|
4171
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Comment SPAM Wiper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' setting in all versions up to, and including, 1.2.1. This is due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3353
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4172
|
4.3 |
MEDIUM
Network
|
-
|
-
|
El plugin Xhanch - My Advanced Settings para WordPress es vulnerable a la falsificación de petición en sitios cruzados en todas las versiones hasta la 1.1.2, inclusive. Esto se debe a la falta de val…
|
CWE-352
Origin Validation Error
|
CVE-2026-3332
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4173
|
8.8 |
HIGH
Network
|
-
|
-
|
El plugin CMS Commander para WordPress es vulnerable a inyección SQL a través de los parámetros 'or_blogname', 'or_blogdescription' y 'or_admin_email' en todas las versiones hasta la 2.288, inclusive…
|
CWE-89
SQL Injection
|
CVE-2026-3334
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4174
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the `/wp-content/plugins/canto/includes/lib/copy-media.php` file. This is due to …
|
CWE-862
Missing Authorization
|
CVE-2026-3335
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4175
|
5.3 |
MEDIUM
Network
|
-
|
-
|
El plugin Canto para WordPress presenta una vulnerabilidad de falta de autorización en todas las versiones hasta la 3.1.1, incluida esta, a través del archivo `/wp-content/plugins/canto/includes/lib/…
|
CWE-862
Missing Authorization
|
CVE-2026-3335
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4176
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `arv_lb[message]` parameter in all versions up to, and including, 1.2 due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3347
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4177
|
4.4 |
MEDIUM
Network
|
-
|
-
|
El plugin Comment Correo no deseado Wiper para WordPress es vulnerable a cross-site scripting almacenado a través de la configuración 'API Key' en todas las versiones hasta la 1.2.1, inclusive. Esto …
|
CWE-79
Cross-site Scripting
|
CVE-2026-3353
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4178
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitizat…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3354
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4179
|
4.4 |
MEDIUM
Network
|
-
|
-
|
El plugin Wikilookup para WordPress es vulnerable a cross-site scripting almacenado a través de la configuración 'Popup Width' en todas las versiones hasta la 1.1.5, inclusive. Esto se debe a una san…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3354
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4180
|
5.5 |
MEDIUM
Network
|
-
|
-
|
El plugin Multi Functional Flexi Lightbox para WordPress es vulnerable a cross-site scripting almacenado a través del parámetro `arv_lb[message]` en todas las versiones hasta la 1.2, inclusive, debid…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3347
|
2026-04-25 01:27 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
