PublishPress 厂商漏洞列表 / CVE 中文分析 19

PublishPress 厂商相关 19 条 CVE 漏洞，含 AI 中文分析、POC、CVSS 评分与受影响产品。

PublishPress 是一款 WordPress 内容发布管理插件，帮助用户优化内容发布流程和权限控制。历史上，该插件曾存在多个安全漏洞，主要包括跨站脚本(XSS)、权限绕过和远程代码执行(RCE)等类型。安全研究人员曾发现其早期版本存在输入验证不足问题，导致未授权用户可执行恶意操作。截至最新统计，该项目已记录 19 条 CVE 漏洞，建议用户及时更新至最新版本以降低安全风险。

上位製品 PublishPress: PublishPress Authors Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes Gutenberg Blocks Post Expirator PublishPress Revisions Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors PublishPress Blocks – Block Controls, Block Visibility, Block Permissions PublishPress Capabilities

CVEs 19

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2026-5247	Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'wrapper' Shortcode Attribute — Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change CategoriesCWE-79	5.5	Medium	2026-05-05
CVE-2026-39482	WordPress Post Expirator plugin <= 4.9.4 - Cross Site Scripting (XSS) vulnerability — Post ExpiratorCWE-79	6.5	Medium	2026-04-08
CVE-2026-32539	WordPress PublishPress Revisions plugin <= 3.7.23 - SQL Injection vulnerability — PublishPress RevisionsCWE-89	9.3	Critical	2026-03-25
CVE-2026-25309	WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability — PublishPress AuthorsCWE-862	7.5	High	2026-03-25
CVE-2026-32394	WordPress PublishPress Capabilities plugin <= 2.31.0 - Broken Access Control vulnerability — PublishPress CapabilitiesCWE-862	4.3	Medium	2026-03-13
CVE-2026-25330	WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability — PublishPress AuthorsCWE-862	4.3	Medium	2026-02-19
CVE-2026-25322	WordPress PublishPress Revisions plugin <= 3.7.22 - Cross Site Request Forgery (CSRF) vulnerability — PublishPress RevisionsCWE-352	5.4	Medium	2026-02-19
CVE-2025-14718	Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow Manipulation — Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change CategoriesCWE-862	5.4	Medium	2026-01-09
CVE-2025-69361	WordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerability — Post ExpiratorCWE-862	4.3	Medium	2026-01-06
CVE-2025-13741	Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) Authors' Emails Exposure — Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change CategoriesCWE-862	4.3	Medium	2025-12-16
CVE-2025-13149	Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.1 - Authenticated (Author+) Missing Authorization to Post/Page Status Modification — Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change CategoriesCWE-862	4.3	Medium	2025-11-21
CVE-2025-8588	Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — PublishPress Blocks – Block Controls, Block Visibility, Block PermissionsCWE-79	6.4	Medium	2025-10-25
CVE-2025-48332	WordPress Gutenberg Blocks <= 3.3.1 - Local File Inclusion Vulnerability — Gutenberg BlocksCWE-98	7.5	High	2025-08-14
CVE-2025-49032	WordPress Gutenberg Blocks plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerability — Gutenberg BlocksCWE-79	6.5	Medium	2025-07-03
CVE-2025-47496	WordPress PublishPress Authors plugin <= 4.7.5 - Local File Inclusion Vulnerability — PublishPress AuthorsCWE-98	7.5	High	2025-05-07
CVE-2025-26886	WordPress PublishPress Authors plugin <= 4.7.3 - SQL Injection vulnerability — PublishPress AuthorsCWE-89	7.6	High	2025-03-15
CVE-2024-11154	PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure — PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content ChangesCWE-862	4.3	Medium	2024-11-20
CVE-2024-9215	Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover — Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress AuthorsCWE-639	8.8	High	2024-10-17
CVE-2024-9436	PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.14 - Reflected Cross-Site Scripting — PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content ChangesCWE-79	6.1	Medium	2024-10-11

本页汇总了 PublishPress 厂商截至目前公开的全部 19 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接，并附带 AI 生成的中文分析以便快速判断风险。

目標達成 すべての支援者に感謝 — 100%達成しました！

PublishPress 厂商漏洞列表 / CVE 中文分析 19

目標達成すべての支援者に感謝 — 100%達成しました！