|
2731
|
7.3 |
HIGH
Network
|
-
|
-
|
Se encontró una vulnerabilidad en SourceCodester E-Commerce Site 1.0. Esta vulnerabilidad afecta código desconocido del archivo /products.PHP. La manipulación del argumento Search resulta en inyecció…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4613
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2732
|
6.5 |
MEDIUM
Network
|
-
|
-
|
El plugin Quiz and Survey Master (QSM) para WordPress es vulnerable a inyección SQL a través del parámetro 'merged_question' en todas las versiones hasta la 10.3.5, inclusive. Esto se debe a una sani…
|
CWE-89
SQL Injection
|
CVE-2026-2412
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2733
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function o…
|
CWE-862
Missing Authorization
|
CVE-2026-3225
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2734
|
4.3 |
MEDIUM
Network
|
-
|
-
|
El plugin LearnPress – WordPress LMS Plugin para WordPress es vulnerable a la eliminación no autorizada de respuestas a preguntas de cuestionario debido a una verificación de capacidad faltante en la…
|
CWE-862
Missing Authorization
|
CVE-2026-3225
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2735
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and includ…
|
CWE-862
Missing Authorization
|
CVE-2026-4066
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2736
|
4.3 |
MEDIUM
Network
|
-
|
-
|
El plugin Smart Custom Fields para WordPress es vulnerable al acceso no autorizado de datos debido a una comprobación de capacidad faltante en la función relational_posts_search() en todas las versio…
|
CWE-862
Missing Authorization
|
CVE-2026-4066
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2737
|
8.8 |
HIGH
Network
|
-
|
-
|
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the upl…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-3533
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2738
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4614
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2739
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Una vulnerabilidad fue determinada en itsourcecode sanitize or validate this input 1.0. Este problema afecta algún procesamiento desconocido del archivo /admin/subjects.php del componente Gestor de P…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4614
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2740
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injecti…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4615
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
