聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-56010 | Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions. | 8.8 | 0.38% | 2026-06-26 | 2026-06-26 |
| CVE-2026-56008 | Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions. | 8.8 | 0.28% | 2026-06-26 | 2026-06-29 |
| CVE-2026-54831 | Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions. | 9.3 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2026-54827 | Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions. | 9.3 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2026-54825 | Unauthenticated SQL Injection in wpDataTables <= 7.4 versions. | 9.3 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2026-54820 | Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions. | 9.3 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2025-68052 | Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions. | 8.8 | 0.14% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57700 | Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6. | 10.0 | 0.37% | 2026-06-25 | 2026-06-29 |
| CVE-2026-56053 | Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions. | 8.8 | 0.39% | 2026-06-25 | 2026-06-25 |
| CVE-2026-56049 | Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions. | 8.5 | 0.35% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54849 | Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions. | 9.3 | 0.23% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54848 | Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3. | 8.3 | 0.18% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54845 | Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. | 8.1 | 0.27% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54843 | Unauthenticated SQL Injection in MDTF <= 1.3.7 versions. | 9.3 | 0.23% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54842 | Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25. | 8.1 | 0.19% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54838 | Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. | 8.5 | 0.27% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54836 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5. | 9.3 | 0.23% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54823 | Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions. | 9.9 | 0.43% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54822 | Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions. | 8.5 | 0.27% | 2026-06-25 | 2026-06-25 |
| CVE-2026-56012 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35. | 8.5 | 0.21% | 2026-06-18 | 2026-06-18 |