|
1851
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe: from n/a through <= 2.266.
|
CWE-862
Missing Authorization
|
CVE-2026-39627
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1852
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <…
|
CWE-80
Basic XSS
|
CVE-2026-39628
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1853
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through <= 1.0.9.
|
CWE-80
Basic XSS
|
CVE-2026-39629
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1854
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39630
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1855
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a…
|
CWE-862
Missing Authorization
|
CVE-2026-39631
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1856
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1.
|
CWE-352
Origin Validation Error
|
CVE-2026-39632
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1857
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9.
|
CWE-352
Origin Validation Error
|
CVE-2026-39633
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1858
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request Forgery.This issue affects Grand Portfolio: from n/a through <= 3.3.
|
CWE-352
Origin Validation Error
|
CVE-2026-39634
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1859
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through <= 3.5.5.
|
CWE-352
Origin Validation Error
|
CVE-2026-39635
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1860
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects …
|
CWE-79
Cross-site Scripting
|
CVE-2026-39636
|
2026-04-25 03:06 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
