目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

Trustindex 厂商漏洞列表 / CVE 中文分析 8

Trustindex 厂商相关 8 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Trustindex 是一个专注于在线评论和反馈收集的平台,帮助企业和用户管理评价数据。历史上,该平台曾暴露多种安全漏洞,包括跨站脚本(XSS)、远程代码执行(RCE)和权限绕过等问题。截至最新统计,已记录8条CVE漏洞,多数涉及输入验证不足和身份认证缺陷。安全团队建议及时更新版本并实施严格的输入过滤机制,以防范潜在攻击。

上位製品 Trustindex: Widgets for Google Reviews Widgets for Social Photo Feed Widgets for Tiktok Feed Customer Reviews Collector for WooCommerce
CVE IDタイトルCVSS深刻度公開日
CVE-2025-14726 Widgets for Social Photo Feed <= 1.8 - Missing Authentication to Unauthenticated Plugin Settings Access/Update via trustindex_feed_hook_instagram REST API endpoints — Widgets for Social Photo FeedCWE-200 6.5 Medium2026-05-02
CVE-2026-5425 Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data — Widgets for Social Photo FeedCWE-79 7.2 High2026-04-04
CVE-2025-68595 WordPress Widgets for Social Photo Feed plugin <= 1.8 - Broken Access Control vulnerability — Widgets for Social Photo FeedCWE-862 5.3 Medium2025-12-24
CVE-2025-9436 Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode — Widgets for Google ReviewsCWE-79 6.4 Medium2025-12-11
CVE-2025-12510 Widgets for Google Reviews <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews — Widgets for Google ReviewsCWE-79 7.2 High2025-12-06
CVE-2025-12123 Customer Reviews Collector for WooCommerce <= 4.6.1 - Reflected Cross-Site Scripting — Customer Reviews Collector for WooCommerceCWE-79 6.1 Medium2025-11-27
CVE-2025-8906 Widgets for Tiktok Feed <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Widgets for Tiktok FeedCWE-79 6.4 Medium2025-09-26
CVE-2023-3254 Widgets for Google Reviews <= 10.9 - Cross-Site Request Forgery to Plugin Settings Reset — Widgets for Google ReviewsCWE-352 4.3 Medium2023-10-18

本页汇总了 Trustindex 厂商截至目前公开的全部 8 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。