|
4451
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perf…
|
CWE-862
Missing Authorization
|
CVE-2026-7050
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4452
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `editpos_hidden` parameter in all versions up to, and including, 1.3. This is due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7437
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4453
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, 1.2. This is due to insufficient inp…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7464
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4454
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a fu…
|
CWE-352
Origin Validation Error
|
CVE-2026-7561
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4455
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form a…
|
CWE-352
Origin Validation Error
|
CVE-2026-7562
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4456
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyi_admin…
|
CWE-352
Origin Validation Error
|
CVE-2026-7616
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4457
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `social` shortcode in all versions up to, and including, 1.2. This is due to insufficient inp…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7659
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4458
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `box` shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitiza…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7661
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4459
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb_handle_slek_payment_redirect() function placing the merchant's slek_…
|
CWE-200
Information Exposure
|
CVE-2026-7626
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4460
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the s…
|
CWE-862
Missing Authorization
|
CVE-2026-1934
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
