更新: 270 个文件 - 2026-03-28 03:48:48

08-threat-intel/registry/entities/wordpress.json

@@ -12,10 +12,10 @@
   "repo_url": "",
   "package_registry": "",
   "marketplace_url": "",
-  "latest_version": "51.1.49",
+  "latest_version": "28.1.5",
   "version_scheme": "vendor",
   "latest_release_at": "",
-  "latest_release_url": "https://patchstack.com/database/wordpress/plugin/king-addons/vulnerability/wordpress-king-addons-for-elementor-plugin-51-1-49-unauthenticated-api-keys-disclosure-vulnerability",
+  "latest_release_url": "https://patchstack.com/database/wordpress/plugin/contest-gallery/vulnerability/wordpress-contest-gallery-plugin-28-1-5-unauthenticated-privilege-escalation-admin-account-takeover-via-registration-confirmation-email-to-id-type-confusion-vulnerability",
   "version_source_refs": [
     "https://wpscan.com/blog/object-injection-vulnerability-fixed-in-seopress-7-9/",
     "https://patchstack.com/database/wordpress/plugin/ft-rockpress/vulnerability/wordpress-rockpress-plugin-1-0-17-missing-authorization-to-authenticated-subscriber-arbitrary-modification-via-ajax-actions-vulnerability",
@@ -59,11 +59,18 @@
     "https://patchstack.com/database/wordpress/plugin/sina-extension-for-elementor/vulnerability/wordpress-sina-extension-for-elementor-plugin-3-7-0-authenticated-contributor-stored-cross-site-scripting-via-fancy-text-widget-and-countdown-widget-vulnerability",
     "https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-8-6-1-unauthenticated-sql-injection-via-listing-grid-filtered-query-parameter-vulnerability",
     "https://wordpress.org/news/2025/06/dropping-security-updates-for-wordpress-versions-4-1-through-4-6/",
-    "https://patchstack.com/database/wordpress/plugin/smart-slider-3/vulnerability/wordpress-smart-slider-3-plugin-3-5-1-33-authenticated-subscriber-arbitrary-file-read-via-actionexportall-vulnerability"
+    "https://patchstack.com/database/wordpress/plugin/smart-slider-3/vulnerability/wordpress-smart-slider-3-plugin-3-5-1-33-authenticated-subscriber-arbitrary-file-read-via-actionexportall-vulnerability",
+    "https://patchstack.com/database/wordpress/plugin/contest-gallery/vulnerability/wordpress-contest-gallery-plugin-28-1-5-unauthenticated-privilege-escalation-admin-account-takeover-via-registration-confirmation-email-to-id-type-confusion-vulnerability",
+    "https://patchstack.com/database/wordpress/plugin/bwl-advanced-faq-manager-lite/vulnerability/wordpress-bwl-advanced-faq-manager-lite-plugin-1-1-1-authenticated-contributor-stored-cross-site-scripting-via-sbox-id-shortcode-attribute-vulnerability",
+    "https://patchstack.com/database/wordpress/plugin/pagelayer/vulnerability/wordpress-pagelayer-plugin-2-0-7-improper-neutralization-of-crlf-sequences-to-unauthenticated-email-header-injection-via-email-vulnerability",
+    "https://patchstack.com/database/wordpress/plugin/quick-adsense-reloaded/vulnerability/wordpress-quads-ads-manager-for-google-adsense-plugin-2-0-98-1-authenticated-contributor-stored-cross-site-scripting-via-multiple-ad-metadata-parameters-vulnerability",
+    "https://patchstack.com/database/wordpress/plugin/pepro-ultimate-invoice/vulnerability/wordpress-peprodev-ultimate-invoice-plugin-2-2-6-unauthenticated-invoice-archive-download-vulnerability",
+    "https://patchstack.com/database/wordpress/plugin/simple-download-counter/vulnerability/wordpress-simple-download-counter-plugin-2-3-authenticated-contributor-stored-cross-site-scripting-via-text-shortcode-attribute-vulnerability",
+    "https://patchstack.com/database/wordpress/plugin/dsgvo-leaflet-map/vulnerability/wordpress-dsgvo-snippet-for-leaflet-map-and-its-extensions-plugin-3-1-authenticated-contributor-stored-cross-site-scripting-via-unset-attribute-vulnerability"
   ],
   "version_sync_status": "green",
   "security_version_count": 55,
-  "last_version_synced_at": "2026-03-27T09:30:51+00:00",
+  "last_version_synced_at": "2026-03-28T09:18:16+00:00",
   "latest_version_evidence": [
     "WPScan Vulnerability Database",
     "Patchstack Database",