|
961
|
7.2 |
HIGH
Network
|
-
|
-
|
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insuffici…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3718
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
962
|
8.1 |
HIGH
Network
|
-
|
-
|
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file …
|
CWE-73
External Control of File Name or Path
|
CVE-2026-3892
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
963
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insu…
|
CWE-269
Improper Privilege Management
|
CVE-2026-5193
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
964
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the request_cancellation() funct…
|
CWE-352
Origin Validation Error
|
CVE-2026-5365
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
965
|
8.2 |
HIGH
Network
|
-
|
-
|
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including,…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5395
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
966
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'project_search' parameter in all versions u…
|
CWE-89
SQL Injection
|
CVE-2026-6225
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
967
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitiza…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6252
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
968
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This m…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6271
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
969
|
8.8 |
HIGH
Network
|
-
|
-
|
The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_upddata() function missing authorization …
|
CWE-862
Missing Authorization
|
CVE-2026-6506
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
970
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capa…
|
CWE-862
Missing Authorization
|
CVE-2026-6510
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
