|
301
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Product SKU in all version…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-11783
|
2026-06-27 17:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is due to the plugin not pr…
New
|
CWE-862
Missing Authorization
|
CVE-2026-11773
|
2026-06-27 17:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to ins…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-11597
|
2026-06-27 17:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a miss…
New
|
CWE-862
Missing Authorization
|
CVE-2026-11364
|
2026-06-27 17:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305
|
- |
|
-
|
-
|
The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariff_infourl setting before outputting it in the frontend HTML via the generateshariff() funct…
New
|
-
|
CVE-2026-9677
|
2026-06-27 15:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input san…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-13245
|
2026-06-27 15:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly veri…
New
|
CWE-862
Missing Authorization
|
CVE-2026-12404
|
2026-06-27 15:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308
|
- |
|
-
|
-
|
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription act…
New
|
-
|
CVE-2026-10820
|
2026-06-27 15:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309
|
7.5 |
HIGH
Network
|
-
|
-
|
A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2025-60474
|
2026-06-27 15:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplyin…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60473
|
2026-06-27 15:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
