|
2151
|
7.2 |
HIGH
Network
|
-
|
-
|
The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'file_upload' parameter in all versions up to, and including, 2.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7052
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2152
|
7.2 |
HIGH
Network
|
-
|
-
|
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitizatio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7634
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2153
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7660
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2154
|
8.6 |
HIGH
Network
|
-
|
-
|
The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any Wo…
|
CWE-284
Improper Access Control
|
CVE-2026-7862
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2155
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin …
|
CWE-862
Missing Authorization
|
CVE-2026-8682
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2156
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7651
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2157
|
7.5 |
HIGH
Network
|
-
|
-
|
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'append_where_sql' parameter in all version…
|
CWE-89
SQL Injection
|
CVE-2026-7797
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2158
|
8.8 |
HIGH
Network
|
-
|
-
|
The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-9227
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2159
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to…
|
CWE-352
Origin Validation Error
|
CVE-2026-9618
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2160
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the [shariff] shortcode in all versions up to, and including, 4.6.20 due to insuf…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4334
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
