|
2541
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2396
|
2026-04-15 13:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2542
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the io_img_upload() function in all versions up to, and including, 1.2024. This makes i…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-1555
|
2026-04-15 13:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2543
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's `fusion_get_post_custom_field…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-1541
|
2026-04-15 13:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2544
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's `output_action_hook()` …
|
CWE-94
Code Injection
|
CVE-2026-1509
|
2026-04-15 13:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2545
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the send_post_pages_…
|
CWE-862
Missing Authorization
|
CVE-2026-1314
|
2026-04-15 13:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2546
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akd_required_plugin_callback function in all versions up to, and including, 1…
|
CWE-22
Path Traversal
|
CVE-2025-15470
|
2026-04-15 13:17 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2547
|
5.4 |
MEDIUM
Network
|
docmost
|
docmost
|
Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before in…
|
CWE-79
Cross-site Scripting
|
CVE-2026-24045
|
2026-04-15 07:16 |
2026-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2548
|
5.4 |
MEDIUM
Network
|
docmost
|
docmost
|
Docmost es un software de wiki y documentación colaborativo de código abierto. Desde g y antes de 0.25.0, la funcionalidad de página compartida pública en Docmost no escapa correctamente los títulos …
|
CWE-79
Cross-site Scripting
|
CVE-2026-24045
|
2026-04-15 07:16 |
2026-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2549
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragm…
|
CWE-416
Use After Free
|
CVE-2025-7425
|
2026-04-15 07:16 |
2025-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2550
|
7.8 |
HIGH
Local
|
-
|
-
|
Se encontró una falla en libxslt donde los atributos type, atype y flags se modifican de forma que corrompe la gestión de memoria interna. Cuando las funciones XSLT, como el proceso key(), generan fr…
|
CWE-416
Use After Free
|
CVE-2025-7425
|
2026-04-15 07:16 |
2025-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
