聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-9691 | Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. | 9.8 | 0.48% | 2026-06-15 | 2026-06-17 |
| CVE-2026-59518 | Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through <= 8.8.2. | 9.8 | 0.31% | 2026-07-13 | 2026-07-13 |
| CVE-2026-59515 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from n/a through <= 1.5.4. | 9.3 | 0.25% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57813 | Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue affects MailOptin: from n/a through <= 1.2.77.3. | 9.8 | 0.27% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57811 | Improper Control of Generation of Code ('Code Injection') vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows Remote Code Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through <= 5.2.0. | 10.0 | 0.32% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57810 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through <= 4.7.4. | 8.5 | 0.21% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57807 | Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO (OAuth Client): from n/a through 38.5.8. | 9.8 | 0.43% | 2026-07-10 | 2026-07-13 |
| CVE-2026-57787 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeWS CWS SVGicons cws-svgicons allows Blind SQL Injection.This issue affects CWS SVGicons: from n/a through <= 1.5.5. | 8.5 | 0.35% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57786 | Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This issue affects WorkScout-Core: from n/a through <= 1.7.08. | 8.8 | 0.23% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57772 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through <= 2.4.0. | 8.5 | 0.25% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57771 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through <= 3.7. | 8.5 | 0.25% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57770 | Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography allows Object Injection.This issue affects Grand Photography: from n/a through <= 5.7.8. | 9.8 | 0.31% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57768 | Incorrect Privilege Assignment vulnerability in favethemes Houzez Login Register houzez-login-register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through <= 3.3.3. | 8.2 | 0.23% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57766 | Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions. | 8.8 | 0.14% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57765 | Contributor SQL Injection in WP EasyCart <= 5.9.0 versions. | 8.5 | 0.22% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57759 | Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions. | 8.8 | 0.14% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57756 | Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions. | 8.5 | 0.22% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57752 | Contributor SQL Injection in iNET Webkit 1.2.4 versions. | 8.5 | 0.29% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57751 | Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions. | 8.1 | 0.14% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57744 | Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5. | 9.8 | 0.31% | 2026-07-13 | 2026-07-13 |