聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-6372 | Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5. | 7.5 | 0.03% | 2026-04-15 | 2026-04-22 |
| CVE-2026-6370 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Mini Ajax Cart for WooCommerce allows Stored XSS.This issue affects Mini Ajax Cart for WooCommerce: from n/a through 1.3.4. | 5.9 | 0.03% | 2026-04-15 | 2026-04-22 |
| CVE-2026-49782 | Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0. | 5.4 | 0.03% | 2026-06-02 | 2026-06-02 |
| CVE-2026-49777 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. | 10.0 | 6.55% | 2026-06-05 | 2026-06-08 |
| CVE-2026-49771 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41. | 7.6 | 0.03% | 2026-06-04 | 2026-06-04 |
| CVE-2026-49077 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2. | 5.3 | 0.03% | 2026-06-04 | 2026-06-04 |
| CVE-2026-49069 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21. | 7.1 | 0.03% | 2026-06-10 | 2026-06-10 |
| CVE-2026-49060 | Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4. | 9.8 | 0.04% | 2026-06-11 | 2026-06-12 |
| CVE-2026-49059 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0. | 4.7 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-49054 | Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Post Grid: from n/a through 7.9.2. | 4.3 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-49053 | Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6. | 5.3 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-49052 | Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6. | 4.3 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-49051 | Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6. | 4.3 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-49047 | Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27. | 4.3 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-49046 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 2.9.5. | 8.5 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-49045 | Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Adminimize: from n/a through 1.11.11. | 4.3 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-49044 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2. | 6.5 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-48973 | Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14. | 4.3 | 0.03% | 2026-05-27 | 2026-05-27 |
| CVE-2026-48972 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects SeedProd Pro: from n/a before 6.19.5. | 7.5 | 0.11% | 2026-05-27 | 2026-05-27 |
| CVE-2026-48971 | Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6. | 4.3 | 0.03% | 2026-05-27 | 2026-05-27 |