|
2571
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funp_…
|
CWE-352
Origin Validation Error
|
CVE-2026-7047
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2572
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is du…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-8608
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2573
|
7.2 |
HIGH
Network
|
-
|
-
|
The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_send_comm_email function. This is due to no file type,…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7537
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2574
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including, 4.1.4 via the 'import-user-file' param…
|
CWE-22
Path Traversal
|
CVE-2026-7565
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2575
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajax_load_mor…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7665
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2576
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] shortcode in versions up to, and including, 1.28.0. T…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8893
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2577
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2026-8900
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2578
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7…
|
CWE-862
Missing Authorization
|
CVE-2026-8976
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2579
|
7.2 |
HIGH
Network
|
-
|
-
|
The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8438
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2580
|
7.2 |
HIGH
Network
|
-
|
-
|
The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions …
|
CWE-79
Cross-site Scripting
|
CVE-2026-8901
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
