|
1051
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing aut…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-5502
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1052
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution…
Update
|
CWE-74
Injection
|
CVE-2026-5797
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1053
|
7.0 |
HIGH
Local
|
-
|
-
|
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has…
Update
|
CWE-426
CWE-427
Untrusted Search Path
Uncontrolled Search Path Element
|
CVE-2026-6421
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1054
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the compon…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6497
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1055
|
8.8 |
HIGH
Network
|
-
|
-
|
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and incl…
Update
|
CWE-22
Path Traversal
|
CVE-2026-3464
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1056
|
7.5 |
HIGH
Network
|
-
|
-
|
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insuffic…
Update
|
CWE-22
Path Traversal
|
CVE-2026-4659
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1057
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOpti…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-6441
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1058
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX de…
Update
|
CWE-352
Origin Validation Error
|
CVE-2026-6451
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1059
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videoze…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-6439
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1060
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manip…
Update
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6486
|
2026-04-23 05:22 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
