|
31
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering the_title() insid…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5077
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
5.5 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The exploit is now public a…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7608
|
2026-05-2 18:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
7.2 |
HIGH
Network
|
-
|
-
|
The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce v…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5324
|
2026-05-2 18:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX action in all versio…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4024
|
2026-05-2 18:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
7.5 |
HIGH
Network
|
-
|
-
|
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in al…
New
|
CWE-89
SQL Injection
|
CVE-2026-7649
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads t…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7607
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
3.7 |
LOW
Network
|
-
|
-
|
A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of …
New
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-7606
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' parameter in all versions up to, and including, 1.13.19 due to insufficient escapi…
New
|
CWE-89
SQL Injection
|
CVE-2026-6457
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
39
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circ…
New
|
CWE-285
Improper Authorization
|
CVE-2026-6449
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
7.2 |
HIGH
Network
|
-
|
-
|
The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs i…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6229
|
2026-05-2 17:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
