|
1621
|
7.5 |
HIGH
Network
|
-
|
-
|
Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins() functio…
|
CWE-78
OS Command
|
CVE-2026-40519
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1622
|
7.1 |
HIGH
Network
|
-
|
-
|
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by su…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-49141
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1623
|
3.5 |
LOW
Network
|
-
|
-
|
The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block template code fields, allowing administrato…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8981
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1624
|
- |
|
-
|
-
|
SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be a…
|
CWE-89
SQL Injection
|
CVE-2026-10731
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1625
|
8.2 |
HIGH
Network
|
-
|
-
|
Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST pa…
|
CWE-89
SQL Injection
|
CVE-2016-20062
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1626
|
7.1 |
HIGH
Network
|
-
|
-
|
Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attac…
|
CWE-89
SQL Injection
|
CVE-2016-20063
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1627
|
6.2 |
MEDIUM
Local
|
-
|
-
|
WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attacke…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2016-20064
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1628
|
8.2 |
HIGH
Network
|
-
|
-
|
Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selec…
|
CWE-89
SQL Injection
|
CVE-2016-20065
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1629
|
8.2 |
HIGH
Network
|
-
|
-
|
WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code th…
|
CWE-89
SQL Injection
|
CVE-2017-20243
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1630
|
8.2 |
HIGH
Network
|
-
|
-
|
Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. …
|
CWE-89
SQL Injection
|
CVE-2017-20244
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
