|
1521
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects …
|
CWE-89
SQL Injection
|
CVE-2026-42747
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1522
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-42748
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1523
|
7.1 |
HIGH
Network
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issu…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-42749
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1524
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nexcess WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through <…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42750
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1525
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: f…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42751
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1526
|
7.3 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: …
|
CWE-862
Missing Authorization
|
CVE-2026-42753
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1527
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42754
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1528
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: …
|
CWE-89
SQL Injection
|
CVE-2026-42755
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1529
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp all…
|
CWE-22
Path Traversal
|
CVE-2026-42756
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1530
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects Webi…
|
CWE-22
Path Traversal
|
CVE-2026-42757
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
