|
311
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] shortcode in versions up to, and including, 1.28.0. T…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8893
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input sanitization …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8900
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7…
New
|
CWE-862
Missing Authorization
|
CVE-2026-8976
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314
|
7.2 |
HIGH
Network
|
-
|
-
|
The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanit…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8438
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315
|
7.2 |
HIGH
Network
|
-
|
-
|
The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8901
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' parameter in all versions up to, and including, 1.2.0 …
New
|
CWE-89
SQL Injection
|
CVE-2026-8978
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_text' Settings in all versio…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8991
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated…
New
|
CWE-22
Path Traversal
|
CVE-2026-9197
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoice_id' parameter due to missing valid…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8611
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
320
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelist_unqprfx_ext_shortcode() function (the [pagelist_ext] /…
New
|
CWE-862
Missing Authorization
|
CVE-2026-9008
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
