彙總 esterox 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 CSRF 等安全問題,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-5807 | The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations. | [email protected] | 7.2 | 0.65% | 2024-07-30 | 2025-05-28 |
| CVE-2024-4532 | The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks | [email protected] | 6.4 | 0.28% | 2024-05-27 | 2025-05-01 |
| CVE-2024-4531 | The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing cards via CSRF attacks | [email protected] | 7.1 | 0.25% | 2024-05-27 | 2025-05-01 |
| CVE-2024-4530 | The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF attacks | [email protected] | 6.3 | 0.21% | 2024-05-27 | 2025-05-01 |
| CVE-2024-4529 | The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card categories via CSRF attacks | [email protected] | 5.0 | 0.18% | 2024-05-27 | 2025-05-01 |