|
2161
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [chat] shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to ins…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7795
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2162
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'retu…
|
CWE-862
Missing Authorization
|
CVE-2026-8502
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2163
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9280
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2164
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user i…
|
CWE-862
Missing Authorization
|
CVE-2026-7624
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2165
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership v…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8839
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2166
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-11412
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2167
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The at…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-11435
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2168
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mage_ai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performi…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-11436
|
2026-06-8 23:57 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2169
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due …
|
CWE-117
Improper Output Neutralization for Logs
|
CVE-2026-9016
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2170
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'location_messages' parameter in all…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9594
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
