|
3331
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `embed_form_action()` function in all versions up t…
|
CWE-862
Missing Authorization
|
CVE-2026-3601
|
2026-05-5 18:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3332
|
7.5 |
HIGH
Network
|
-
|
-
|
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due…
|
CWE-89
SQL Injection
|
CVE-2026-3359
|
2026-05-5 18:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3333
|
7.5 |
HIGH
Network
|
-
|
-
|
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1[file][file_path…
|
CWE-22
Path Traversal
|
CVE-2026-5192
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3334
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection.
This issue affects WebinarIgnition: …
|
CWE-89
SQL Injection
|
CVE-2026-40797
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3335
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-3454
|
2026-05-5 16:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3336
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to p…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-2729
|
2026-05-5 16:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3337
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7823
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3338
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /print_pdets.php. The manipulation of the argument ids leads to sql injectio…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7822
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3339
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7812
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3340
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component…
|
CWE-22
Path Traversal
|
CVE-2026-7811
|
2026-05-5 14:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
