|
1001
|
7.4 |
HIGH
Network
|
-
|
-
|
A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN sit…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-50752
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1002
|
7.2 |
HIGH
Network
|
-
|
-
|
A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to bypass Fine-Gr…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-11577
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1003
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to pe…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-7523
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1004
|
3.8 |
LOW
Network
|
-
|
-
|
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_si…
Update
|
CWE-73
External Control of File Name or Path
|
CVE-2025-12656
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1005
|
8.8 |
HIGH
Network
|
-
|
-
|
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7654
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1006
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to A…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-10038
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1007
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1…
Update
|
CWE-89
SQL Injection
|
CVE-2026-6448
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1008
|
7.5 |
HIGH
Network
|
-
|
-
|
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) functi…
Update
|
CWE-22
Path Traversal
|
CVE-2026-9290
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1009
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missin…
Update
|
CWE-352
Origin Validation Error
|
CVE-2026-9719
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1010
|
7.2 |
HIGH
Network
|
-
|
-
|
The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_send_comm_email function. This is due to no file type,…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7537
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
