|
441
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from …
New
|
CWE-862
Missing Authorization
|
CVE-2026-42648
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
442
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n…
New
|
CWE-89
SQL Injection
|
CVE-2026-42646
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
443
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders al…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-42645
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
444
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: fr…
New
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-42644
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
445
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a t…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42643
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
446
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 4.14.5.
New
|
CWE-862
Missing Authorization
|
CVE-2026-42642
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
447
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Server-Side Request Forgery (SSRF) vulnerability in ILLID Share This Image share-this-image allows Server Side Request Forgery.This issue affects Share This Image: from n/a through <= 2.14.
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42641
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
448
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontend_rewrite' function's 'WPMETEOR[N]WPMETEOR' placeholder content in all…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-2902
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
449
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/co…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4019
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
450
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vu…
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-42518
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
