|
1041
|
7.2 |
HIGH
Network
|
-
|
-
|
The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'api_url' parameter. This makes it possible for unauthenticated att…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-12095
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1042
|
7.2 |
HIGH
Network
|
-
|
-
|
The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attacke…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-12100
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1043
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Secufor_OAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not properly verifying that a user is authorized to …
New
|
CWE-862
Missing Authorization
|
CVE-2026-7617
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1044
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the assistio_plugin_delete_assistio_settings()…
New
|
CWE-862
Missing Authorization
|
CVE-2026-8614
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1045
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is due to …
New
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-12417
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1046
|
8.8 |
HIGH
Network
|
-
|
-
|
The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the nc_setOptio…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4297
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1047
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. This is due to a completely broken nonce validation in the…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-6292
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1048
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Server Variable in all versions up to, and including, 1.3 due to insufficient input sanitiz…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8622
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1049
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is auth…
New
|
CWE-862
Missing Authorization
|
CVE-2026-8688
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1050
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.4.1. This is due to the plugin not properly verifyin…
New
|
CWE-862
Missing Authorization
|
CVE-2026-8690
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
