|
3061
|
5.3 |
MEDIUM
Network
|
-
|
-
|
El plugin e-shot form builder para WordPress es vulnerable a la Exposición de Información Sensible en todas las versiones hasta la 1.0.2, inclusive. La función eshot_form_builder_get_account_data() e…
|
CWE-202
Exposure of Sensitive Information Through Data Queries
|
CVE-2026-3546
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3062
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Sherk Custom Post Type Displays plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in all versions up to, and including, 1.2.1. This is due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3554
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3063
|
6.4 |
MEDIUM
Network
|
-
|
-
|
El plugin Sherk Custom Post Type Displays para WordPress es vulnerable a cross-site scripting almacenado a través del atributo 'title' del shortcode en todas las versiones hasta la 1.2.1, inclusive. …
|
CWE-79
Cross-site Scripting
|
CVE-2026-3554
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3064
|
5.3 |
MEDIUM
Network
|
-
|
-
|
El plugin Smarter Analytics para WordPress es vulnerable a acceso no autorizado en todas las versiones hasta la 2.0, inclusive. Esto se debe a la falta de autenticación y comprobaciones de capacidad …
|
CWE-862
Missing Authorization
|
CVE-2026-3570
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3065
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amount' and 'name' shortcode attributes in all versions up to, and including, 0.3. This is due to insuf…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3617
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3066
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Show Posts list – Easy designs, filters and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'post_type' shortcode attribute in the 'swiftpost-list' shortcode in all…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4022
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3067
|
6.4 |
MEDIUM
Network
|
-
|
-
|
El plugin Show Posts list – Easy designs, filters and more para WordPress es vulnerable a cross-site scripting almacenado a través del atributo de shortcode 'post_type' en el shortcode 'swiftpost-lis…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4022
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3068
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4069
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3069
|
6.4 |
MEDIUM
Network
|
-
|
-
|
El plugin Paypal Shortcode para WordPress es vulnerable a cross-site scripting almacenado a través de los atributos de shortcode 'amount' y 'name' en todas las versiones hasta la 0.3, inclusive. Esto…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3617
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3070
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Sheets2Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titles' shortcode attribute in the [sheets2table-render-table] shortcode in all versions up to and includin…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3619
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
