|
1231
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data.
This issue affects Happy Addons…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-25468
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1232
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects YITH WooC…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-27329
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1233
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects PDF Poster: from n/a through 2.4.1.
|
CWE-862
Missing Authorization
|
CVE-2026-27416
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1234
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.
This issue affects Royal Elementor Addons: fro…
|
CWE-79
Cross-site Scripting
|
CVE-2026-27421
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1235
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the `processRequest()` method in `Forminator_Admin_Module_Edit_…
|
CWE-862
Missing Authorization
|
CVE-2026-6222
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1236
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the nonce_permiss…
|
CWE-862
Missing Authorization
|
CVE-2026-4807
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1237
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function in library/cla…
|
CWE-862
Missing Authorization
|
CVE-2026-6214
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1238
|
7.5 |
HIGH
Network
|
-
|
-
|
The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_docs` and `docs_sort_by_letter` AJAX actions in all versions up to, and including, 3.7.0. This is du…
|
CWE-89
SQL Injection
|
CVE-2026-4348
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1239
|
8.8 |
HIGH
Network
|
-
|
-
|
The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient fil…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6692
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1240
|
8.1 |
HIGH
Network
|
-
|
-
|
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validat…
|
CWE-22
Path Traversal
|
CVE-2026-7252
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
