|
741
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function in all versions up to, and including, 2.0.11. This makes it possib…
New
|
CWE-862
Missing Authorization
|
CVE-2026-12471
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
742
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'upload_csv' and 'process_batch' functions in all versions up to, and i…
New
|
CWE-862
Missing Authorization
|
CVE-2026-3462
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
743
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Product SKU in all version…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-11783
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
744
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, an…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-11987
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
745
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfs_update_failed_payment_status AJAX action. The handler is regis…
New
|
CWE-862
Missing Authorization
|
CVE-2026-12432
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
746
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panels_data Parameter in all versions up to, and including, 2.34.3 due to insufficient input sanit…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-13295
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
747
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not pr…
New
|
CWE-862
Missing Authorization
|
CVE-2026-9233
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
748
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authent…
New
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-9242
|
2026-06-30 03:40 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
749
|
8.1 |
HIGH
Network
|
-
|
-
|
The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfm_d…
New
|
CWE-73
External Control of File Name or Path
|
CVE-2026-8095
|
2026-06-30 03:40 |
2026-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
750
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Simple U…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-57676
|
2026-06-30 03:39 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|