|
3071
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom `|***...***|` …
|
CWE-79
Cross-site Scripting
|
CVE-2026-4300
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3072
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wsm_showDayStatsGraph' shortcode in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4303
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3073
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. …
|
CWE-352
Origin Validation Error
|
CVE-2026-1672
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3074
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. …
|
CWE-352
Origin Validation Error
|
CVE-2026-1673
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3075
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Inje…
|
CWE-89
SQL Injection
|
CVE-2026-1865
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3076
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings[js]' parameter in versions up to, and including, 2.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2481
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3077
|
8.8 |
HIGH
Network
|
-
|
-
|
The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1…
|
CWE-22
Path Traversal
|
CVE-2026-3243
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3078
|
7.5 |
HIGH
Network
|
-
|
-
|
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on th…
|
CWE-89
SQL Injection
|
CVE-2026-3396
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3079
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due …
|
CWE-79
Cross-site Scripting
|
CVE-2026-2509
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3080
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on th…
|
CWE-352
Origin Validation Error
|
CVE-2026-0811
|
2026-04-25 03:05 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
