|
1761
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wsm_showDayStatsGraph' shortcode in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4303
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1762
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. …
|
CWE-352
Origin Validation Error
|
CVE-2026-1672
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1763
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. …
|
CWE-352
Origin Validation Error
|
CVE-2026-1673
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1764
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Inje…
|
CWE-89
SQL Injection
|
CVE-2026-1865
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1765
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings[js]' parameter in versions up to, and including, 2.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2481
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1766
|
8.8 |
HIGH
Network
|
-
|
-
|
The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1…
|
CWE-22
Path Traversal
|
CVE-2026-3243
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1767
|
7.5 |
HIGH
Network
|
-
|
-
|
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on th…
|
CWE-89
SQL Injection
|
CVE-2026-3396
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1768
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due …
|
CWE-79
Cross-site Scripting
|
CVE-2026-2509
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1769
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on th…
|
CWE-352
Origin Validation Error
|
CVE-2026-0811
|
2026-04-25 03:05 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1770
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in all versions up to, and…
|
CWE-862
Missing Authorization
|
CVE-2026-0814
|
2026-04-25 03:05 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
