|
1181
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in all versions up to…
|
CWE-862
Missing Authorization
|
CVE-2026-4362
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1182
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. …
|
CWE-22
Path Traversal
|
CVE-2026-7810
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1183
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the create_template() method of …
|
CWE-22
Path Traversal
|
CVE-2026-5957
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1184
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispa…
|
CWE-862
Missing Authorization
|
CVE-2026-5294
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1185
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, …
|
CWE-79
Cross-site Scripting
|
CVE-2026-5159
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1186
|
7.2 |
HIGH
Network
|
-
|
-
|
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX action in all versions up to, and inclu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4803
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1187
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox `data-caption` attributes in all versions up to, and including, 2.7.10. This is due to the …
|
CWE-79
Cross-site Scripting
|
CVE-2026-4665
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1188
|
7.5 |
HIGH
Network
|
-
|
-
|
The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1…
|
CWE-89
SQL Injection
|
CVE-2026-3456
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1189
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the import_images() fun…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-2948
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1190
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6704
|
2026-05-5 12:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
