目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

spicethemes 厂商漏洞列表 / CVE 中文分析 11

spicethemes 厂商相关 11 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Spicethemes 是一个专注于开发 WordPress 主题和插件的厂商,其产品旨在为用户提供网站定制化解决方案。历史上,该厂商的产品曾多次曝出安全漏洞,主要包括跨站脚本(XSS)、远程代码执行(RCE)和权限绕过等类型。截至最新统计,其产品已累计记录 11 条 CVE 漏洞,主要集中在输入验证不足和权限控制缺陷等方面。安全研究人员建议用户及时更新至最新版本,并定期进行安全审计以防范潜在风险。

上位製品 spicethemes: NewsBlogger Spice Starter Sites Newscrunch Spice Blocks Carousel, Recent Post Slider and Banner Slider SpicePress
CVE IDタイトルCVSS深刻度公開日
CVE-2026-39621 WordPress SpicePress theme <= 2.3.2.5 - CSRF to Arbitrary Plugin Installation vulnerability — SpicePressCWE-352 8.8 High2026-04-08
CVE-2025-12821 NewsBlogger <= 0.2.5.6 - 0.2.6.1 - Cross-Site Request Forgery to Arbitrary Plugin Installation — NewsBloggerCWE-352 8.8 High2026-02-19
CVE-2025-48130 WordPress Spice Blocks plugin <= 2.0.7.4 - Arbitrary File Download vulnerability — Spice BlocksCWE-22 7.5 High2025-06-09
CVE-2025-1304 NewsBlogger <= 0.2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload — NewsBloggerCWE-862 8.8 High2025-05-01
CVE-2025-1305 NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation — NewsBloggerCWE-352 8.8 High2025-05-01
CVE-2025-39532 WordPress Spice Blocks plugin <= 2.0.7.7 - Broken Access Control vulnerability — Spice BlocksCWE-862 7.5 High2025-04-17
CVE-2025-1307 Newscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload — NewscrunchCWE-862 9.8 Critical2025-03-04
CVE-2025-1306 Newscrunch <= 1.8.4 - Cross-Site Request Forgery to Arbitrary File Upload — NewscrunchCWE-352 8.8 High2025-03-04
CVE-2024-8430 Spice Starter Sites <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content Import — Spice Starter SitesCWE-862 5.3 Medium2024-10-01
CVE-2024-44003 WordPress Spice Starter Sites plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability — Spice Starter SitesCWE-79 7.1 High2024-09-17
CVE-2023-5362 Carousel, Recent Post Slider and Banner Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Carousel, Recent Post Slider and Banner SliderCWE-79 6.4 Medium2023-10-30

本页汇总了 spicethemes 厂商截至目前公开的全部 11 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。