|
731
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpm_point' Post Meta in all versions up to, and including, 1.2.6 due to insufficient inp…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-13335
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
732
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdq_validate_nonce function. This …
New
|
CWE-352
Origin Validation Error
|
CVE-2026-13422
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
733
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly veri…
New
|
CWE-862
Missing Authorization
|
CVE-2026-12404
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
734
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'query[select]' Parameter in all versions up to, and including, 4.5.5 due t…
New
|
CWE-89
SQL Injection
|
CVE-2026-13333
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
735
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_account() AJAX action in versions up to, and including, 1…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-12415
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
736
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input san…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-13245
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
737
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a miss…
New
|
CWE-862
Missing Authorization
|
CVE-2026-11364
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
738
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to ins…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-11597
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
739
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is due to the plugin not pr…
New
|
CWE-862
Missing Authorization
|
CVE-2026-11773
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
740
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.8.0 due to i…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-12399
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|