|
1661
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Server Variable in all versions up to, and including, 1.3 due to insufficient input sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8622
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1662
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is auth…
|
CWE-862
Missing Authorization
|
CVE-2026-8688
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1663
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. This is due to a completely broken nonce validation in the…
|
CWE-352
Origin Validation Error
|
CVE-2026-6292
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1664
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8628
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1665
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.4.1. This is due to the plugin not properly verifyin…
|
CWE-862
Missing Authorization
|
CVE-2026-8690
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1666
|
7.5 |
HIGH
Network
|
-
|
-
|
The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the `pagseguro[metodo]` POST parameter of the `clearsale_total_push` AJAX action in all versions up to, and including, 3.4.…
|
CWE-89
SQL Injection
|
CVE-2026-8705
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1667
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The MIR blocks and shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute (and other attributes such as 'ready_animation_text') of the 'msc_stats' shor…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8896
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1668
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a funct…
|
CWE-352
Origin Validation Error
|
CVE-2026-8905
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1669
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin not properly verifying that a user is auth…
|
CWE-862
Missing Authorization
|
CVE-2026-9616
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1670
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a use…
|
CWE-862
Missing Authorization
|
CVE-2026-9619
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
