|
971
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Bus Ticket…
New
|
CWE-862
Missing Authorization
|
CVE-2025-66105
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
972
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection.
This issue affects Team Member: from n/a through …
New
|
CWE-89
SQL Injection
|
CVE-2025-68060
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
973
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery.
This issue affects WPGraphQL: from n/a through 2.5.3.
New
|
CWE-352
Origin Validation Error
|
CVE-2025-68604
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
974
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Royal Elementor Addons: from n/a bef…
New
|
CWE-862
Missing Authorization
|
CVE-2026-25436
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
975
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data.
This issue affects Happy Addons…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-25468
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
976
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects YITH WooC…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-27329
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
977
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects PDF Poster: from n/a through 2.4.1.
New
|
CWE-862
Missing Authorization
|
CVE-2026-27416
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
978
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.
This issue affects Royal Elementor Addons: fro…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-27421
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
979
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the `processRequest()` method in `Forminator_Admin_Module_Edit_…
New
|
CWE-862
Missing Authorization
|
CVE-2026-6222
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
980
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the nonce_permiss…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4807
|
2026-05-7 23:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
