聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2025-47608 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows SQL Injection.This issue affects Recover abandoned cart for WooCommerce: from n/a through <= 2.5. | 9.3 | 57.76% | 2025-06-09 | 2026-04-23 |
| CVE-2025-27007 | Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82. | 9.8 | 82.96% | 2025-05-01 | 2026-04-23 |
| CVE-2025-23942 | Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through <= 2.1.6. | 9.1 | 51.47% | 2025-01-22 | 2026-04-23 |
| CVE-2024-56278 | Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through <= 2.9.1. | 9.1 | 55.54% | 2025-01-07 | 2026-04-23 |
| CVE-2024-56067 | Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through <= 2.3.3. | 7.5 | 65.07% | 2024-12-31 | 2026-04-29 |
| CVE-2024-56064 | Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3. | 10.0 | 57.92% | 2024-12-31 | 2026-04-23 |
| CVE-2024-54385 | Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.83. | 7.2 | 80.95% | 2024-12-16 | 2026-04-23 |
| CVE-2024-54330 | Server-Side Request Forgery (SSRF) vulnerability in hurraki Hurrakify hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through <= 2.4. | 7.2 | 72.53% | 2024-12-13 | 2026-04-23 |
| CVE-2024-54262 | Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through <= 1.6.2. | 9.9 | 54.84% | 2024-12-13 | 2026-04-23 |
| CVE-2023-32117 | Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99. | 9.8 | 89.38% | 2024-12-09 | 2026-04-28 |
| CVE-2024-52433 | Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through <= 1.2. | 9.8 | 80.45% | 2024-11-18 | 2026-04-23 |
| CVE-2024-52380 | Unrestricted Upload of File with Dangerous Type vulnerability in softpulseinfotech Picsmize picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through <= 1.0.0. | 10.0 | 60.35% | 2024-11-14 | 2026-04-23 |
| CVE-2024-52375 | Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative datasets-manager-by-arttia-creative.This issue affects Datasets Manager by Arttia Creative: from n/a through <= 1.5. | 10.0 | 60.63% | 2024-11-14 | 2026-04-23 |
| CVE-2024-51793 | Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Upload a Web Shell to a Web Server.This issue affects RepairBuddy: from n/a through <= 3.8115. | 10.0 | 51.57% | 2024-11-11 | 2026-04-23 |
| CVE-2024-51788 | Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory noveldesign-store-directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through <= 4.3.0. | 10.0 | 62.13% | 2024-11-11 | 2026-04-23 |
| CVE-2024-43919 | Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10. | 5.3 | 84.54% | 2024-11-01 | 2024-11-13 |
| CVE-2024-50490 | Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through <= 1.0.2. | 9.8 | 52.44% | 2024-10-29 | 2026-04-23 |
| CVE-2024-50473 | Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through <= 3.1.3. | 10.0 | 61.50% | 2024-10-29 | 2026-04-23 |
| CVE-2024-50427 | Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects SurveyJS: from n/a through <= 1.9.136. | 9.9 | 69.65% | 2024-10-29 | 2026-04-23 |
| CVE-2024-50493 | Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation automatic-translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through <= 1.0.4. | 10.0 | 55.50% | 2024-10-29 | 2026-04-23 |