|
1431
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Splide Carousel Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'url' Block Attribute in all versions up to, and including, 1.7.1 due to insufficient input sanitizatio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9022
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1432
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search R…
|
CWE-862
Missing Authorization
|
CVE-2025-14481
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1433
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockUniqId' block attribute in multiple Product Gride blocks…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6287
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1434
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due…
|
CWE-352
Origin Validation Error
|
CVE-2026-9236
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1435
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPH…
|
CWE-352
Origin Validation Error
|
CVE-2026-7614
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1436
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The faq shortocde plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in the 'faq' shortcode in all versions up to, and including, 1.0 due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8040
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1437
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The My Email Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subject' shortcode attribute in the 'my-email' shortcode in all versions up to, and including, 0.91 d…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8048
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1438
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the as_get_coin_shortcode(…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8698
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1439
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the `title-ticker-slide`, `title-ticker-fade`, and `title-ticker-typing` shortcodes. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8701
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1440
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This is due to insufficient output escaping in…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8702
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
