|
2651
|
8.1 |
HIGH
Network
|
-
|
-
|
Control inadecuado del nombre de fichero para la declaración include/require en un programa PHP, la vulnerabilidad de 'inclusión remota de ficheros de PHP' en AncoraThemes Wizor's wizors-investments …
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-22516
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2652
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Handmade Framework handmade-framework allows Reflected XSS.This issue affects Handmade Fr…
|
CWE-79
Cross-site Scripting
|
CVE-2026-22520
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2653
|
7.1 |
HIGH
Network
|
-
|
-
|
Vulnerabilidad de Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') en G5Theme Handmade Framework handmade-framework permite XSS Reflejado. Este pr…
|
CWE-79
Cross-site Scripting
|
CVE-2026-22520
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2654
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra Word…
|
CWE-79
Cross-site Scripting
|
CVE-2026-22523
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2655
|
7.1 |
HIGH
Network
|
-
|
-
|
Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') vulnerabilidad en themepassion Ultra WordPress Admin ultra-admin permite XSS Reflejado. Este prob…
|
CWE-79
Cross-site Scripting
|
CVE-2026-22523
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2656
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Legacy Admin legacy-admin allows Reflected XSS.This issue affects Legacy Admin: from…
|
CWE-79
Cross-site Scripting
|
CVE-2026-22524
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2657
|
7.1 |
HIGH
Network
|
-
|
-
|
Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') vulnerabilidad en themepassion Legacy Admin legacy-admin permite XSS Reflejado. Este problema afe…
|
CWE-79
Cross-site Scripting
|
CVE-2026-22524
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2658
|
7.5 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for Wor…
|
CWE-862
Missing Authorization
|
CVE-2026-23806
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2659
|
7.5 |
HIGH
Network
|
-
|
-
|
Vulnerabilidad por falta de autorización en las publicaciones de empleo de BlueGlass Interactive AG Jobs for WordPress permite explotar niveles de seguridad de control de acceso configurados incorrec…
|
CWE-862
Missing Authorization
|
CVE-2026-23806
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2660
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affec…
|
CWE-79
Cross-site Scripting
|
CVE-2026-23807
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
