Syed Balkhi 厂商漏洞列表 / CVE 中文分析 36

Syed Balkhi 厂商相关 36 条 CVE 漏洞，含 AI 中文分析、POC、CVSS 评分与受影响产品。

Syed Balkhi 主要运营 WordPress 生态插件业务，其项目因广泛使用而累计收录 35 条 CVE。历史漏洞多集中于未授权访问、跨站脚本及远程代码执行，常源于输入验证缺失或权限控制疏漏。部分高危事件涉及敏感数据泄露，凸显了第三方插件在安全审计上的短板。开发者需关注官方更新以修复已知缺陷，企业用户应严格评估集成风险，避免依赖未充分验证的代码组件。

CVEs 36

CVE ID	标题	CVSS	风险等级	Published
CVE-2026-52698	WordPress PushEngage插件 <= 4.2.3 敏感数据泄露漏洞 — PushEngage – Web Push Notifications, eCommerce Automation & Chat WidgetCWE-201	7.4	High	2026-06-17
CVE-2026-40764	WordPress plugin Contact Form by WPForms 安全漏洞 — Contact Form by WPFormsCWE-352	8.1	High	2026-04-15
CVE-2026-39475	WordPress plugin User Feedback SQL注入漏洞 — User FeedbackCWE-89	7.6	High	2026-04-08
CVE-2026-39476	WordPress plugin User Feedback 安全漏洞 — User FeedbackCWE-862	4.3	Medium	2026-04-08
CVE-2026-25339	WordPress plugin Contact Form by WPForms 安全漏洞 — Contact Form by WPFormsCWE-201	6.5	Medium	2026-03-25
CVE-2026-32446	WordPress plugin Contact Form by WPForms 安全漏洞 — Contact Form by WPFormsCWE-862	4.3	Medium	2026-03-13
CVE-2026-24636	WordPress plugin Sugar Calendar (Lite) 安全漏洞 — Sugar Calendar (Lite)CWE-862	4.3	Medium	2026-01-23
CVE-2020-36919	Wordpress plugin WPForms 跨站脚本漏洞 — WPFormsCWE-79	6.1	Medium	2026-01-13
CVE-2025-68496	WordPress plugin User Feedback 安全漏洞 — User FeedbackCWE-89	7.6	High	2025-12-24
CVE-2025-64295	WordPress plugin All In One SEO Pack 安全漏洞 — All In One SEO PackCWE-201	6.5	Medium	2025-12-18
CVE-2025-67950	WordPress plugin All In One SEO Pack 安全漏洞 — All In One SEO PackCWE-89	8.5	High	2025-12-16
CVE-2025-64635	WordPress plugin Feeds for YouTube 安全漏洞 — Feeds for YouTubeCWE-862	5.3	Medium	2025-12-16
CVE-2025-66064	WordPress plugin Giveaways and Contests by RafflePress 安全漏洞 — Giveaways and Contests by RafflePressCWE-352	4.3	Medium	2025-11-21
CVE-2025-49937	WordPress plugin custom-facebook-feed 安全漏洞 — Smash Balloon Social Post FeedCWE-862	4.3	Medium	2025-10-22
CVE-2025-60112	WordPress plugin aThemes Addons for Elementor 跨站脚本漏洞 — aThemes Addons for ElementorCWE-79	6.5	Medium	2025-09-26
CVE-2025-53460	WordPress plugin AffiliateWP – External Referral Links 跨站脚本漏洞 — AffiliateWP – External Referral LinksCWE-79	5.9	Medium	2025-09-22
CVE-2025-58001	WordPress plugin Compact Archives 跨站脚本漏洞 — Compact ArchivesCWE-79	6.5	Medium	2025-09-22
CVE-2025-58649	WordPress plugin All In One SEO Pack 安全漏洞 — All In One SEO PackCWE-201	4.3	Medium	2025-09-22
CVE-2025-58650	WordPress plugin All In One SEO Pack 安全漏洞 — All In One SEO PackCWE-862	5.4	Medium	2025-09-22
CVE-2025-49997	WordPress plugin Giveaways and Contests by RafflePress 安全漏洞 — Giveaways and Contests by RafflePressCWE-862	5.3	Medium	2025-06-20
CVE-2025-47596	WordPress plugin Beacon Lead Magnets and Lead Capture 跨站请求伪造漏洞 — Beacon Lead Magnets and Lead CaptureCWE-352	4.3	Medium	2025-05-07
CVE-2025-47520	WordPress plugin Charitable 跨站脚本漏洞 — CharitableCWE-79	5.9	Medium	2025-05-07
CVE-2025-46451	WordPress plugin Floating Social Bar 跨站脚本漏洞 — Floating Social BarCWE-79	5.9	Medium	2025-04-24
CVE-2025-24637	WordPress plugin Beacon Lead Magnets and Lead Capture 跨站脚本漏洞 — Beacon Lead Magnets and Lead CaptureCWE-79	7.1	High	2025-04-17
CVE-2025-32158	WordPress plugin aThemes Addons for Elementor 安全漏洞 — aThemes Addons for ElementorCWE-98	7.5	High	2025-04-10
CVE-2025-31734	WordPress plugin Simple Post Expiration 跨站脚本漏洞 — Simple Post ExpirationCWE-79	6.5	Medium	2025-04-01
CVE-2025-22646	WordPress plugin aThemes Addons for Elementor 跨站脚本漏洞 — aThemes Addons for ElementorCWE-79	6.5	Medium	2025-03-27
CVE-2025-30770	WordPress plugin Charitable 跨站脚本漏洞 — CharitableCWE-79	6.5	Medium	2025-03-27
CVE-2025-24750	WordPress plugin ExactMetrics 安全漏洞 — ExactMetricsCWE-862	5.4	Medium	2025-01-24
CVE-2024-56276	WordPress plugin Contact Form by WPForms 安全漏洞 — Contact Form by WPFormsCWE-862	4.3	Medium	2025-01-07

本页汇总了 Syed Balkhi 厂商截至目前公开的全部 36 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接，并附带 AI 生成的中文分析以便快速判断风险。

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Syed Balkhi 厂商漏洞列表 / CVE 中文分析 36

目标达成感谢每一位支持者 — 我们达成了 100% 目标！