|
151
|
7.5 |
HIGH
Network
|
-
|
-
|
The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'product_data' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST …
New
|
CWE-89
SQL Injection
|
CVE-2026-3599
|
2026-04-16 15:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopr…
New
|
CWE-862
Missing Authorization
|
CVE-2026-3596
|
2026-04-16 15:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to the plugin registering a REST API route at POST /wp…
New
|
CWE-862
Missing Authorization
|
CVE-2026-3595
|
2026-04-16 15:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is a…
New
|
CWE-862
Missing Authorization
|
CVE-2026-3581
|
2026-04-16 15:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insuffic…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-3551
|
2026-04-16 15:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attack…
New
|
CWE-358
Improperly Implemented Security Check for Standard
|
CVE-2026-22618
|
2026-04-16 15:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. Th…
New
|
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
CVE-2026-22617
|
2026-04-16 15:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
6.3 |
MEDIUM
Network
|
-
|
-
|
UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product t…
New
|
CWE-941
Incorrectly Specified Destination in a Communication Channel
|
CVE-2026-40118
|
2026-04-16 14:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been …
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-22616
|
2026-04-16 14:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
6.0 |
MEDIUM
Network
|
-
|
-
|
Due to improper
input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is
possible for an attacker with admin privileges and access to the local system to
inject malicious cod…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-22615
|
2026-04-16 14:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
