|
4631
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldn…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47984
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4632
|
6.2 |
MEDIUM
Local
|
-
|
-
|
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path param…
|
CWE-22
Path Traversal
|
CVE-2022-50953
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4633
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-54350
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4634
|
7.2 |
HIGH
Network
|
-
|
-
|
WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers c…
|
CWE-79
Cross-site Scripting
|
CVE-2023-54351
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4635
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers ca…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-54352
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4636
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attack…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-58348
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4637
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-58349
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4638
|
7.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packet…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-3238
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4639
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScr…
|
CWE-79
Cross-site Scripting
|
CVE-2026-11569
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4640
|
- |
|
-
|
-
|
## Summary
The iOS implementation of `cordova-plugin-inappbrowser` passes the `id` field from a `WKScriptMessage` body to `commandDelegate sendPluginResult:callbackId:` with no format validation (`C…
|
CWE-20
Improper Input Validation
|
CVE-2026-47430
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
