|
1591
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [zemstl] shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4081
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1592
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation o…
|
CWE-352
Origin Validation Error
|
CVE-2026-8422
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1593
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insuf…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8885
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1594
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification …
|
CWE-862
Missing Authorization
|
CVE-2026-9234
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1595
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admin_init fu…
|
CWE-352
Origin Validation Error
|
CVE-2026-9599
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1596
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPage…
|
CWE-352
Origin Validation Error
|
CVE-2026-9722
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1597
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the go…
|
CWE-352
Origin Validation Error
|
CVE-2026-9723
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1598
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on t…
|
CWE-352
Origin Validation Error
|
CVE-2026-9730
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1599
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS.
This issue affects Accordion FAQ: from n/a thr…
|
CWE-79
Cross-site Scripting
|
CVE-2025-52759
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1600
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Printeers Print & Ship: from n/a t…
|
CWE-862
Missing Authorization
|
CVE-2025-52766
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
