|
2901
|
8.5 |
HIGH
Network
|
-
|
-
|
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
|
CWE-89
SQL Injection
|
CVE-2026-39581
|
2026-06-16 23:52 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2902
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Metro Magazine: from n/a through 1.4.1.
|
CWE-862
Missing Authorization
|
CVE-2026-40809
|
2026-06-16 23:52 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2903
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection.
This issue affects The Ev…
|
CWE-89
SQL Injection
|
CVE-2026-49772
|
2026-06-16 23:52 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2904
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion.
This issue affects RD Station: from n/a through 5.6.0.
|
CWE-94
Code Injection
|
CVE-2026-49774
|
2026-06-16 23:52 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2905
|
7.5 |
HIGH
Network
|
-
|
-
|
Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.
|
CWE-862
Missing Authorization
|
CVE-2026-52711
|
2026-06-16 23:52 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2906
|
7.6 |
HIGH
Network
|
-
|
-
|
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
|
CWE-89
SQL Injection
|
CVE-2026-52712
|
2026-06-16 23:52 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2907
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
|
CWE-862
Missing Authorization
|
CVE-2026-52714
|
2026-06-16 23:52 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2908
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
|
CWE-89
SQL Injection
|
CVE-2026-52715
|
2026-06-16 23:52 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2909
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.
|
CWE-862
Missing Authorization
|
CVE-2026-54190
|
2026-06-16 23:52 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2910
|
7.1 |
HIGH
Network
|
-
|
-
|
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2026-54191
|
2026-06-16 23:52 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|