|
1861
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing p…
|
CWE-862
Missing Authorization
|
CVE-2026-3358
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1862
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authori…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-3371
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1863
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4895
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1864
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-6105
|
2026-04-25 03:00 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1865
|
5.0 |
MEDIUM
Network
|
-
|
-
|
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, an…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-4979
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1866
|
8.8 |
HIGH
Network
|
-
|
-
|
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblo…
|
CWE-269
Improper Privilege Management
|
CVE-2026-5144
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1867
|
7.2 |
HIGH
Network
|
-
|
-
|
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5217
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1868
|
7.1 |
HIGH
Network
|
-
|
-
|
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic_add() and topic_edit() action han…
|
CWE-73
External Control of File Name or Path
|
CVE-2026-5809
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1869
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the co…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6106
|
2026-04-25 03:00 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1870
|
3.5 |
LOW
Network
|
-
|
-
|
A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chat_headers_middleware.py of the component ChatHeadersMiddleware.…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6107
|
2026-04-25 03:00 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
