|
1701
|
4.5 |
MEDIUM
Local
|
-
|
-
|
A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use after free. Local access is required to approach…
|
CWE-119
CWE-416
Incorrect Access of Indexable Resource ('Range Error')
Use After Free
|
CVE-2026-11623
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1702
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the `epaperflip_embed` shortcode in all versions up to, and including, …
|
CWE-79
Cross-site Scripting
|
CVE-2026-7662
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1703
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the `helpfulcrowd_validate_to…
|
CWE-843
Type Confusion
|
CVE-2026-8499
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1704
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is d…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8841
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1705
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute (and other attributes) of the romancart_button shortcode in versions up to, and i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8880
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1706
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8882
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1707
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8883
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1708
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input …
|
CWE-79
Cross-site Scripting
|
CVE-2026-8895
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1709
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rc_o…
|
CWE-352
Origin Validation Error
|
CVE-2026-8902
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1710
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.…
|
CWE-352
Origin Validation Error
|
CVE-2026-8904
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
