|
2901
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type (e.g., text/plain).
|
CWE-79
Cross-site Scripting
|
CVE-2026-49102
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2902
|
4.7 |
MEDIUM
Network
|
-
|
-
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommerce allows Phishing.
This issue affects Facebook for WooCommerce: from n/a through 3.7.0.
|
CWE-601
Open Redirect
|
CVE-2026-49059
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2903
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects ElementsKit Elementor addon…
|
CWE-862
Missing Authorization
|
CVE-2026-49053
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2904
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects ElementsKit Elementor addon…
|
CWE-862
Missing Authorization
|
CVE-2026-49052
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2905
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WP Meta and Date Remover: …
|
CWE-862
Missing Authorization
|
CVE-2026-49051
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2906
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects DearFlip: from n/a through 2.4.27.
|
CWE-862
Missing Authorization
|
CVE-2026-49047
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2907
|
8.5 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection.
This issue affects Duplicate Pa…
|
CWE-89
SQL Injection
|
CVE-2026-49046
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2908
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Adminimize: from n/a through 1.11.11.
|
CWE-862
Missing Authorization
|
CVE-2026-49045
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2909
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS.
This issue affects Ad…
|
CWE-79
Cross-site Scripting
|
CVE-2026-49044
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2910
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects SVG Support: from n/a through 2.5.14.
|
CWE-862
Missing Authorization
|
CVE-2026-48973
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
