|
281
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all version…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4811
|
2026-05-22 00:19 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitizatio…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-1543
|
2026-05-22 00:19 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the `w…
New
|
CWE-74
Injection
|
CVE-2026-6279
|
2026-05-22 00:19 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data.
This issue affects Mail Mint: from n/a t…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-27349
|
2026-05-22 00:19 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects CF7 WOW Styler: from n/a through 1.7.6.
New
|
CWE-862
Missing Authorization
|
CVE-2026-27393
|
2026-05-22 00:19 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from P…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-5118
|
2026-05-22 00:19 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single_unit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-35007
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized valu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-35008
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_note.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-35009
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_JF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-35010
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
