浏览 26+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3017 | Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection | shapedplugin | Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts | High | 7.2 | 2026-04-14 05:30:33 | Deep Dive |
| CVE-2025-8481 | Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid <= 1.1.7 - Cross-Site Request Forgery | mdimran41 | Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid | Medium | 4.3 | 2025-09-11 07:24:58 | Deep Dive |
| CVE-2024-9645 | Post Grid and Gutenberg Blocks < 2.2.93 - Contributor+ Stored XSS | Unknown | Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry | - | - | 2025-05-15 20:07:22 | Deep Dive |
| CVE-2025-24782 | WordPress Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin <= 1.6.10 - Local File Inclusion vulnerability | wpWax | Post Grid, Slider & Carousel Ultimate | Medium | 6.5 | 2025-01-27 14:22:20 | Deep Dive |
| CVE-2024-13408 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 7.5 | 2025-01-24 11:07:33 | Deep Dive |
| CVE-2024-13409 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler() | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 7.5 | 2025-01-24 11:07:31 | Deep Dive |
| CVE-2024-10536 | FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 6.0.0 - Missing Authorization to Authenticated (Subscriber+) Shortcode Export | wpqode | FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor | Medium | 4.3 | 2025-01-07 05:24:09 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2024-11601 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | High | 8.1 | 2024-11-22 05:33:41 | Deep Dive |
| CVE-2024-11104 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | High | 8.1 | 2024-11-22 05:33:40 | Deep Dive |
| CVE-2024-9542 | Sky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor Template | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | Medium | 4.3 | 2024-11-21 11:02:20 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-38686 | WordPress FancyPost plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability | Pluginic | FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor | Medium | 6.5 | 2024-07-20 07:40:06 | Deep Dive |
| CVE-2024-5662 | Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget | bdthemes | Ultimate Post Kit Addons for Elementor | Medium | 6.4 | 2024-06-28 08:33:29 | Deep Dive |
| CVE-2024-3155 | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting | pickplugins | Post Grid | Medium | 6.4 | 2024-05-21 02:32:59 | Deep Dive |
| CVE-2024-0881 | Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access | Unknown | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel | - | - | 2024-04-11 15:36:31 | Deep Dive |
| CVE-2024-3020 | Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection | shapedplugin | Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel | High | 7.2 | 2024-04-10 04:30:22 | Deep Dive |
| CVE-2024-2949 | Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode' | shapedplugin | Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel | Medium | 6.4 | 2024-04-06 06:47:19 | Deep Dive |
| CVE-2024-29925 | WordPress Post Grid, Slider & Carousel Ultimate plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability | wpWax | Post Grid, Slider & Carousel Ultimate | Medium | 6.5 | 2024-03-27 07:26:10 | Deep Dive |
| CVE-2024-2286 | Sky Addons for Elementor <= 2.4.0 - Authenticated(Contributor+) Stored Cross-site scripting via Wrapper Link URL | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | Medium | 6.4 | 2024-03-13 15:27:18 | Deep Dive |