|
1031
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to i…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-9280
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1032
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user i…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-7624
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1033
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoice_id' parameter due to missing valid…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8611
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1034
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulatio…
Update
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-11408
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1035
|
4.4 |
MEDIUM
Local
|
-
|
-
|
A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument _disp…
Update
|
CWE-22
Path Traversal
|
CVE-2026-11411
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1036
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can…
Update
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-11412
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1037
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership v…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8839
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1038
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due …
Update
|
CWE-117
Improper Output Neutralization for Logs
|
CVE-2026-9016
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1039
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'location_messages' parameter in all…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-9594
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1040
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compact_album_order_by' Shortcode Parameter in all versions up to, and i…
Update
|
CWE-89
SQL Injection
|
CVE-2026-9829
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
