|
1811
|
3.5 |
LOW
Adjacent
|
ieee
linux
microsoft
debian
siemens
arista
cisco
intel
|
ieee_802.11
mac80211
windows_10
windows_7
windows_8.1
windows_rt_8.1
windows_server_2008
windows_server_2012
windows_server_2016
windows_server_2019
debian_linux
scal…
|
El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que el flag A-MSDU en el campo de encabezado QoS de texto plano esté autentic…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-24588
|
2026-04-14 18:16 |
2021-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1812
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_holder' parameter in all versions up to, and including, 3.20.5. This is due to the …
|
CWE-94
Code Injection
|
CVE-2026-2582
|
2026-04-14 16:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1813
|
7.2 |
HIGH
Network
|
-
|
-
|
The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserializ…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-3017
|
2026-04-14 15:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1814
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to ins…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4479
|
2026-04-14 13:17 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1815
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentor_quickview_button shortcode's button_text attribute in all versions up to, and including, 3.3.5. This…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4059
|
2026-04-14 13:17 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1816
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `surbma-bookingcom` shortcode in all versions up to, and including, 2.1 due to in…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1607
|
2026-04-14 13:17 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1817
|
7.2 |
HIGH
Network
|
-
|
-
|
The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/backwpup/v1/getblock` REST endpoint in all versions up to, and including, 5.6.6…
|
CWE-22
Path Traversal
|
CVE-2026-6227
|
2026-04-14 12:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1818
|
7.2 |
HIGH
Network
|
-
|
-
|
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box input type) in form submissions in all versions up to, and including, 1.15.40.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4388
|
2026-04-14 12:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1819
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up to, and including, 4.3.…
|
CWE-862
Missing Authorization
|
CVE-2026-4365
|
2026-04-14 11:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1820
|
7.5 |
HIGH
Network
|
-
|
-
|
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the `_cct_se…
|
CWE-89
SQL Injection
|
CVE-2026-4352
|
2026-04-14 11:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
