|
411
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.…
New
|
CWE-89
SQL Injection
|
CVE-2026-5486
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
412
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in th…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5361
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
413
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all versions up to, and including, 1.6.2…
New
|
CWE-80
Basic XSS
|
CVE-2025-15345
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
414
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying tha…
New
|
CWE-862
Missing Authorization
|
CVE-2026-7525
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
415
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7648
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
416
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks…
New
|
CWE-862
Missing Authorization
|
CVE-2026-3829
|
2026-05-14 23:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
417
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the `menu_hover_click` …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5243
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
418
|
8.2 |
HIGH
Network
|
-
|
-
|
The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authori…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5396
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
419
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed_orders' parameter in all versions up to, and including, 1.4.0 due to insufficient…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6417
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
420
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to inc…
New
|
CWE-287
Improper Authentication
|
CVE-2026-8181
|
2026-05-14 23:28 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
