|
4611
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Vulnerabilidad de deserialización de datos no confiables en wpdive Nexa Blocks nexa-blocks permite la inyección de objetos. Este problema afecta a Nexa Blocks: desde n/a hasta <= 1.1.1.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-25429
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4612
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Se…
|
CWE-862
Missing Authorization
|
CVE-2026-25430
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4613
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Vulnerabilidad de falta de autorización en CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp permite explotar niveles de seguridad de control de ac…
|
CWE-862
Missing Authorization
|
CVE-2026-25430
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4614
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Stored XSS.This iss…
|
CWE-79
Cross-site Scripting
|
CVE-2026-25435
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4615
|
7.1 |
HIGH
Network
|
-
|
-
|
Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') vulnerabilidad en wpdevart Booking calendar, Appointment Booking System booking-calendar permite …
|
CWE-79
Cross-site Scripting
|
CVE-2026-25435
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4616
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GZSEO: from n/a through <= 2.0.14.
|
CWE-862
Missing Authorization
|
CVE-2026-25437
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4617
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Vulnerabilidad de autorización faltante en ??? ???????? ????? GZSEO gzseo permite la explotación de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a GZSE…
|
CWE-862
Missing Authorization
|
CVE-2026-25437
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4618
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a throu…
|
CWE-94
Code Injection
|
CVE-2026-25447
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4619
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Vulnerabilidad de control inadecuado de la generación de código ('Inyección de código') en Jonathan Daggerhart Widget Wrangler widget-wrangler permite la inyección de código. Este problema afecta a W…
|
CWE-94
Code Injection
|
CVE-2026-25447
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4620
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDO Remoji remoji allows Stored XSS.This issue affects Remoji: from n/a through <= 2.2.
|
CWE-79
Cross-site Scripting
|
CVE-2026-25452
|
2026-04-25 01:35 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
