|
3911
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due …
|
CWE-862
Missing Authorization
|
CVE-2026-8692
|
2026-05-22 18:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3912
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is aut…
|
CWE-862
Missing Authorization
|
CVE-2026-8684
|
2026-05-22 18:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3913
|
7.5 |
HIGH
Network
|
-
|
-
|
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint() function (hooked to temp…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8679
|
2026-05-22 18:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3914
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A broken access
control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not
correctly enforce authorization checks, allowing an a…
|
CWE-862
Missing Authorization
|
CVE-2026-8381
|
2026-05-22 18:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3915
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7798
|
2026-05-22 18:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3916
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the map_meta_cap. …
|
CWE-200
Information Exposure
|
CVE-2026-7636
|
2026-05-22 18:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3917
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the save_widge…
|
CWE-352
Origin Validation Error
|
CVE-2026-7615
|
2026-05-22 18:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3918
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output esc…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9104
|
2026-05-22 14:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3919
|
8.8 |
HIGH
Network
|
-
|
-
|
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the `easyel_handle_register()` …
|
CWE-269
Improper Privilege Management
|
CVE-2026-9018
|
2026-05-22 14:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3920
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` shortcode `before` and `after` attributes in all versions up to, and including, 4.0.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7509
|
2026-05-22 14:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
