|
4141
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parame…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37235
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4142
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the f…
|
CWE-22
Path Traversal
|
CVE-2021-47977
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4143
|
8.8 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers …
|
CWE-22
Path Traversal
|
CVE-2021-47979
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4144
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspat…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2018-25324
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4145
|
7.5 |
HIGH
Network
|
-
|
-
|
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parame…
|
CWE-22
Path Traversal
|
CVE-2018-25326
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4146
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attack…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2018-25329
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4147
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint.…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2018-25335
|
2026-05-19 02:05 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4148
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube (YouTube video, channel, and galle…
|
CWE-862
Missing Authorization
|
CVE-2026-1631
|
2026-05-19 02:05 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4149
|
8.8 |
HIGH
Network
|
-
|
-
|
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Script…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3220
|
2026-05-19 02:05 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4150
|
8.6 |
HIGH
Network
|
-
|
-
|
The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthenticated users to perform SQL injection at…
|
CWE-89
SQL Injection
|
CVE-2026-6379
|
2026-05-19 02:05 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
