|
1161
|
4.7 |
MEDIUM
Network
|
-
|
-
|
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5721
|
2026-04-23 05:22 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1162
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on th…
New
|
CWE-89
SQL Injection
|
CVE-2026-6674
|
2026-04-23 05:22 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1163
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insuffici…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-6675
|
2026-04-23 05:22 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1164
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properl…
New
|
CWE-862
Missing Authorization
|
CVE-2026-6703
|
2026-04-23 05:22 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1165
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filter_input()…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6711
|
2026-04-23 05:22 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1166
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6712
|
2026-04-23 05:22 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1167
|
7.2 |
HIGH
Network
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0.
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-39467
|
2026-04-23 05:22 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1168
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. The attack may be initiated rem…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6743
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1169
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6744
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1170
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripti…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6745
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
