|
4291
|
8.1 |
HIGH
Network
|
-
|
-
|
Vulnerabilidad de deserialización de datos no confiables en xtemos WoodMart woodmart permite la inyección de objetos. Este problema afecta a WoodMart: desde n/a hasta <= 8.3.8.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-23971
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4292
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.Thi…
|
CWE-862
Missing Authorization
|
CVE-2026-23972
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4293
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Vulnerabilidad por falta de autorización en magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce permite explotar niveles de seguridad de control de acceso configurado…
|
CWE-862
Missing Authorization
|
CVE-2026-23972
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4294
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5.
|
CWE-79
Cross-site Scripting
|
CVE-2026-23973
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4295
|
7.1 |
HIGH
Network
|
-
|
-
|
Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') vulnerabilidad en uxper Golo golo permite XSS Reflejado. Este problema afecta a Golo: desde n/a h…
|
CWE-79
Cross-site Scripting
|
CVE-2026-23973
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4296
|
7.5 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security …
|
CWE-862
Missing Authorization
|
CVE-2026-23977
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4297
|
7.5 |
HIGH
Network
|
-
|
-
|
Vulnerabilidad de autorización faltante en WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce permite la explotación de niveles de seguridad de control de …
|
CWE-862
Missing Authorization
|
CVE-2026-23977
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4298
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: f…
|
CWE-79
Cross-site Scripting
|
CVE-2026-23979
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4299
|
7.1 |
HIGH
Network
|
-
|
-
|
Neutralización Incorrecta de Entrada Durante la Generación de Páginas Web ('cross-site scripting') vulnerabilidad en Softwebmedia Gyan Elements gyan-elements permite XSS Reflejado. Este problema afec…
|
CWE-79
Cross-site Scripting
|
CVE-2026-23979
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4300
|
8.8 |
HIGH
Network
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through <= 4.2.4.
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-24359
|
2026-04-25 01:32 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
