|
2331
|
7.1 |
HIGH
Network
|
-
|
-
|
Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Att…
|
CWE-89
SQL Injection
|
CVE-2019-25759
|
2026-06-23 03:39 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2332
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' b…
|
-
|
CVE-2026-9822
|
2026-06-23 03:38 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2333
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functi…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2019-25763
|
2026-06-23 03:38 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2334
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token…
|
-
|
CVE-2026-10530
|
2026-06-23 03:38 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2335
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which c…
|
-
|
CVE-2026-4110
|
2026-06-23 03:38 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2336
|
7.1 |
HIGH
Network
|
-
|
-
|
The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which c…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4259
|
2026-06-23 03:38 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2337
|
7.1 |
HIGH
Network
|
-
|
-
|
The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator
|
CWE-79
Cross-site Scripting
|
CVE-2026-6858
|
2026-06-23 03:38 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2338
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such a…
|
CWE-862
Missing Authorization
|
CVE-2026-7859
|
2026-06-23 03:38 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2339
|
8.8 |
HIGH
Network
|
-
|
-
|
The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a cus…
|
CWE-269
Improper Privilege Management
|
CVE-2026-8157
|
2026-06-23 03:38 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2340
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter…
|
CWE-89
SQL Injection
|
CVE-2017-20255
|
2026-06-23 03:37 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
