|
221
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the opti…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-6400
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.1.7. This is due to missing nonce verification on the plugin's settings update fo…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-6401
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomify_api_key' parameter in versions up to and including 0.3.6. This is du…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6404
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224
|
8.8 |
HIGH
Network
|
-
|
-
|
The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the `rememberLogin` REST API endpoint using a loose compari…
New
|
CWE-287
Improper Authentication
|
CVE-2026-6456
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8038
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gc_crud() funct…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-8418
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
227
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-8419
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
228
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a func…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-8420
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
229
|
8.8 |
HIGH
Network
|
-
|
-
|
The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-7467
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
230
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of esc_s…
New
|
CWE-89
SQL Injection
|
CVE-2026-7472
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
