|
591
|
8.1 |
HIGH
Network
|
-
|
-
|
The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybe_unserialize() function on the atta…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7647
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
592
|
7.2 |
HIGH
Network
|
-
|
-
|
The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scan_video. This makes …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7049
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
593
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sg_content_number_prefix' param…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6916
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
594
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the ona_activate_child_theme. This makes it possible for authenticated attacker…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6812
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
595
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitizat…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6447
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
596
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation me…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5113
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
597
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output esc…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5112
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
598
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden …
|
CWE-79
Cross-site Scripting
|
CVE-2026-5111
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
599
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output esc…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5110
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
600
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Optio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5109
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
