聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-9691 | Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-6372 | Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5. | 7.5 | 0.20% | 2026-04-15 | 2026-04-22 |
| CVE-2026-6370 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Mini Ajax Cart for WooCommerce allows Stored XSS.This issue affects Mini Ajax Cart for WooCommerce: from n/a through 1.3.4. | 5.9 | 0.14% | 2026-04-15 | 2026-04-22 |
| CVE-2026-54198 | Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions. | 7.1 | 0.15% | 2026-06-16 | 2026-06-16 |
| CVE-2026-54197 | Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions. | 6.5 | 0.21% | 2026-06-16 | 2026-06-16 |
| CVE-2026-54191 | Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions. | 7.1 | 0.15% | 2026-06-16 | 2026-06-16 |
| CVE-2026-54190 | Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions. | 6.5 | 0.20% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52715 | Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions. | 9.3 | 0.25% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52714 | Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions. | 5.9 | 0.18% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52712 | Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions. | 7.6 | 0.24% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52711 | Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions. | 7.5 | 0.23% | 2026-06-16 | 2026-06-16 |
| CVE-2026-52704 | Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8. | 10.0 | 0.31% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52703 | Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | 9.6 | 0.35% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52702 | Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. | 7.1 | 0.15% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52700 | Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. | 8.5 | 0.35% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52699 | Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. | 7.5 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52697 | Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. | 8.5 | 0.35% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52695 | Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. | 7.5 | 0.25% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52694 | Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. | 7.5 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2026-52693 | Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. | 9.3 | 0.30% | 2026-06-15 | 2026-06-15 |