|
1971
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a use…
|
CWE-862
Missing Authorization
|
CVE-2026-9619
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1972
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the delete_single_…
|
CWE-862
Missing Authorization
|
CVE-2026-9172
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1973
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the get_single_a…
|
CWE-862
Missing Authorization
|
CVE-2026-9175
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1974
|
7.5 |
HIGH
Network
|
-
|
-
|
The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/<id> (callback userDet…
|
CWE-862
Missing Authorization
|
CVE-2026-9178
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1975
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_lb24_token() AJAX function in versions up to, a…
|
CWE-862
Missing Authorization
|
CVE-2026-9184
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1976
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MotorDesk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the motordesk_admin…
|
CWE-352
Origin Validation Error
|
CVE-2026-9724
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1977
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdev_generate_order_pdf.…
|
CWE-200
Information Exposure
|
CVE-2026-9612
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1978
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the …
|
CWE-352
Origin Validation Error
|
CVE-2026-9721
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1979
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection.
This issue affects Funnel Buil…
|
CWE-89
SQL Injection
|
CVE-2026-56052
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1980
|
8.8 |
HIGH
Network
|
-
|
-
|
The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: (…
|
CWE-862
Missing Authorization
|
CVE-2026-7761
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|