|
1871
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The 診断ジェネレータ作成プラグイン (Diagnosis Generator) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing autho…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5293
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1872
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin prote…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6072
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1873
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in versions up to and including 1.1.1. This is due…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6394
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1874
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in versions up to and including 0.9.2. This is due to the complete absence of n…
|
CWE-352
Origin Validation Error
|
CVE-2026-6395
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1875
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `cvmh-sticky` shortcode `readmoretext` attribute in versions up to and including 2.5.6. This is due to insufficien…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6397
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1876
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due …
|
CWE-269
Improper Privilege Management
|
CVE-2026-7284
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1877
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, 1.01. This is due to insufficient input sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7462
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1878
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 …
|
CWE-79
Cross-site Scripting
|
CVE-2026-8038
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1879
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitize_text_field() for output escaping in the…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6399
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1880
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the opti…
|
CWE-352
Origin Validation Error
|
CVE-2026-6400
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
