|
561
|
5.8 |
MEDIUM
Network
|
-
|
-
|
The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input saniti…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6817
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
562
|
7.5 |
HIGH
Network
|
-
|
-
|
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker…
|
CWE-22
Path Traversal
|
CVE-2026-6320
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
563
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_svg' parameter in versions up to, and inclu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4790
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
564
|
7.1 |
HIGH
Network
|
-
|
-
|
The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to mis…
|
CWE-862
Missing Authorization
|
CVE-2026-4100
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
565
|
7.5 |
HIGH
Network
|
-
|
-
|
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions up to, and including, 1.13.18. This is due to in…
|
CWE-89
SQL Injection
|
CVE-2026-4062
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
566
|
7.5 |
HIGH
Network
|
-
|
-
|
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook …
|
CWE-89
SQL Injection
|
CVE-2026-4061
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
567
|
7.5 |
HIGH
Network
|
-
|
-
|
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user …
|
CWE-89
SQL Injection
|
CVE-2026-4060
|
2026-05-2 21:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
568
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. …
|
CWE-22
Path Traversal
|
CVE-2026-7627
|
2026-05-2 20:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
569
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument ID can lead to sql i…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7612
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
570
|
3.7 |
LOW
Network
|
-
|
-
|
A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-7611
|
2026-05-2 19:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
