|
3021
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `cvmh-sticky` shortcode `readmoretext` attribute in versions up to and including 2.5.6. This is due to insufficien…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6397
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3022
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due …
|
CWE-269
Improper Privilege Management
|
CVE-2026-7284
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3023
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, 1.01. This is due to insufficient input sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7462
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3024
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 …
|
CWE-79
Cross-site Scripting
|
CVE-2026-8038
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3025
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of sanitize_text_field() for output escaping in the…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6399
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3026
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the opti…
|
CWE-352
Origin Validation Error
|
CVE-2026-6400
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3027
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.1.7. This is due to missing nonce verification on the plugin's settings update fo…
|
CWE-352
Origin Validation Error
|
CVE-2026-6401
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3028
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomify_api_key' parameter in versions up to and including 0.3.6. This is du…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6404
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3029
|
8.8 |
HIGH
Network
|
-
|
-
|
The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the `rememberLogin` REST API endpoint using a loose compari…
|
CWE-287
Improper Authentication
|
CVE-2026-6456
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3030
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Games Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the gc_crud() funct…
|
CWE-352
Origin Validation Error
|
CVE-2026-8418
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
