聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-49060 | Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4. | 9.8 | 0.04% | 2026-06-11 | 2026-06-12 |
| CVE-2026-42647 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7. | 9.3 | 5.18% | 2026-06-11 | 2026-06-12 |
| CVE-2026-39494 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2. | 9.3 | 0.03% | 2026-06-11 | 2026-06-12 |
| CVE-2026-49777 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. | 10.0 | 6.55% | 2026-06-05 | 2026-06-08 |
| CVE-2025-15656 | Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0. | 8.8 | 0.04% | 2026-06-03 | 2026-06-04 |
| CVE-2026-39555 | Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1. | 8.1 | 0.05% | 2026-06-02 | 2026-06-02 |
| CVE-2026-39553 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4. | 8.1 | 0.15% | 2026-06-02 | 2026-06-02 |
| CVE-2026-39552 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5. | 8.1 | 0.15% | 2026-06-02 | 2026-06-02 |
| CVE-2025-69369 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0. | 8.1 | 0.09% | 2026-06-02 | 2026-06-02 |
| CVE-2025-68886 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8. | 8.1 | 0.15% | 2026-06-02 | 2026-06-02 |
| CVE-2025-58897 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0. | 8.1 | 0.15% | 2026-06-02 | 2026-06-02 |
| CVE-2025-58707 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8. | 8.1 | 0.15% | 2026-06-02 | 2026-06-02 |
| CVE-2026-42684 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1. | 9.3 | 0.03% | 2026-06-02 | 2026-06-02 |
| CVE-2026-39551 | Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1. | 8.1 | 0.05% | 2026-06-02 | 2026-06-02 |
| CVE-2026-39550 | Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6. | 8.1 | 0.05% | 2026-06-02 | 2026-06-02 |
| CVE-2025-58705 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti: from n/a through 1.12. | 8.1 | 0.15% | 2026-06-02 | 2026-06-02 |
| CVE-2025-53440 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4. | 8.1 | 0.15% | 2026-06-02 | 2026-06-02 |
| CVE-2025-53345 | Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3. | 8.8 | 0.06% | 2026-06-02 | 2026-06-02 |
| CVE-2025-53209 | Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0. | 9.8 | 0.02% | 2026-06-02 | 2026-06-02 |
| CVE-2026-42672 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1. | 9.3 | 0.03% | 2026-06-01 | 2026-06-01 |