漏洞描述
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Comments Import & Export 2.4.3及之前版本存在跨站脚本漏洞,该漏洞源于能力检查缺失和清理转义不足,可能导致跨站脚本攻击。
WordPress plugin Comments Import & Export 跨站脚本漏洞
PoC代码
暂无相关漏洞推荐
- AstrBot /api/plugin/install-upload 命令执行漏洞(CVE-2025-55449)
- WordPress Kognetiks Chatbot for WordPress <= 2.0.0 任意文件上传漏洞
- WordPress Verbalize WP 存在任意文件上传漏洞(CVE-2024-49668)
- POC CVE-2021-4374: WordPress Automatic Plugin - Unauthenticated Options Change
- POC CVE-2025-11749: WordPress AI Engine Plugin - Token Exposure
- 孚盟云 /PagePopWindow/MailSpread/ExportExData.aspx SQL 注入漏洞
- WordPress WooCommerce Designer Pro 插件 /wp-admin/admin-ajax.php wcdp_save_canvas_design_ajax 文件上传漏洞(CVE-2025-6440)
- POC CVE-2025-4302: Stop User Enumeration WordPress plugin - Authentication Bypass
- WordPress Google for WooCommerce /wp-content/plugins/google-listings-and-ads/vendor/googleads/google-ads-php/scripts/print_php_information.php 信息泄露漏洞(CVE-2024-10486)
- WordPress Events Manager /wp-admin/admin-ajax.php SQL 注入漏洞(CVE-2025-6970)
- Trinity Audio /wp-content/plugins/trinity-audio/admin/inc/phpinfo.php 信息泄露漏洞(CVE-2025-9196)
- 金和OA ImportGuide2Xml.aspx XXE漏洞
- 金和OA ImportXml.aspx 存在XML注入漏洞