|
1631
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontend_rewrite' function's 'WPMETEOR[N]WPMETEOR' placeholder content in all…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2902
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1632
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/co…
|
CWE-862
Missing Authorization
|
CVE-2026-4019
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1633
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vu…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-42518
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1634
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulat…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42517
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1635
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in th…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42516
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1636
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API re…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42515
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1637
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTP…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-42514
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1638
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vul…
|
-
|
CVE-2026-42513
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1639
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WP User Frontend: from n/a through 4.3.1.
|
CWE-862
Missing Authorization
|
CVE-2026-42412
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1640
|
7.3 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects SureForms Pro: from n/a through 2.8.…
|
CWE-862
Missing Authorization
|
CVE-2026-42377
|
2026-04-29 17:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
