|
901
|
2.4 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The mani…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10514
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
2.4 |
LOW
Network
|
-
|
-
|
A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJo…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10529
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields (Page Background, Form Background, Text Color, Link Color) in versions up …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-10100
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
904
|
3.5 |
LOW
Network
|
-
|
-
|
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the com…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10567
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_to_cart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4080
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [zemstl] shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and ou…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-4081
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
907
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admin_init fu…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-9599
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
908
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPage…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-9722
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
909
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the go…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-9723
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
910
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification …
New
|
CWE-862
Missing Authorization
|
CVE-2026-9234
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
