|
1631
|
7.5 |
HIGH
Network
|
-
|
-
|
The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insuf…
|
CWE-89
SQL Injection
|
CVE-2026-1250
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1632
|
7.1 |
HIGH
Network
|
-
|
-
|
The MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability…
|
CWE-862
Missing Authorization
|
CVE-2026-5371
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1633
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference (IDOR) in all versions up to, and including, 4.0.1 only when …
|
CWE-862
Missing Authorization
|
CVE-2025-14755
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1634
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This makes it possible for …
|
CWE-200
Information Exposure
|
CVE-2025-9987
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1635
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create_advertiser AJAX action in all versions up to, and including, 1.53.1. This mak…
|
CWE-285
Improper Authorization
|
CVE-2025-9988
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1636
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output esc…
|
CWE-79
Cross-site Scripting
|
CVE-2025-9989
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1637
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permission_message' parameter in …
|
CWE-79
Cross-site Scripting
|
CVE-2026-6828
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1638
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_cog_product_cost' and 'alg_wc_cog_produc…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6962
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1639
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' function in all ver…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-14033
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1640
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verific…
|
CWE-862
Missing Authorization
|
CVE-2026-7051
|
2026-05-13 23:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
