|
1
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output esc…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9104
|
2026-05-22 14:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
8.8 |
HIGH
Network
|
-
|
-
|
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the `easyel_handle_register()` …
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-9018
|
2026-05-22 14:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` shortcode `before` and `after` attributes in all versions up to, and including, 4.0.…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7509
|
2026-05-22 14:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the `splw_update_block_options()` and `lwp_clean_weather_transients()`…
New
|
CWE-862
Missing Authorization
|
CVE-2026-7249
|
2026-05-22 14:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sani…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6864
|
2026-05-22 14:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfie_manage() fun…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-4070
|
2026-05-22 14:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
5.7 |
MEDIUM
Adjacent
|
-
|
-
|
There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the r…
New
|
CWE-200
Information Exposure
|
CVE-2026-44409
|
2026-05-22 14:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This is due to insufficient input saniti…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-3481
|
2026-05-22 14:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing capability checks on the 'ultp_install_callback' and 'ultp_activate_callback' fun…
New
|
CWE-862
Missing Authorization
|
CVE-2026-2518
|
2026-05-22 14:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
- |
|
-
|
-
|
An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic.
New
|
-
|
CVE-2026-9054
|
2026-05-22 13:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
