|
1071
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode_id' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-1838
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1072
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insuffic…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-4801
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1073
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL `custom_attributes` field in all versions up to, and including, 2…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-6048
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1074
|
8.8 |
HIGH
Network
|
-
|
-
|
The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `c…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6518
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1075
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_block shortcode in all versions up to, and including, 3.3.9 due to i…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-0894
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1076
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z_taxonomy_image' shortcode. This is due to the shortcode ren…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-2505
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1077
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due to insufficient input s…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-2986
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1078
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-0868
|
2026-04-23 05:22 |
2026-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1079
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scriptin…
Update
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6559
|
2026-04-23 05:22 |
2026-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1080
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param l…
Update
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-6560
|
2026-04-23 05:22 |
2026-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
