|
1271
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cbox_options_pag…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-4118
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1272
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `cihub_metadata` shortcode in all versions up to, and including, 1.2.106 due to in…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4353
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1273
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ts` shortcode in all versions up to, and including, 0.0.1 due to insufficient input sanitization …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5748
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1274
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `slideShowProSC` shortcode in all versions up to, and including, 1.0.2 due to insufficient input…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5767
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1275
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rend…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5820
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1276
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers admin_post action hooks for creating tables (admin_post…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4119
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1277
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler …
New
|
CWE-352
Origin Validation Error
|
CVE-2026-4121
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1278
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. This is due to insufficient input sanit…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4125
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1279
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'table_manager' shortcode. The shortcode handler `tablemanag…
New
|
CWE-200
Information Exposure
|
CVE-2026-4126
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1280
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The delete_term() function, which handles the 'tpmcat…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4128
|
2026-04-23 05:22 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
