|
2371
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Una vulnerabilidad fue detectada en code-projects Accounting System 1.0. El elemento afectado es una función desconocida del archivo /my_account/delete.php. Realizar una manipulación del argumento co…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4836
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2372
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noresults' parameter in all versions up to, an…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1986
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2373
|
6.1 |
MEDIUM
Network
|
-
|
-
|
El plugin FloristPress para Woo – Personaliza tu tienda de comercio electrónico para tu floristería para WordPress es vulnerable a cross-site scripting reflejado a través del parámetro 'noresults' en…
|
CWE-79
Cross-site Scripting
|
CVE-2026-1986
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2374
|
7.2 |
HIGH
Network
|
-
|
-
|
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'post_content' of admin_form posts in all versions up to, and including, 3.28.31…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-3328
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2375
|
7.2 |
HIGH
Network
|
-
|
-
|
El plugin Frontend Admin de DynamiApps para WordPress es vulnerable a Inyección de Objetos PHP a través de la deserialización del 'post_content' de publicaciones de tipo admin_form en todas las versi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-3328
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2376
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'baf_sbox' shortcode in all versions up to and including 1.1.1. This is due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4075
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2377
|
6.4 |
MEDIUM
Network
|
-
|
-
|
El plugin BWL Advanced FAQ Manager Lite para WordPress es vulnerable a cross-site scripting almacenado a través del shortcode 'baf_sbox' en todas las versiones hasta la 1.1.1 inclusive. Esto se debe …
|
CWE-79
Cross-site Scripting
|
CVE-2026-4075
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2378
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment post_title in all versions up to, and including, 6.4.3. This is due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4335
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2379
|
5.4 |
MEDIUM
Network
|
-
|
-
|
El plugin ShortPixel Image Optimizer para WordPress es vulnerable a Cross-Site Scripting Almacenado a través del post_title del adjunto en todas las versiones hasta la 6.4.3, inclusive. Esto se debe …
|
CWE-79
Cross-site Scripting
|
CVE-2026-4335
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2380
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql inj…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4838
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
