|
761
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the `handle_oauth…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-7533
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
762
|
8.8 |
HIGH
Network
|
-
|
-
|
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due t…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-9009
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
763
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmart_widget' shortcode in all versions up to, and including, 1.2 due …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9644
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
764
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the _filter_videos() method that breaks HT…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6427
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
765
|
8.1 |
HIGH
Network
|
-
|
-
|
The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and i…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-6455
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
766
|
7.2 |
HIGH
Network
|
-
|
-
|
The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'file_upload' parameter in all versions up to, and including, 2.…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7052
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
767
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.13.19. This is due to the plugin not properly verifying that a user is authorized to …
New
|
CWE-862
Missing Authorization
|
CVE-2026-7552
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
768
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying th…
New
|
CWE-862
Missing Authorization
|
CVE-2026-7621
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
769
|
7.2 |
HIGH
Network
|
-
|
-
|
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitizatio…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7634
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
770
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sani…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7660
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
