目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

wpdevteam 厂商漏洞列表 / CVE 中文分析 97

wpdevteam 厂商相关 97 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

wpdevteam 主要提供 WordPress 相关插件与主题开发服务。截至最新统计,其项目已收录 91 条 CVE,历史漏洞多集中于跨站脚本(XSS)、任意文件读取及未授权访问等类型,反映出输入验证与权限控制方面的不足。部分高危漏洞曾导致数据泄露风险,建议用户及时更新组件并严格审查第三方插件来源,以规避潜在的安全隐患。

CVE IDタイトルCVSS深刻度公開日
CVE-2026-10833 Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'configurablePrefix' Block Attribute — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 6.4 Medium2026-06-25
CVE-2026-12157 BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute — BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with ChatbotCWE-79 6.4 Medium2026-06-19
CVE-2026-7796 EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute — EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & moreCWE-79 6.4 Medium2026-06-06
CVE-2026-7665 Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-639 5.3 Medium2026-06-06
CVE-2026-10586 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-918 7.2 High2026-06-04
CVE-2026-5193 Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation via register_user — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-269 6.5 Medium2026-05-14
CVE-2026-4658 Gutenberg Essential Blocks <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 6.4 Medium2026-05-02
CVE-2026-6393 BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage — BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block EditorCWE-862 4.3 Medium2026-04-24
CVE-2026-3875 BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block EditorCWE-79 6.4 Medium2026-04-16
CVE-2026-1512 Essential Addons for Elementor <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2026-02-14
CVE-2025-15380 NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview' — NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification BarCWE-79 7.2 High2026-01-20
CVE-2026-0554 NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset — NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification BarCWE-862 4.3 Medium2026-01-20
CVE-2026-1004 Essential Addons for Elementor <= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information Exposure — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-862 5.3 Medium2026-01-16
CVE-2026-0831 Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write — Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!CWE-863 5.3 Medium2026-01-10
CVE-2025-14980 BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure — BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block EditorCWE-200 6.5 Medium2026-01-09
CVE-2025-13977 Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2025-12-17
CVE-2025-11369 Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-862 4.3 Medium2025-12-17
CVE-2025-11270 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 6.4 Medium2025-10-18
CVE-2025-11361 Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-918 6.4 Medium2025-10-18
CVE-2025-7499 BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure — BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block EditorCWE-862 5.3 Medium2025-08-16
CVE-2025-8451 Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'data-gallery-items' — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2025-08-15
CVE-2025-6244 Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Calendar` And `Business Reviews` Widgets — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2025-07-08
CVE-2024-9993 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2025-06-07
CVE-2024-9994 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Pricing Table Widget — Essential Addons for Elementor – Popular Elementor Templates & WidgetsCWE-79 6.4 Medium2025-06-07
CVE-2025-4682 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider and Post Carousel Widgets — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 6.4 Medium2025-05-27
CVE-2025-1664 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 6.4 Medium2025-03-08
CVE-2024-13803 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 6.4 Medium2025-02-26
CVE-2024-12045 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & PatternsCWE-79 4.4 Medium2025-01-08
CVE-2024-11727 NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting — NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification BarCWE-79 4.4 Medium2024-12-12
CVE-2024-11203 EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name' — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & moreCWE-79 6.4 Medium2024-11-28

本页汇总了 wpdevteam 厂商截至目前公开的全部 97 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。