|
51
|
7.2 |
HIGH
Network
|
-
|
-
|
The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateU…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9851
|
2026-06-6 14:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
52
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compact_album_order_by' Shortcode Parameter in all versions up to, and i…
New
|
CWE-89
SQL Injection
|
CVE-2026-9829
|
2026-06-6 14:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
53
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'location_messages' parameter in all…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9594
|
2026-06-6 14:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
54
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due …
New
|
CWE-117
Improper Output Neutralization for Logs
|
CVE-2026-9016
|
2026-06-6 14:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
55
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership v…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8839
|
2026-06-6 14:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
56
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoice_id' parameter due to missing valid…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8611
|
2026-06-6 14:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
57
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user i…
New
|
CWE-862
Missing Authorization
|
CVE-2026-7624
|
2026-06-6 14:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
58
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-11150
|
2026-06-6 14:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
59
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Me…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-11148
|
2026-06-6 14:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
60
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Insufficient validation of untrusted input in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox es…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-11146
|
2026-06-6 14:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
