聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2025-47608 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows SQL Injection.This issue affects Recover abandoned cart for WooCommerce: from n/a through <= 2.5. | 9.3 | 57.76% | 2025-06-09 | 2026-04-23 |
| CVE-2025-47539 | Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <= 4.0.26. | 9.8 | 27.90% | 2025-05-23 | 2026-04-23 |
| CVE-2025-47577 | Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.9.2. | 10.0 | 33.42% | 2025-05-19 | 2026-04-23 |
| CVE-2025-27007 | Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82. | 9.8 | 82.96% | 2025-05-01 | 2026-04-23 |
| CVE-2025-30567 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01: from n/a through <= 2.6.2. | 7.5 | 43.81% | 2025-03-25 | 2026-04-23 |
| CVE-2025-28915 | Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit themeegg-toolkit allows Upload a Web Shell to a Web Server.This issue affects ThemeEgg ToolKit: from n/a through <= 1.2.9. | 9.1 | 24.85% | 2025-03-11 | 2026-04-23 |
| CVE-2025-25163 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer images-optimizer allows Path Traversal.This issue affects Plugin A/B Image Optimizer: from n/a through <= 3.3. | 7.5 | 26.36% | 2025-02-07 | 2026-04-23 |
| CVE-2025-24587 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through <= 1.2.23. | 7.6 | 11.92% | 2025-01-24 | 2026-04-23 |
| CVE-2025-23942 | Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through <= 2.1.6. | 9.1 | 51.47% | 2025-01-22 | 2026-04-23 |
| CVE-2025-22710 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce allows Blind SQL Injection.This issue affects Smart Manager: from n/a through <= 8.52.0. | 7.6 | 24.20% | 2025-01-21 | 2026-04-23 |
| CVE-2024-51818 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3. | 9.3 | 19.26% | 2025-01-21 | 2026-04-23 |
| CVE-2025-22785 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System course-booking-system allows SQL Injection.This issue affects Course Booking System: from n/a through <= 6.0.6. | 9.3 | 15.02% | 2025-01-15 | 2026-04-23 |
| CVE-2025-22510 | Deserialization of Untrusted Data vulnerability in kkarpieszuk WC Price History for Omnibus wc-price-history allows Object Injection.This issue affects WC Price History for Omnibus: from n/a through <= 2.1.4. | 7.2 | 19.03% | 2025-01-09 | 2026-04-23 |
| CVE-2024-56278 | Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through <= 2.9.1. | 9.1 | 55.54% | 2025-01-07 | 2026-04-23 |
| CVE-2024-56264 | Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector acf-city-selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through <= 1.14.0. | 6.6 | 17.68% | 2025-01-02 | 2026-04-23 |
| CVE-2024-56249 | Unrestricted Upload of File with Dangerous Type vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through <= 1.13.1. | 9.1 | 48.16% | 2025-01-02 | 2026-04-23 |
| CVE-2023-47179 | Missing Authorization vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: from n/a through <= 2.4.6. | 8.8 | 24.00% | 2025-01-02 | 2026-04-29 |
| CVE-2024-56067 | Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through <= 2.3.3. | 7.5 | 65.07% | 2024-12-31 | 2026-04-29 |
| CVE-2024-56064 | Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3. | 10.0 | 57.92% | 2024-12-31 | 2026-04-23 |
| CVE-2024-56059 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in farinspace Partners partners allows Object Injection.This issue affects Partners: from n/a through <= 0.2.0. | 9.8 | 32.35% | 2024-12-18 | 2026-04-23 |