目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

Xylus Themes 厂商漏洞列表 / CVE 中文分析 11

Xylus Themes 厂商相关 11 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Xylus Themes 是一个专注于 WordPress 主题开发的项目,为用户提供多样化的网站模板。历史上,其产品曾频繁暴露跨站脚本(XSS)和远程代码执行(RCE)漏洞,主要源于输入验证不足和过时的依赖组件。截至最新统计,该项目已累计记录 11 条 CVE 漏洞,多数涉及权限绕过和敏感信息泄露问题。安全社区建议用户及时更新至最新版本,并实施严格的输入过滤机制以降低风险。

上位製品 Xylus Themes: WP Event Aggregator WP Smart Import WordPress Importer WP Bulk Delete XT Event Widget for Social Events Import Social Events
CVE IDタイトルCVSS深刻度公開日
CVE-2025-58192 WordPress WP Bulk Delete Plugin <= 1.3.6 - Broken Access Control Vulnerability — WP Bulk DeleteCWE-862 4.3 Medium2025-08-27
CVE-2025-47453 WordPress WP Smart Import plugin <= 1.1.3 - Local File Inclusion Vulnerability — WP Smart ImportCWE-98 8.1 High2025-05-23
CVE-2025-48256 WordPress Import Social Events plugin <= 1.8.5 - Cross Site Scripting (XSS) Vulnerability — Import Social EventsCWE-79 6.5 Medium2025-05-19
CVE-2025-47531 WordPress XT Event Widget for Social Events plugin <= 1.1.7 - Local File Inclusion Vulnerability — XT Event Widget for Social EventsCWE-98 7.5 High2025-05-07
CVE-2025-24700 WordPress WP Event Aggregator Plugin <= 1.8.2 - Reflected Cross Site Scripting (XSS) vulnerability — WP Event AggregatorCWE-79 7.1 High2025-02-14
CVE-2024-47352 WordPress WP Bulk Delete plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability — WP Bulk DeleteCWE-79 7.1 High2024-10-06
CVE-2024-38703 WordPress WP Event Aggregator plugin <= 1.7.9 - Cross Site Scripting (XSS) vulnerability — WP Event AggregatorCWE-79 6.5 Medium2024-07-20
CVE-2024-32597 WordPress WP Smart Import plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability — WordPress ImporterCWE-79 5.9 Medium2024-04-18
CVE-2024-31371 WordPress WP Event Aggregator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) vulnerability — WP Event AggregatorCWE-352 4.3 Medium2024-04-12
CVE-2024-30201 WordPress WP Smart Import plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability — WordPress ImporterCWE-79 7.1 High2024-03-27
CVE-2022-40209 WP Smart Import plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) — WP Smart ImportCWE-79 6.1 Medium2022-12-06

本页汇总了 Xylus Themes 厂商截至目前公开的全部 11 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。