|
2041
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. This is due to insufficient inpu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3498
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2042
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied para…
|
CWE-89
SQL Injection
|
CVE-2026-5207
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2043
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient outp…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5226
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2044
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing p…
|
CWE-862
Missing Authorization
|
CVE-2026-3358
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2045
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authori…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-3371
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2046
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4895
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2047
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-6105
|
2026-04-25 03:00 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2048
|
5.0 |
MEDIUM
Network
|
-
|
-
|
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, an…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-4979
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2049
|
8.8 |
HIGH
Network
|
-
|
-
|
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblo…
|
CWE-269
Improper Privilege Management
|
CVE-2026-5144
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2050
|
7.2 |
HIGH
Network
|
-
|
-
|
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5217
|
2026-04-25 03:00 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
