|
151
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation me…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5113
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output esc…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5112
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5111
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output esc…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5110
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Optio…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5109
|
2026-05-2 15:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
8.8 |
HIGH
Network
|
-
|
-
|
The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_extra_user_profile_fields()` function. Thi…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-7641
|
2026-05-2 14:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Su…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7604
|
2026-05-2 14:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This mani…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7603
|
2026-05-2 14:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operato…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-7458
|
2026-05-2 14:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
8.8 |
HIGH
Network
|
-
|
-
|
The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_save_provider_config AJAX action in all versions up to, and including, 1.8. …
New
|
CWE-862
Missing Authorization
|
CVE-2026-6963
|
2026-05-2 14:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
