|
161
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium secu…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-11202
|
2026-06-6 10:36 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in GPU in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
New
|
CWE-200
Information Exposure
|
CVE-2026-11203
|
2026-06-6 10:36 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missin…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-9719
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
7.5 |
HIGH
Network
|
-
|
-
|
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) functi…
New
|
CWE-22
Path Traversal
|
CVE-2026-9290
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7…
New
|
CWE-862
Missing Authorization
|
CVE-2026-8976
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input sanitization …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8900
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] shortcode in versions up to, and including, 1.28.0. T…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8893
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is du…
New
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-8608
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funp_…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-7047
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1…
New
|
CWE-89
SQL Injection
|
CVE-2026-6448
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
