|
2021
|
8.8 |
HIGH
Network
|
-
|
-
|
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7654
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2022
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to A…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-10038
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2023
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1…
|
CWE-89
SQL Injection
|
CVE-2026-6448
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2024
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funp_…
|
CWE-352
Origin Validation Error
|
CVE-2026-7047
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2025
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is du…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-8608
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2026
|
7.2 |
HIGH
Network
|
-
|
-
|
The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_send_comm_email function. This is due to no file type,…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7537
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2027
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including, 4.1.4 via the 'import-user-file' param…
|
CWE-22
Path Traversal
|
CVE-2026-7565
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2028
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajax_load_mor…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7665
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2029
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] shortcode in versions up to, and including, 1.28.0. T…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8893
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2030
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2026-8900
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
