|
1341
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validatio…
|
CWE-352
Origin Validation Error
|
CVE-2026-1852
|
2026-04-15 21:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1342
|
- |
|
-
|
-
|
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGri…
|
CWE-862
Missing Authorization
|
CVE-2026-40730
|
2026-04-15 20:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1343
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_container' attribute of the 'include-post-by-cat' shortcode in all versions up to, and includi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5717
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1344
|
7.2 |
HIGH
Network
|
-
|
-
|
The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'loan-amount' and 'loan-period' parameters in all versions up to, and including, 3.1.5 due to insuf…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5694
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1345
|
8.8 |
HIGH
Network
|
-
|
-
|
The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_return_to_admin() function trusting a client-contro…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5617
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1346
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the func…
|
CWE-352
Origin Validation Error
|
CVE-2026-4091
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1347
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the [pc] shortcode in all versions up to, and including, 0.1.0. This is due to insuff…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4011
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1348
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userhash' shortcode attribute in all versions up to and including 1.0. This is due to insufficient i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4005
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1349
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajax_revoke_token() function wh…
|
CWE-352
Origin Validation Error
|
CVE-2026-4002
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1350
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the [jqmath] shortcode in all versions up to and including 1.3. This is due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3998
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
