|
1651
|
7.2 |
HIGH
Network
|
-
|
-
|
The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all versions up to, and including, 1.163 due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-10092
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1652
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' parameter. This makes it possible for authenticated a…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-11370
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1653
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or incorrect nonce validation on the plugin's settings …
|
CWE-352
Origin Validation Error
|
CVE-2026-11997
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1654
|
7.2 |
HIGH
Network
|
-
|
-
|
The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attacke…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-12100
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1655
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Secufor_OAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not properly verifying that a user is authorized to …
|
CWE-862
Missing Authorization
|
CVE-2026-7617
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1656
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the assistio_plugin_delete_assistio_settings()…
|
CWE-862
Missing Authorization
|
CVE-2026-8614
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1657
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdb_ajax_delete_user() function in versions up…
|
CWE-862
Missing Authorization
|
CVE-2026-12094
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1658
|
7.2 |
HIGH
Network
|
-
|
-
|
The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'api_url' parameter. This makes it possible for unauthenticated att…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-12095
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1659
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is due to …
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-12417
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1660
|
8.8 |
HIGH
Network
|
-
|
-
|
The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the nc_setOptio…
|
CWE-862
Missing Authorization
|
CVE-2026-4297
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
