|
661
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the `helpfulcrowd_validate_to…
New
|
CWE-843
Type Confusion
|
CVE-2026-8499
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
662
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is d…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8841
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
663
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute (and other attributes) of the romancart_button shortcode in versions up to, and i…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8880
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
664
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input san…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8882
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
665
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8883
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
666
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8895
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
667
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-8904
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
668
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-8910
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
669
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-leve…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-8940
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
670
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rc_o…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-8902
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
