WordPress 安全

WordPress Linux Promotional Plugin plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

WordPress Anber Elementor 附加插件 <= 1.0.1 - 認證 (貢獻者+) 儲存型跨站腳本攻擊透過旋轉木馬按鈕連結漏洞

插件名稱 圖示工廠 漏洞類型 未經身份驗證的文件刪除 CVE 編號 CVE-2025-7778 緊急程度 高 CVE 發布日期…

Plugin Name Last.fm Recent Album Artwork Type of Vulnerability CSRF and XSS CVE Number CVE-2025-7684 Urgency Low CVE…

Plugin Name Embed Bokun Type of Vulnerability Authenticated Stored XSS CVE Number CVE-2025-6221 Urgency Low CVE Publish Date…

Plugin Name weichuncai(WP伪春菜) Type of Vulnerability Stored XSS CVE Number CVE-2025-7686 Urgency Medium CVE Publish Date 2025-08-15 Source…

WordPress 外掛 README Parser <= 1.3.15 - 經身份驗證的 (貢獻者+) 儲存型跨站腳本攻擊透過目標參數漏洞

WordPress NextGEN Gallery 插件 <= 1.0.9 - 未經身份驗證的任意目錄刪除漏洞

WordPress Al Pack插件 <= 1.0.2 - 缺少通過check_activate_permission函數進行未經身份驗證的高級功能激活的授權漏洞

WordPress Surbma | Recent Comments Shortcode plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability