|
4811
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. …
|
CWE-352
Origin Validation Error
|
CVE-2026-1672
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4812
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. …
|
CWE-352
Origin Validation Error
|
CVE-2026-1673
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4813
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Inje…
|
CWE-89
SQL Injection
|
CVE-2026-1865
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4814
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings[js]' parameter in versions up to, and including, 2.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2481
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4815
|
8.8 |
HIGH
Network
|
-
|
-
|
The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1…
|
CWE-22
Path Traversal
|
CVE-2026-3243
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4816
|
7.5 |
HIGH
Network
|
-
|
-
|
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on th…
|
CWE-89
SQL Injection
|
CVE-2026-3396
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4817
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due …
|
CWE-79
Cross-site Scripting
|
CVE-2026-2509
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4818
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on th…
|
CWE-352
Origin Validation Error
|
CVE-2026-0811
|
2026-04-25 03:05 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4819
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in all versions up to, and…
|
CWE-862
Missing Authorization
|
CVE-2026-0814
|
2026-04-25 03:05 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4820
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and includ…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-2942
|
2026-04-25 03:05 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
