|
2591
|
- |
|
-
|
-
|
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGri…
|
CWE-862
Missing Authorization
|
CVE-2026-40730
|
2026-04-15 20:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2592
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_container' attribute of the 'include-post-by-cat' shortcode in all versions up to, and includi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5717
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2593
|
7.2 |
HIGH
Network
|
-
|
-
|
The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'loan-amount' and 'loan-period' parameters in all versions up to, and including, 3.1.5 due to insuf…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5694
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2594
|
8.8 |
HIGH
Network
|
-
|
-
|
The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_return_to_admin() function trusting a client-contro…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5617
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2595
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the func…
|
CWE-352
Origin Validation Error
|
CVE-2026-4091
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2596
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the [pc] shortcode in all versions up to, and including, 0.1.0. This is due to insuff…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4011
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2597
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userhash' shortcode attribute in all versions up to and including 1.0. This is due to insufficient i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4005
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2598
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajax_revoke_token() function wh…
|
CWE-352
Origin Validation Error
|
CVE-2026-4002
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2599
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the [jqmath] shortcode in all versions up to and including 1.3. This is due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3998
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2600
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the [circliful] shortcode and via multiple shortcode attributes of the [circlifu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3659
|
2026-04-15 18:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
