|
3151
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-events' shortcode in versions up to, and including, 3.0. This is due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8898
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3152
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input saniti…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8899
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3153
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Two-factor authentication (formerly IP Vault) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce…
|
CWE-352
Origin Validation Error
|
CVE-2026-8903
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3154
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This …
|
CWE-352
Origin Validation Error
|
CVE-2026-8911
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3155
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJL_…
|
CWE-352
Origin Validation Error
|
CVE-2026-8938
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3156
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the search_sim…
|
CWE-352
Origin Validation Error
|
CVE-2026-8939
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3157
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdl_off_opt…
|
CWE-352
Origin Validation Error
|
CVE-2026-8941
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3158
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gosta…
|
CWE-352
Origin Validation Error
|
CVE-2026-8943
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3159
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_stats() function in versions up to, and including, 1.3. The func…
|
CWE-862
Missing Authorization
|
CVE-2026-9014
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3160
|
8.1 |
HIGH
Network
|
-
|
-
|
The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The `ajaxLoginWithNear()` function — registered as a `wp_ajax_nopriv` acti…
|
CWE-287
Improper Authentication
|
CVE-2026-8994
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
