网安资讯详情 - SecLens 情报雷达

WordPress plugin Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) 跨站脚本漏洞

来源： cnnvd_vulnerability · 发布时间 2026-06-02 00:00 (UTC+08:00) · 抓取时间 2026-06-04 11:10 (UTC+08:00)

原文链接

摘要

WordPress plugin Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) 跨站脚本漏洞

正文

漏洞基本信息 漏洞名称 WordPress plugin Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) 跨站脚本漏洞 厂商 WordPress CNNVD编号 CNNVD-202606-580 危害等级 超危 CVE编号 CVE-2026-3722 漏洞类型 跨站脚本 收录时间 2026-06-02 更新时间 2026-06-03 漏洞简介 WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) 4.9及之前版本存在跨站脚本漏洞，该漏洞源于输入清理和输出转义不足，可能导致经过身份验证的攻击者注入任意Web脚本。 参考网址 来源:plugins.trac.wordpress.org 链接: https://plugins.trac.wordpress.org/browser/auto-image-attributes-from-filename-with-bulk-updater/tags/4.9/admin/columns-media-library.php#L50 来源:plugins.trac.wordpress.org 链接: https://plugins.trac.wordpress.org/browser/auto-image-attributes-from-filename-with-bulk-updater/tags/4.9/admin/do.php#L752 来源:www.wordfence.com 链接: https://www.wordfence.com/threat-intel/vulnerabilities/id/9696fae6-39fe-4478-90e7-488b5b573fa8?source=cve 官方补丁 暂无

标签

• cnnvd
• cnnvd:CNNVD-202606-580
• cve:CVE-2026-3722
• severity:critical
• vul_type:0

扩展字段

{
  "affected_vendor": "WordPress",
  "cnnvd_code": "CNNVD-202606-580",
  "create_time": "2026-06-03",
  "cve_code": "CVE-2026-3722",
  "detailed_publish_time": "2026-06-02 00:00:00",
  "detailed_update_time": "2026-06-03 00:00:00",
  "hazard_level": 3,
  "is_official": 1,
  "publish_time": "2026-06-02",
  "refer_url": "来源:plugins.trac.wordpress.org\r\n链接:https://plugins.trac.wordpress.org/browser/auto-image-attributes-from-filename-with-bulk-updater/tags/4.9/admin/columns-media-library.php#L50\r\n\r\n来源:plugins.trac.wordpress.org\r\n链接:https://plugins.trac.wordpress.org/browser/auto-image-attributes-from-filename-with-bulk-updater/tags/4.9/admin/do.php#L752\r\n\r\n来源:www.wordfence.com\r\n链接:https://www.wordfence.com/threat-intel/vulnerabilities/id/9696fae6-39fe-4478-90e7-488b5b573fa8?source=cve",
  "update_time": "2026-06-03",
  "vendor": "1015603",
  "vul_desc": "WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。\r\nWordPress plugin Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) 4.9及之前版本存在跨站脚本漏洞，该漏洞源于输入清理和输出转义不足，可能导致经过身份验证的攻击者注入任意Web脚本。",
  "vul_type": "0",
  "vul_type_name": "跨站脚本"
}