聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-39510 | Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.11. | 2.7 | 0.20% | 2026-04-08 | 2026-04-29 |
| CVE-2026-32445 | Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5. | 2.7 | 0.18% | 2026-03-13 | 2026-04-22 |
| CVE-2025-68585 | Missing Authorization vulnerability in Ben Balter WP Document Revisions wp-document-revisions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Document Revisions: from n/a through <= 3.7.2. | 2.7 | 0.21% | 2025-12-24 | 2026-04-27 |
| CVE-2025-64352 | Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.2.4. | 2.7 | 0.19% | 2025-10-31 | 2026-04-27 |
| CVE-2025-64255 | Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.0.8. | 2.7 | 0.26% | 2025-12-09 | 2026-04-27 |
| CVE-2025-64254 | Missing Authorization vulnerability in Ronald Huereca Photo Block photo-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Block: from n/a through <= 1.5.1. | 2.7 | 0.21% | 2025-12-09 | 2026-04-23 |
| CVE-2025-58866 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info site-info-dashboard-widget allows Retrieve Embedded Sensitive Data.This issue affects Site Info: from n/a through <= 1.1. | 2.7 | 0.22% | 2025-09-05 | 2026-04-23 |
| CVE-2025-54004 | Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through <= 6.7.24. | 2.7 | 0.27% | 2025-12-16 | 2026-04-27 |
| CVE-2025-49300 | Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8. | 2.7 | 0.23% | 2025-12-16 | 2026-04-15 |
| CVE-2025-32205 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms piotnetforms.This issue affects Piotnet Forms: from n/a through <= 1.0.30. | 2.7 | 0.32% | 2025-04-10 | 2026-04-29 |
| CVE-2025-31003 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze squeeze allows Retrieve Embedded Sensitive Data.This issue affects Squeeze: from n/a through <= 1.6. | 2.7 | 0.42% | 2025-04-09 | 2026-04-23 |
| CVE-2025-30877 | Missing Authorization vulnerability in fatcatapps Quiz Cat quiz-cat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz Cat: from n/a through <= 3.0.8. | 2.7 | 0.36% | 2025-03-27 | 2026-04-23 |
| CVE-2024-51671 | Missing Authorization vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Otter - Gutenberg Block: from n/a through <= 3.0.3. | 2.7 | 0.46% | 2024-11-19 | 2026-04-23 |
| CVE-2024-4214 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Bill Minozzi Car Dealer allows Code Injection.This issue affects Car Dealer: from n/a through 4.15. | 2.7 | 0.37% | 2024-05-17 | 2026-04-15 |
| CVE-2024-37253 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit allows Code Injection.This issue affects WP Directory Kit: from n/a through 1.3.6. | 2.7 | 0.32% | 2024-07-09 | 2025-03-06 |
| CVE-2024-30507 | Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7. | 2.7 | 0.43% | 2024-03-29 | 2026-04-28 |
| CVE-2023-46311 | Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3. | 2.7 | 0.52% | 2023-12-20 | 2026-04-28 |
| CVE-2022-27844 | Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70 | 2.7 | 1.42% | 2022-04-11 | 2024-11-21 |
| CVE-2021-36906 | Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. | 2.7 | 0.53% | 2022-11-03 | 2025-02-20 |
| CVE-2022-42494 | Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress. | 3.0 | 0.55% | 2022-11-08 | 2024-11-21 |