|
11
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/…
New
|
CWE-200
Information Exposure
|
CVE-2026-3504
|
2026-05-2 23:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
8.1 |
HIGH
Network
|
-
|
-
|
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and incl…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-2554
|
2026-05-2 23:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwcty_current_date' shortcode in all versions up to, and includ…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-0703
|
2026-05-2 23:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. …
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7628
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
5.8 |
MEDIUM
Network
|
-
|
-
|
The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input saniti…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6817
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
5.5 |
MEDIUM
Local
|
-
|
-
|
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-6525
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
7.5 |
HIGH
Network
|
-
|
-
|
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker…
New
|
CWE-22
Path Traversal
|
CVE-2026-6320
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_svg' parameter in versions up to, and inclu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4790
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
7.1 |
HIGH
Network
|
-
|
-
|
The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to mis…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4100
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
7.5 |
HIGH
Network
|
-
|
-
|
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions up to, and including, 1.13.18. This is due to in…
New
|
CWE-89
SQL Injection
|
CVE-2026-4062
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
