|
1151
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkin_place_id' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization a…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1559
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1152
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode_id' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1838
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1153
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4801
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1154
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL `custom_attributes` field in all versions up to, and including, 2…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6048
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1155
|
8.8 |
HIGH
Network
|
-
|
-
|
The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `c…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6518
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1156
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_block shortcode in all versions up to, and including, 3.3.9 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-0894
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1157
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z_taxonomy_image' shortcode. This is due to the shortcode ren…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2505
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1158
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due to insufficient input s…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2986
|
2026-04-23 05:22 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1159
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due…
|
CWE-79
Cross-site Scripting
|
CVE-2026-0868
|
2026-04-23 05:22 |
2026-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1160
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scriptin…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6559
|
2026-04-23 05:22 |
2026-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
