|
1891
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the `qckply_data()` function passing the user-supplied `filename`…
|
CWE-22
Path Traversal
|
CVE-2026-2500
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1892
|
6.6 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7566
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1893
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to an…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-7792
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1894
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoice_id' parameter due to missing valid…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8611
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1895
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulatio…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-11408
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1896
|
4.4 |
MEDIUM
Local
|
-
|
-
|
A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument _disp…
|
CWE-22
Path Traversal
|
CVE-2026-11411
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1897
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [chat] shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to ins…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7795
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1898
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'retu…
|
CWE-862
Missing Authorization
|
CVE-2026-8502
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1899
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9280
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1900
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user i…
|
CWE-862
Missing Authorization
|
CVE-2026-7624
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
