|
351
|
8.8 |
HIGH
Network
|
-
|
-
|
The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via…
|
CWE-94
Code Injection
|
CVE-2026-2052
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMu…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7605
|
2026-05-2 16:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: fix pass-by-value structs causing MSAN warnings
vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into() take their…
|
-
|
CVE-2026-43058
|
2026-05-2 16:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: ctxfi: Fix missing SPDIFI1 index handling
SPDIF1 DAIO type isn't properly handled in daio_device_index() for
hw20k2, and it…
|
-
|
CVE-2026-31776
|
2026-05-2 16:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
8.1 |
HIGH
Network
|
-
|
-
|
The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybe_unserialize() function on the atta…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7647
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
7.2 |
HIGH
Network
|
-
|
-
|
The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scan_video. This makes …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7049
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sg_content_number_prefix' param…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6916
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the ona_activate_child_theme. This makes it possible for authenticated attacker…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6812
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitizat…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6447
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation me…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5113
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
