|
3401
|
6.4 |
MEDIUM
Network
|
-
|
-
|
El plugin WordPress PayPal Donation para WordPress es vulnerable a cross-site scripting almacenado a través del shortcode 'donate' en todas las versiones hasta la 1.01, inclusive. Esto se debe a una …
|
CWE-79
Cross-site Scripting
|
CVE-2026-4072
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3402
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fyyd-podcast', 'fyyd-episode', and 'fyyd' shortcodes in all versions up to, and including, 0.3.1…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4084
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3403
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Una falla de seguridad ha sido descubierta en PbootCMS hasta la versión 3.2.12. Esto afecta una función desconocida del archivo core/function/file.php del componente Carga de Archivos. La manipulació…
|
CWE-183
CWE-184
Permissive List of Allowed Inputs
Incomplete Blacklist
|
CVE-2026-4509
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3404
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipu…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-4510
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3405
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Se ha identificado una debilidad en PbootCMS hasta 3.2.12. Esto afecta a la función alert_location del archivo apps/home/controller/MemberController.php del componente Gestor de Parámetros. Esta mani…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-4510
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3406
|
6.4 |
MEDIUM
Network
|
-
|
-
|
El plugin de shortcodes fyyd podcast para WordPress es vulnerable a Cross-Site Scripting Almacenado a través de los shortcodes 'fyyd-podcast', 'fyyd-episode' y 'fyyd' en todas las versiones hasta la …
|
CWE-79
Cross-site Scripting
|
CVE-2026-4084
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3407
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode attributes of the 'wp_random_button' shortcode in all versions up t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4086
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3408
|
6.4 |
MEDIUM
Network
|
-
|
-
|
El plugin WP Random Button para WordPress es vulnerable a Cross-Site Scripting Almacenado a través de los atributos del shortcode 'cat', 'nocat' y 'text' del shortcode 'wp_random_button' en todas las…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4086
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3409
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The `speedup01_ajax_enabled()` function, which handles the `wp_ajax_spe…
|
CWE-862
Missing Authorization
|
CVE-2026-4127
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3410
|
4.3 |
MEDIUM
Network
|
-
|
-
|
El plugin Speedup Optimization para WordPress es vulnerable a la falta de autorización en todas las versiones hasta la 1.5.9 inclusive. La función speedup01_ajax_enabled(), que maneja la acción AJAX …
|
CWE-862
Missing Authorization
|
CVE-2026-4127
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
