浏览 15+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-68080 | WordPress User Avatar - Reloaded plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability | Saad Iqbal | User Avatar - Reloaded | - | - | 2025-12-16 08:13:05 | Deep Dive |
| CVE-2025-49980 | WordPress WP User Profile Avatar plugin <= 1.0.6 - Broken Access Control Vulnerability | WP Event Manager | WP User Profile Avatar | Medium | 4.3 | 2025-06-20 15:04:13 | Deep Dive |
| CVE-2024-10789 | WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update | wpeventmanager | WP User Profile Avatar | Medium | 4.3 | 2025-01-16 03:27:23 | Deep Dive |
| CVE-2024-54358 | WordPress 3D Avatar User Profile plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | Enrico Cantori | 3D Avatar User Profile | High | 7.1 | 2024-12-16 14:31:37 | Deep Dive |
| CVE-2023-6067 | WP User Profile Avatar <= 1.0.1 - Contributor+ Stored XSS | Unknown | WP User Profile Avatar | - | - | 2024-04-15 05:00:01 | Deep Dive |
| CVE-2023-52118 | WordPress WP User Profile Avatar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | WP Event Manager | WP User Profile Avatar | Medium | 6.5 | 2024-02-01 10:08:07 | Deep Dive |
| CVE-2023-6384 | WP User Profile Avatar < 1.0.1 - Author+ Avatar Deletion/Update via IDOR | Unknown | WP User Profile Avatar | 中危 | - | 2024-01-22 19:14:25 | Deep Dive |
| CVE-2023-46621 | WordPress User Avatar Plugin <= 1.4.11 is vulnerable to Cross Site Scripting (XSS) | Enej Bajgoric / Gagan Sandhu / CTLT DEV | User Avatar | 中危 | - | 2023-11-08 15:16:11 | Deep Dive |
| CVE-2023-4798 | User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS | Unknown | User Avatar | 中危 | - | 2023-10-16 19:39:10 | Deep Dive |
| CVE-2021-24955 | ProfilePress < 3.2.3 - Reflected Cross-Site Scripting | Unknown | User Registration, Login Form, User Profile & Membership – ProfilePress (Formerly WP User Avatar) | 中危 | - | 2021-12-13 10:41:29 | Deep Dive |
| CVE-2021-24954 | ProfilePress < 3.2.3 - Reflected Cross-Site Scripting | Unknown | User Registration, Login Form, User Profile & Membership – ProfilePress (Formerly WP User Avatar) | 中危 | - | 2021-12-13 10:41:28 | Deep Dive |
| CVE-2021-24675 | One User Avatar < 2.3.7 - Avatar Update via CSRF | Unknown | One User Avatar | User Profile Picture | 中危 | - | 2021-10-18 13:45:55 | Deep Dive |
| CVE-2021-24672 | One User Avatar < 2.3.7 - Contributor+ Stored Cross-Site Scripting | Unknown | One User Avatar | User Profile Picture | 中危 | - | 2021-10-18 13:45:53 | Deep Dive |
| CVE-2021-24522 | ProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget | Unknown | User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) | 中危 | - | 2021-08-09 10:04:15 | Deep Dive |
| CVE-2021-24450 | ProfilePress < 3.1.8 - Authenticated Stored XSS | Unknown | User Registration, User Profiles, Login & Membership – ProfilePress (Formerly WP User Avatar) | 中危 | - | 2021-08-02 10:32:00 | Deep Dive |