聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-54849 | Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions. | 9.3 | 0.23% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54848 | Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3. | 8.3 | 0.18% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54845 | Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. | 8.1 | 0.27% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54843 | Unauthenticated SQL Injection in MDTF <= 1.3.7 versions. | 9.3 | 0.23% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54842 | Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25. | 8.1 | 0.19% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54838 | Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. | 8.5 | 0.27% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54836 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5. | 9.3 | 0.23% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54823 | Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions. | 9.9 | 0.43% | 2026-06-25 | 2026-06-25 |
| CVE-2026-54822 | Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions. | 8.5 | 0.27% | 2026-06-25 | 2026-06-25 |
| CVE-2026-56012 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35. | 8.5 | 0.21% | 2026-06-18 | 2026-06-18 |
| CVE-2026-54812 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109. | 9.3 | 0.29% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54819 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54818 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11. | 8.5 | 0.21% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54815 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54814 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109. | 8.1 | 0.34% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54813 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0. | 8.5 | 0.21% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54809 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10. | 9.3 | 0.24% | 2026-06-17 | 2026-06-17 |
| CVE-2026-54808 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4. | 9.3 | 0.32% | 2026-06-17 | 2026-06-17 |
| CVE-2026-52707 | Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. | 8.1 | 0.44% | 2026-06-17 | 2026-06-17 |
| CVE-2026-49108 | Unauthenticated PHP Object Injection in Moderno < 1.43 versions. | 9.8 | 0.30% | 2026-06-17 | 2026-06-17 |