:38
CVE-2024-6432	Content Blocks (Custom Post Widget) <= 3.3.5 - 经认证的 (Contributor+) 通过 content 参数存储型跨站脚本漏洞	中危	Wordfence	2025-02-20 09:21:37
CVE-2024-13849	Cookie Notice Bar <= 1.3.0 - 经认证的(管理员+) 存储型跨站脚本漏洞	中危	Wordfence	2025-02-20 09:21:37
CVE-2024-13748	Ultimate Classified Listings <= 1.4 存储型跨站脚本漏洞	中危	Wordfence	2025-02-20 09:21:37
CVE-2025-1483	LTL Freight Quotes – GlobalTranz Edition <= 2.3.12 - 未经授权更新设置时缺少验证机制	中危	Wordfence	2025-02-20 09:21:36
CVE-2024-13520	WooCommerce Gift Cards插件4.4.6及以下版本中存在未授权价格、日期和备注更新漏洞	中危	Wordfence	2025-02-20 09:21:36
CVE-2025-0897	Modal Window <= 6.1.5 - 已认证(贡献者+)通过 iframeBox 短代码存储的跨站脚本漏洞	中危	Wordfence	2025-02-20 08:22:07
CVE-2025-1064	Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - 经认证(贡献者+)通过xoo_el_action短代码存储型跨站脚本漏洞	中危	Wordfence	2025-02-20 08:22:07
CVE-2024-13888	WPMobile.App <= 11.56 版本存在 'redirect' 参数开放重定向漏洞	高危	Wordfence	2025-02-20 08:22:06
CVE-2024-13155	Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.140 - 经认证（Contributor+）通过透明分割英雄小部件存储的跨站脚本漏洞	中危	Wordfence	2025-02-20 07:33:37
CVE-2025-26856	N/A	N/A	jpcert	2025-02-20 05:49:49
CVE-2024-13445	Elementor Website Builder – More Than Just a Page Builder <= 3.27.4 - 经认证的(贡献者+)存储型跨站脚本漏洞	中危	Wordfence	2025-02-20 04:22:25
CVE-2024-49780	IBM OpenPages 路径穿越漏洞	中危	ibm	2025-02-20 03:49:10

CVE-2025-1328

Typed JS: 一款打字机风格的动画 <= 1.2.0 - 经认证(贡献者+)通过typespeed参数存储型跨站脚本漏洞

中危

Wordfence

2025-02-20 09:21:41

CVE-2024-13802

Bandsintown Events <= 1.3.1 - 经认证(XSS)漏洞(贡献者+)

中危

Wordfence

2025-02-20 09:21:40

CVE-2024-13792

WooCommerce Food - Restaurant Menu & Food ordering <= 3.3.2 任意短代码执行漏洞