|
3381
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization an…
|
CWE-79
Cross-site Scripting
|
CVE-2025-5085
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3382
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output esc…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1450
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3383
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escapi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1451
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3384
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpw_fs_get_file' AJAX action in all versions up to, and including, 1.9.5. …
|
CWE-79
Cross-site Scripting
|
CVE-2026-2382
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3385
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new_domain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input …
|
CWE-79
Cross-site Scripting
|
CVE-2026-2425
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3386
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due to insufficient input saniti…
|
CWE-20
Improper Input Validation
|
CVE-2026-3620
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3387
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseed_plugin_settings_page…
|
CWE-352
Origin Validation Error
|
CVE-2026-4071
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3388
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation o…
|
CWE-352
Origin Validation Error
|
CVE-2026-8422
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3389
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insuf…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8885
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3390
|
2.4 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The mani…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10514
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
