|
2241
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe…
|
CWE-862
Missing Authorization
|
CVE-2026-39715
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2242
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8.
|
CWE-862
Missing Authorization
|
CVE-2026-39716
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2243
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the [pc-login-form] shortcode in all versions up to, and including, 1.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4025
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2244
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdflio' shortcode in all versions up to, and including, 1.0.5. This is due to insufficient input sanitization an…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4073
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2245
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom `|***...***|` …
|
CWE-79
Cross-site Scripting
|
CVE-2026-4300
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2246
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wsm_showDayStatsGraph' shortcode in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4303
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2247
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. …
|
CWE-352
Origin Validation Error
|
CVE-2026-1672
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2248
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. …
|
CWE-352
Origin Validation Error
|
CVE-2026-1673
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2249
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Inje…
|
CWE-89
SQL Injection
|
CVE-2026-1865
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2250
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings[js]' parameter in versions up to, and including, 2.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2481
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
