|
751
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5159
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
752
|
7.2 |
HIGH
Network
|
-
|
-
|
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX action in all versions up to, and inclu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4803
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
753
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox `data-caption` attributes in all versions up to, and including, 2.7.10. This is due to the …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4665
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
754
|
7.5 |
HIGH
Network
|
-
|
-
|
The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1…
New
|
CWE-89
SQL Injection
|
CVE-2026-3456
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
755
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the import_images() fun…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-2948
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
756
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitizati…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6704
|
2026-05-5 12:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
757
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admi…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-6702
|
2026-05-5 12:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
758
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-6701
|
2026-05-5 12:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
759
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the settings_page_…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-6700
|
2026-05-5 12:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
760
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'first_name', 'last_name', and 'phone' parameters on the plugin's sign-up admin page in…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6696
|
2026-05-5 12:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
