聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-57376 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.4.3. | 7.1 | 0.18% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57375 | Missing Authorization vulnerability in FluxBuilder MStore API mstore-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MStore API: from n/a through <= 4.18.4. | 6.5 | 0.19% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57372 | Server-Side Request Forgery (SSRF) vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through <= 7.0. | 7.2 | 0.19% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57371 | Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through <= 7.0. | 8.8 | 0.36% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57369 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder: from n/a through <= 7.7.4. | 7.1 | 0.18% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57368 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.8.5. | 7.1 | 0.18% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57365 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Chandwani reCAPTCHA (v2 & v3) for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA (v2 & v3) for Asgaros Forum: from n/a through <= 1.1.0. | 6.5 | 0.22% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57364 | Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More better-payment allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More: from n/a through <= 2.2.0. | 6.5 | 0.26% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57363 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot chatbot allows Stored XSS.This issue affects ChatBot: from n/a through <= 8.3.7. | 7.1 | 0.18% | 2026-07-13 | 2026-07-13 |
| CVE-2026-57807 | Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO (OAuth Client): from n/a through 38.5.8. | 9.8 | 0.43% | 2026-07-10 | 2026-07-13 |
| CVE-2026-59520 | Cross-Site Request Forgery (CSRF) vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16. | 4.3 | 0.10% | 2026-07-05 | 2026-07-06 |
| CVE-2026-59519 | Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6. | 5.3 | 0.20% | 2026-07-05 | 2026-07-07 |
| CVE-2026-59511 | Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9. | 5.3 | 0.20% | 2026-07-05 | 2026-07-06 |
| CVE-2026-57766 | Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions. | 8.8 | 0.14% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57765 | Contributor SQL Injection in WP EasyCart <= 5.9.0 versions. | 8.5 | 0.22% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57764 | Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions. | 6.5 | 0.14% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57763 | Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions. | 6.5 | 0.14% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57762 | Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions. | 5.9 | 0.15% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57761 | Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions. | 7.1 | 0.09% | 2026-07-02 | 2026-07-02 |
| CVE-2026-57760 | Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29. | 5.3 | 0.18% | 2026-07-02 | 2026-07-02 |