聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2021-36841 | Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration. | 6.9 | 0.63% | 2021-09-27 | 2026-06-16 |
| CVE-2021-36843 | Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin. | 4.8 | 0.56% | 2021-11-26 | 2026-06-16 |
| CVE-2021-36844 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. | 3.4 | 0.52% | 2022-05-02 | 2026-06-16 |
| CVE-2021-36845 | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be aut | 6.9 | 0.71% | 2021-09-27 | 2026-06-16 |
| CVE-2021-36846 | Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3 | 4.8 | 0.56% | 2022-04-11 | 2026-06-16 |
| CVE-2021-36847 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress. | 4.8 | 0.46% | 2022-08-22 | 2026-06-16 |
| CVE-2021-36848 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4 | 3.4 | 0.56% | 2022-04-11 | 2026-06-16 |
| CVE-2021-36849 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress. | 3.4 | 0.42% | 2022-07-20 | 2026-06-16 |
| CVE-2021-36850 | Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state. | 5.4 | 0.42% | 2021-10-04 | 2026-06-16 |
| CVE-2021-36851 | Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color. | 4.1 | 0.53% | 2022-04-04 | 2026-06-16 |
| CVE-2021-36852 | Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. | 4.3 | 0.31% | 2022-08-22 | 2026-06-16 |
| CVE-2021-36854 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | 5.4 | 0.27% | 2022-09-30 | 2026-06-16 |
| CVE-2021-36855 | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | 6.1 | 0.22% | 2022-09-30 | 2026-06-16 |
| CVE-2021-36857 | Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress. | 4.8 | 0.46% | 2022-08-22 | 2026-06-16 |
| CVE-2021-36858 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress. | 4.8 | 0.41% | 2022-10-28 | 2026-06-16 |
| CVE-2021-36861 | Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Starfish plugin <= 1.9.14 at WordPress allows an attacker to delete reviews. | 5.4 | 0.27% | 2022-08-05 | 2026-06-16 |
| CVE-2021-36863 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 5.4 | 0.44% | 2022-10-28 | 2026-06-16 |
| CVE-2021-36864 | Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 3.4 | 0.41% | 2022-10-28 | 2026-06-16 |
| CVE-2021-36865 | Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz. | 3.8 | 0.41% | 2022-09-30 | 2026-06-16 |
| CVE-2021-36866 | Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. | 4.8 | 0.52% | 2022-06-02 | 2026-06-16 |