|
3071
|
6.4 |
MEDIUM
Network
|
-
|
-
|
El plugin Sheets2Table para WordPress es vulnerable a cross-site scripting almacenado a través del atributo de shortcode 'titles' en el shortcode [sheets2table-render-table] en todas las versiones ha…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3619
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3072
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Appmax plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 1.0.3. This is due to the plugin registering a public REST API webhook endpoint at /we…
|
CWE-20
Improper Input Validation
|
CVE-2026-3641
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3073
|
5.3 |
MEDIUM
Network
|
-
|
-
|
El plugin Appmax para WordPress es vulnerable a la Validación de Entrada Inadecuada en todas las versiones hasta la 1.0.3, inclusive. Esto se debe a que el plugin registra un endpoint de webhook de A…
|
CWE-20
Improper Input Validation
|
CVE-2026-3641
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3074
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Ecover Builder For Dummies plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'ecover' shortcode in all versions up to and including 1.0. This is due …
|
CWE-79
Cross-site Scripting
|
CVE-2026-4077
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3075
|
6.4 |
MEDIUM
Network
|
-
|
-
|
El plugin Ecover Builder For Dummies para WordPress es vulnerable a cross-site scripting almacenado a través del parámetro 'id' del shortcode 'ecover' en todas las versiones hasta la 1.0 inclusive. E…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4077
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3076
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Pre* Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hint_ids' parameter of the pprh_update_hints AJAX action in all versions up to, and including, 1.8.20. This …
|
CWE-89
SQL Injection
|
CVE-2026-4087
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3077
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The save_config() function, which handles the 'punnel_save_c…
|
CWE-862
Missing Authorization
|
CVE-2026-3645
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3078
|
5.3 |
MEDIUM
Network
|
-
|
-
|
El plugin Punnel – Landing Page Builder para WordPress es vulnerable a la falta de autorización en todas las versiones hasta la 1.3.1, inclusive. La función save_config(), que maneja la acción AJAX '…
|
CWE-862
Missing Authorization
|
CVE-2026-3645
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3079
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-…
|
CWE-862
Missing Authorization
|
CVE-2026-3651
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3080
|
5.3 |
MEDIUM
Network
|
-
|
-
|
El plugin Build App Online para WordPress es vulnerable a acceso no autorizado en todas las versiones hasta la 1.0.23, inclusive. Esto se debe a que el plugin registra la acción AJAX 'build-app-onlin…
|
CWE-862
Missing Authorization
|
CVE-2026-3651
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
