|
4561
|
7.5 |
HIGH
Network
|
-
|
-
|
The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1…
|
CWE-89
SQL Injection
|
CVE-2026-3456
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4562
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the import_images() fun…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-2948
|
2026-05-5 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4563
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6704
|
2026-05-5 12:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4564
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admi…
|
CWE-352
Origin Validation Error
|
CVE-2026-6702
|
2026-05-5 12:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4565
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This…
|
CWE-352
Origin Validation Error
|
CVE-2026-6701
|
2026-05-5 12:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4566
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the settings_page_…
|
CWE-352
Origin Validation Error
|
CVE-2026-6700
|
2026-05-5 12:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4567
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'first_name', 'last_name', and 'phone' parameters on the plugin's sign-up admin page in…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6696
|
2026-05-5 12:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4568
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'num' attribute of the 'owls_wrapper' shortcode in all versions up to, and including, 2.1.1 due to …
|
CWE-79
Cross-site Scripting
|
CVE-2026-6255
|
2026-05-5 12:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4569
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `clippy` shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5505
|
2026-05-5 12:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4570
|
5.5 |
MEDIUM
Network
|
-
|
-
|
The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the [futureaction] shortcode in all versions up to,…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5247
|
2026-05-5 12:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
