|
1951
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due …
|
CWE-79
Cross-site Scripting
|
CVE-2026-2509
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1952
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on th…
|
CWE-352
Origin Validation Error
|
CVE-2026-0811
|
2026-04-25 03:05 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1953
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in all versions up to, and…
|
CWE-862
Missing Authorization
|
CVE-2026-0814
|
2026-04-25 03:05 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1954
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and includ…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-2942
|
2026-04-25 03:05 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1955
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command in…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-5802
|
2026-04-25 03:05 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1956
|
8.1 |
HIGH
Network
|
-
|
-
|
The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter (upload field ke…
|
CWE-22
Path Traversal
|
CVE-2026-5436
|
2026-04-25 03:05 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1957
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5451
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1958
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contact_us.php. Executing a manipulation of the argument Name …
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-5805
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1959
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 d…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5711
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1960
|
3.5 |
LOW
Network
|
-
|
-
|
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cro…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-5806
|
2026-04-25 03:04 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
