聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2025-29005 | Cross-Site Request Forgery (CSRF) vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Cross Site Request Forgery.This issue affects HR Management Lite: from n/a through <= 3.6. | 4.3 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28984 | Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce subscriptions-renewal-reminders allows Cross Site Request Forgery.This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through <= 1.4.1. | 4.3 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28981 | Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options wp-mail-options allows Stored XSS.This issue affects WP Mail Options: from n/a through <= 0.2.3. | 7.1 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28974 | Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through <= 1.0. | 7.1 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28966 | Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive recent-posts-slider-responsive allows Stored XSS.This issue affects Recent Posts Slider Responsive: from n/a through <= 1.0.1. | 7.1 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28964 | Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon personal-favicon allows Stored XSS.This issue affects Personal Favicon: from n/a through <= 2.0. | 7.1 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28958 | Cross-Site Request Forgery (CSRF) vulnerability in Vadim Bogaiskov Bg Orthodox Calendar bg-orthodox-calendar allows Stored XSS.This issue affects Bg Orthodox Calendar: from n/a through <= 0.13.10. | 7.1 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28952 | Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePoints cubepoints allows Cross Site Request Forgery.This issue affects CubePoints: from n/a through <= 3.2.1. | 4.3 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-28950 | Cross-Site Request Forgery (CSRF) vulnerability in David Shabtai Post Author post-author allows Stored XSS.This issue affects Post Author: from n/a through <= 1.1.1. | 7.1 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-27360 | Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Cross Site Request Forgery.This issue affects Quick Event Calendar: from n/a through <= 1.4.9. | 4.3 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-27359 | Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager wp-media-file-type-manager allows Cross Site Request Forgery.This issue affects WP Media File Type Manager: from n/a through <= 2.3.1. | 4.3 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-24772 | Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with Contact Form 7 pay-with-contact-form-7 allows Cross Site Request Forgery.This issue affects Pay with Contact Form 7: from n/a through <= 1.0.4. | 5.4 | 0.05% | 2025-06-06 | 2026-06-17 |
| CVE-2025-22634 | Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPress: from n/a through <= 2.4.5. | 5.4 | 0.05% | 2025-03-27 | 2026-06-17 |
| CVE-2025-58831 | Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Cross Site Request Forgery.This issue affects Parallax Scrolling Enllax.js: from n/a through <= 0.0.6. | 4.3 | 0.05% | 2025-09-05 | 2026-06-17 |
| CVE-2025-26768 | Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through <= 4.0.15. | 7.1 | 0.05% | 2025-02-16 | 2026-06-17 |
| CVE-2025-26759 | Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager content-snippet-manager allows Stored XSS.This issue affects Content Snippet Manager: from n/a through <= 1.1.5. | 7.1 | 0.05% | 2025-02-16 | 2026-06-17 |
| CVE-2025-62908 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 无 | 0.05% | 2025-10-26 | 2025-11-21 |
| CVE-2025-52709 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 无 | 0.05% | 2025-06-27 | 2025-09-04 |
| CVE-2025-25168 | Cross-Site Request Forgery (CSRF) vulnerability in Black and White BookPress – For Book Authors book-press allows Cross-Site Scripting (XSS).This issue affects BookPress – For Book Authors: from n/a through <= 1.2.7. | 7.1 | 0.05% | 2025-02-07 | 2026-06-17 |
| CVE-2025-25166 | Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation inlocation allows Stored XSS.This issue affects InLocation: from n/a through <= 1.8. | 7.1 | 0.05% | 2025-02-07 | 2026-06-17 |