|
3101
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockUniqId' block attribute in multiple Product Gride blocks…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6287
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3102
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due…
|
CWE-352
Origin Validation Error
|
CVE-2026-9236
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3103
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPH…
|
CWE-352
Origin Validation Error
|
CVE-2026-7614
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3104
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The faq shortocde plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in the 'faq' shortcode in all versions up to, and including, 1.0 due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8040
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3105
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The My Email Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subject' shortcode attribute in the 'my-email' shortcode in all versions up to, and including, 0.91 d…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8048
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3106
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the as_get_coin_shortcode(…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8698
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3107
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the `title-ticker-slide`, `title-ticker-fade`, and `title-ticker-typing` shortcodes. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8701
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3108
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This is due to insufficient output escaping in…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8702
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3109
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8703
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3110
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and outp…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8707
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
