|
3211
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: …
|
CWE-89
SQL Injection
|
CVE-2026-42755
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3212
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp all…
|
CWE-22
Path Traversal
|
CVE-2026-42756
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3213
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects Webi…
|
CWE-22
Path Traversal
|
CVE-2026-42757
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3214
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-42758
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3215
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate S…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42759
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3216
|
7.5 |
HIGH
Network
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-42760
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3217
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows B…
|
CWE-89
SQL Injection
|
CVE-2026-42761
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3218
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42762
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3219
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Product Import Expo…
|
CWE-862
Missing Authorization
|
CVE-2026-48971
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3220
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion.
This issue affects…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-48972
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
