|
961
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_kcseo_ative_tab` parameter in all versions up to, and including, 2.8.1 due to insufficien…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-3604
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
962
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the `wpsbd_post_carousel` shortcode in all versions up to, and including, 1.0.0 du…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4859
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
963
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4920
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
964
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the `pp-get-articles` AJAX action in all versions up to, and includ…
New
|
CWE-89
SQL Injection
|
CVE-2026-5028
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
965
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fancy-img-show` shortcode in all versions up to, and including, 9.1 due to insufficient input …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5340
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
966
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr_review() AJAX handler la…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4301
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
967
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The iPOSpays Gateways WC plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.3.7. This is due to the plugin exposing a REST API endpoint /wp-json/ipospays/v1…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4663
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
968
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saab_cancel_booking(…
New
|
CWE-862
Missing Authorization
|
CVE-2026-5693
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
969
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insuffic…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5715
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
970
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient inp…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6237
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
