最新预警列表

HIGH NVD Recent 2026-06-18

CVE-2026-11395:The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and includin

The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pull_the_trigger. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations ori

MEDIUM NVD Recent 2026-06-18

CVE-2026-11777:The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied

MEDIUM NVD Recent 2026-06-18

CVE-2026-10736:The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of

MEDIUM NVD Recent 2026-06-18

CVE-2026-12136:The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysb

The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasics_user_avatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escapin

MEDIUM NVD Recent 2026-06-18

CVE-2026-12111:The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to,

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabc_appointments_c

LOW NVD Recent 2026-06-18

CVE-2026-12102:The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPre

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the 'user_id' parameter due to mi

MEDIUM NVD Recent 2026-06-18

CVE-2026-12098:The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'embed

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'embed' Episode Meta Field in all versions up to, and including, 11.16.8 due to insufficient input sanitization and output escaping. This mak

MEDIUM NVD Recent 2026-06-18

CVE-2026-12120:The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'form_id' parameter. This makes it possible for unauthenticated attackers

MEDIUM NVD Recent 2026-06-18

CVE-2026-12093:The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4

The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unaut

MEDIUM NVD Recent 2026-06-18

CVE-2026-11784:The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vuln

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation

MEDIUM NVD Recent 2026-06-18

CVE-2026-11402:The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cr

The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'link' Block Attribute in all versions up to, and including, 1.4.4 due to insufficient input sanitization and ou

MEDIUM NVD Recent 2026-06-18

CVE-2026-11360:The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sort_dire

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sort_direction' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of s

MEDIUM NVD Recent 2026-06-18

CVE-2026-11358:The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulne

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.6 due to insufficient input sanitizat

MEDIUM NVD Recent 2026-06-18

CVE-2026-11357:The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Informati

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editor_assets_variables. This makes it possible for authenticated attac

MEDIUM NVD Recent 2026-06-18

CVE-2026-10029:The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitiv

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the get_events. This makes it possible for unauthenticated at

站内所有资源、漏洞预警、工具与专题内容仅面向企业授权自测、合规研究与安全运维使用。本站不提供可直接用于非法攻击的程序、载荷或黑产平台入口。