CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报，深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型，动态追踪 Exploit 资源与 PoC 公开状态，研判可利用性。结合官方补丁与修复方案，优化漏洞管理优先级，缩短响应周期，保障资产安全。

分配机构（CNA / 来源）：[email protected] 移除此筛选

EPSS 分数

≥ 1% ≥ 5% ≥ 10% ≥ 30% ≥ 50%

CVSS 分数

≥ 6 ≥ 7 ≥ 8 ≥ 9

CVE	描述	最高 CVSS	EPSS %	公开时间	更新时间
CVE-2026-54808	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4.	9.3	0.32%	2026-06-17	2026-06-17
CVE-2026-54807	Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.	9.8	0.45%	2026-06-17	2026-06-17
CVE-2026-54806	Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.	9.8	0.59%	2026-06-17	2026-06-17
CVE-2026-54805	Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.	8.8	0.39%	2026-06-17	2026-06-17
CVE-2026-54804	Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.	7.6	0.28%	2026-06-17	2026-06-17
CVE-2026-54803	Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.	9.8	0.45%	2026-06-17	2026-06-17
CVE-2026-54802	Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.	7.5	0.38%	2026-06-17	2026-06-17
CVE-2026-54198	Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.	7.1	0.15%	2026-06-16	2026-06-17
CVE-2026-54197	Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.	6.5	0.21%	2026-06-16	2026-06-17
CVE-2026-54196	Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.	6.8	0.21%	2026-06-17	2026-06-17
CVE-2026-54195	Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.	7.1	0.15%	2026-06-17	2026-06-17
CVE-2026-54194	Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.	9.8	0.39%	2026-06-17	2026-06-17
CVE-2026-54193	Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.	7.7	0.34%	2026-06-17	2026-06-17
CVE-2026-54192	Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.	7.1	0.19%	2026-06-17	2026-06-17
CVE-2026-54191	Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.	7.1	0.15%	2026-06-16	2026-06-17
CVE-2026-54190	Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.	6.5	0.20%	2026-06-16	2026-06-17
CVE-2026-54189	Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.	7.1	0.15%	2026-06-17	2026-06-17
CVE-2026-54188	Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.	7.1	0.15%	2026-06-17	2026-06-17
CVE-2026-54187	Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.	9.3	0.29%	2026-06-17	2026-06-17
CVE-2026-54186	Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.	9.3	0.30%	2026-06-17	2026-06-17

cvelogic Threat Intelligence