|
61
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all v…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-8444
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
62
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'title_tag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8613
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
63
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8853
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
64
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][attachment_url]' Parameters in all versions up to, an…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9019
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
65
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly rest…
New
|
CWE-269
Improper Privilege Management
|
CVE-2025-6254
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
66
|
7.5 |
HIGH
Network
|
-
|
-
|
The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the use…
New
|
CWE-89
SQL Injection
|
CVE-2026-3018
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
67
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS.
This issue affects WPZOOM Portfolio: from n/a through 1.4…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-49069
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
68
|
8.1 |
HIGH
Network
|
google
|
chrome
|
Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pa…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11689
|
2026-06-11 03:35 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
69
|
5.4 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Hig…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11666
|
2026-06-11 03:31 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
70
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a cra…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11658
|
2026-06-11 03:30 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
