|
181
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7…
New
|
CWE-862
Missing Authorization
|
CVE-2026-8976
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
182
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input sanitization …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8900
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
183
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] shortcode in versions up to, and including, 1.28.0. T…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8893
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
184
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is du…
New
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-8608
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
185
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funp_…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-7047
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
186
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1…
New
|
CWE-89
SQL Injection
|
CVE-2026-6448
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
187
|
- |
|
-
|
-
|
An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacke…
New
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-6242
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
188
|
- |
|
-
|
-
|
An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitizatio…
New
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-6241
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
189
|
- |
|
-
|
-
|
A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenti…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-6240
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
190
|
- |
|
-
|
-
|
A stack‑based
buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where
the device fails to properly validate the number of XML user nodes during
request processi…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-6239
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
