|
2691
|
8.8 |
HIGH
Network
|
-
|
-
|
The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for aut…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-7522
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2692
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This mak…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7637
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2693
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2955
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2694
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insuffic…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6566
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2695
|
8.8 |
HIGH
Network
|
-
|
-
|
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. Th…
|
CWE-862
Missing Authorization
|
CVE-2026-5200
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2696
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in versions up to and including 0.…
|
CWE-352
Origin Validation Error
|
CVE-2026-6405
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2697
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get_stream_data()' function. This makes it possible for una…
|
CWE-200
Information Exposure
|
CVE-2026-6728
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2698
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Stored XSS.
This issue affects Visualizer: from n/a before 4.0.0.
|
CWE-79
Cross-site Scripting
|
CVE-2026-24573
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2699
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WpBookingly: from n/a through 1.2.9.
|
CWE-862
Missing Authorization
|
CVE-2026-27405
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2700
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Image Photo Gallery F…
|
CWE-862
Missing Authorization
|
CVE-2026-27424
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
