|
3051
|
4.4 |
MEDIUM
Network
|
-
|
-
|
El plugin Wikilookup para WordPress es vulnerable a cross-site scripting almacenado a través de la configuración 'Popup Width' en todas las versiones hasta la 1.1.5, inclusive. Esto se debe a una san…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3354
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3052
|
5.5 |
MEDIUM
Network
|
-
|
-
|
El plugin Multi Functional Flexi Lightbox para WordPress es vulnerable a cross-site scripting almacenado a través del parámetro `arv_lb[message]` en todas las versiones hasta la 1.2, inclusive, debid…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3347
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3053
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback (update_user_wec…
|
CWE-20
Improper Input Validation
|
CVE-2026-3460
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3054
|
5.3 |
MEDIUM
Network
|
-
|
-
|
El plugin REST API TO MiniProgram para WordPress es vulnerable a la Referencia Directa Insegura a Objetos en todas las versiones hasta la 5.1.2, inclusive. Esto se debe a que la función de devolución…
|
CWE-20
Improper Input Validation
|
CVE-2026-3460
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3055
|
7.2 |
HIGH
Network
|
-
|
-
|
The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3 via the redux_p AJAX action in the bundled ReduxFramework l…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-3478
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3056
|
7.2 |
HIGH
Network
|
-
|
-
|
El plugin Content Syndication Toolkit para WordPress es vulnerable a falsificación de petición del lado del servidor en todas las versiones hasta la 1.3, inclusive, a través de la acción AJAX redux_p…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-3478
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3057
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is auth…
|
CWE-862
Missing Authorization
|
CVE-2026-3506
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3058
|
5.3 |
MEDIUM
Network
|
-
|
-
|
El plugin WP-Chatbot para Messenger para WordPress es vulnerable a una omisión de autorización en todas las versiones hasta la 4.9, inclusive. Esto se debe a que el plugin no verifica correctamente q…
|
CWE-862
Missing Authorization
|
CVE-2026-3506
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3059
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configura…
|
CWE-862
Missing Authorization
|
CVE-2026-3570
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3060
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshot_form_builder_get_account_data() function is registe…
|
CWE-202
Exposure of Sensitive Information Through Data Queries
|
CVE-2026-3546
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
