|
551
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the ona_activate_child_theme. This makes it possible for authenticated attacker…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6812
|
2026-05-6 04:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
552
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sg_content_number_prefix' param…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-6916
|
2026-05-6 04:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
553
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Optio…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-5109
|
2026-05-6 04:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
554
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output esc…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-5110
|
2026-05-6 04:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
555
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-5111
|
2026-05-6 04:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
556
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output esc…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-5112
|
2026-05-6 04:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
557
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation me…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-5113
|
2026-05-6 04:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
558
|
7.2 |
HIGH
Network
|
-
|
-
|
The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scan_video. This makes …
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7049
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
559
|
7.2 |
HIGH
Network
|
-
|
-
|
The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs i…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6229
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
560
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circ…
Update
|
CWE-285
Improper Authorization
|
CVE-2026-6449
|
2026-05-6 04:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
