|
1351
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the [circliful] shortcode and via multiple shortcode attributes of the [circlifu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3659
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1352
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportal_popup_shortcode() function is registered as an AJAX…
|
CWE-862
Missing Authorization
|
CVE-2026-3649
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1353
|
7.2 |
HIGH
Network
|
-
|
-
|
The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plugin registers REST API endpoints at `/otm-ac/v1/u…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3643
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1354
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshot_form_builder_update_field_data() AJAX handler lacks any capab…
|
CWE-862
Missing Authorization
|
CVE-2026-3642
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1355
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` fu…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-3461
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1356
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3.9.7 This is due to the payment integrations (Stripe/PayPal) trusting a user-su…
|
CWE-20
Improper Input Validation
|
CVE-2026-1782
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1357
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in version 1.0. This is due to missing nonce validation on t…
|
CWE-352
Origin Validation Error
|
CVE-2026-6293
|
2026-04-15 16:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1358
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query e…
|
CWE-862
Missing Authorization
|
CVE-2026-4812
|
2026-04-15 13:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1359
|
7.2 |
HIGH
Network
|
-
|
-
|
The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, …
|
CWE-79
Cross-site Scripting
|
CVE-2026-2834
|
2026-04-15 13:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1360
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2396
|
2026-04-15 13:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
