|
1881
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.1.7. This is due to missing nonce verification on the plugin's settings update fo…
|
CWE-352
Origin Validation Error
|
CVE-2026-6401
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1882
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomify_api_key' parameter in versions up to and including 0.3.6. This is du…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6404
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1883
|
8.8 |
HIGH
Network
|
-
|
-
|
The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the `rememberLogin` REST API endpoint using a loose compari…
|
CWE-287
Improper Authentication
|
CVE-2026-6456
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1884
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gc_crud() funct…
|
CWE-352
Origin Validation Error
|
CVE-2026-8418
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1885
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This…
|
CWE-352
Origin Validation Error
|
CVE-2026-8419
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1886
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a func…
|
CWE-352
Origin Validation Error
|
CVE-2026-8420
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1887
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on th…
|
CWE-352
Origin Validation Error
|
CVE-2026-8423
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1888
|
8.8 |
HIGH
Network
|
-
|
-
|
The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting…
|
CWE-269
Improper Privilege Management
|
CVE-2026-7467
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1889
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of esc_s…
|
CWE-89
SQL Injection
|
CVE-2026-7472
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1890
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'rybb_a…
|
CWE-352
Origin Validation Error
|
CVE-2026-8424
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
