|
541
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to miss…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7638
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
542
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in th…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-4658
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
543
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 via the 'ttp_get_accounts' AJAX action. This…
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-6446
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
544
|
8.8 |
HIGH
Network
|
-
|
-
|
The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_save_provider_config AJAX action in all versions up to, and including, 1.8. …
Update
|
CWE-862
Missing Authorization
|
CVE-2026-6963
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
545
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operato…
Update
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-7458
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
546
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Su…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7604
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
547
|
8.8 |
HIGH
Network
|
-
|
-
|
The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_extra_user_profile_fields()` function. Thi…
Update
|
CWE-269
Improper Privilege Management
|
CVE-2026-7641
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
548
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering the_title() insid…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-5077
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
549
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploi…
New
|
CWE-287
Improper Authentication
|
CVE-2026-27960
|
2026-05-6 04:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
550
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitizat…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-6447
|
2026-05-6 04:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
