|
1841
|
8.2 |
HIGH
Network
|
-
|
-
|
The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authori…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5396
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1842
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed_orders' parameter in all versions up to, and including, 1.4.0 due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6417
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1843
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to inc…
|
CWE-287
Improper Authentication
|
CVE-2026-8181
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1844
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the bt_bb_button shortcode in all versions up to, and including, 5.6.8. This is due…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3694
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1845
|
7.2 |
HIGH
Network
|
-
|
-
|
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insuffici…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3718
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1846
|
8.1 |
HIGH
Network
|
-
|
-
|
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file …
|
CWE-73
External Control of File Name or Path
|
CVE-2026-3892
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1847
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insu…
|
CWE-269
Improper Privilege Management
|
CVE-2026-5193
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1848
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the request_cancellation() funct…
|
CWE-352
Origin Validation Error
|
CVE-2026-5365
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1849
|
8.2 |
HIGH
Network
|
-
|
-
|
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including,…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5395
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1850
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'project_search' parameter in all versions u…
|
CWE-89
SQL Injection
|
CVE-2026-6225
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
