|
2311
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects S…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42738
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2312
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IniLerm Advanced IP Blocker advanced-ip-blocker allows DOM-Based XSS.This issue affects Advanced …
|
CWE-79
Cross-site Scripting
|
CVE-2026-42739
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2313
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a throu…
|
CWE-89
SQL Injection
|
CVE-2026-42740
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2314
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a …
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-42744
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2315
|
7.3 |
HIGH
Network
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-42745
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2316
|
7.3 |
HIGH
Network
|
-
|
-
|
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online O…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-42746
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2317
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects …
|
CWE-89
SQL Injection
|
CVE-2026-42747
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2318
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-42748
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2319
|
7.1 |
HIGH
Network
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issu…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-42749
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2320
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nexcess WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through <…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42750
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
