|
681
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPage…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-9722
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
682
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the go…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-9723
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
683
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on t…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-9730
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
684
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS.
This issue affects Accordion FAQ: from n/a thr…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-52759
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
685
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Printeers Print & Ship: from n/a t…
New
|
CWE-862
Missing Authorization
|
CVE-2025-52766
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
686
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation.
This issue affects Masteriyo LMS PRO: from n/a through 2.20.0.
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2025-53209
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
687
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Constructor: from n/a through 1.6.5.
New
|
CWE-862
Missing Authorization
|
CVE-2025-53302
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
688
|
8.8 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core.
This issue affects Thim Core: from n/a through 2.3.3.
New
|
CWE-862
Missing Authorization
|
CVE-2025-53345
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
689
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Thim Core: from n/a through 2.3.3.
New
|
CWE-862
Missing Authorization
|
CVE-2025-53346
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
690
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5191
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
