|
4801
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions:…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-39711
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4802
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a th…
|
CWE-80
Basic XSS
|
CVE-2026-39712
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4803
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorr…
|
CWE-862
Missing Authorization
|
CVE-2026-39713
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4804
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects G5Plus April: from n/a through <= 6…
|
CWE-862
Missing Authorization
|
CVE-2026-39714
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4805
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe…
|
CWE-862
Missing Authorization
|
CVE-2026-39715
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4806
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8.
|
CWE-862
Missing Authorization
|
CVE-2026-39716
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4807
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the [pc-login-form] shortcode in all versions up to, and including, 1.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4025
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4808
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdflio' shortcode in all versions up to, and including, 1.0.5. This is due to insufficient input sanitization an…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4073
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4809
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom `|***...***|` …
|
CWE-79
Cross-site Scripting
|
CVE-2026-4300
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4810
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wsm_showDayStatsGraph' shortcode in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4303
|
2026-04-25 03:05 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
