|
1061
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_lb24_token() AJAX function in versions up to, a…
New
|
CWE-862
Missing Authorization
|
CVE-2026-9184
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1062
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdev_generate_order_pdf.…
New
|
CWE-200
Information Exposure
|
CVE-2026-9612
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1063
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MotorDesk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the motordesk_admin…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-9724
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1064
|
7.2 |
HIGH
Network
|
-
|
-
|
The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUEST_URI server variable in all versions up to, and including, 4.5.18. When the plugin's `…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9643
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1065
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the …
New
|
CWE-352
Origin Validation Error
|
CVE-2026-9721
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1066
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection.
This issue affects Funnel Buil…
New
|
CWE-89
SQL Injection
|
CVE-2026-56052
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1067
|
8.8 |
HIGH
Network
|
-
|
-
|
The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: (…
New
|
CWE-862
Missing Authorization
|
CVE-2026-7761
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1068
|
8.8 |
HIGH
Network
|
-
|
-
|
The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to …
New
|
CWE-94
Code Injection
|
CVE-2026-12242
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1069
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configurablePrefix' Block Attribute in all ver…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-10833
|
2026-06-25 22:26 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1070
|
7.5 |
HIGH
Network
|
-
|
-
|
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping…
New
|
CWE-89
SQL Injection
|
CVE-2026-12077
|
2026-06-25 22:26 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
