|
3111
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `social` shortcode in all versions up to, and including, 1.2. This is due to insufficient inp…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7659
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3112
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `box` shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitiza…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7661
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3113
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb_handle_slek_payment_redirect() function placing the merchant's slek_…
|
CWE-200
Information Exposure
|
CVE-2026-7626
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3114
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the s…
|
CWE-862
Missing Authorization
|
CVE-2026-1934
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3115
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escapi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6800
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3116
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output esca…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6813
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3117
|
8.5 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend v…
|
CWE-89
SQL Injection
|
CVE-2026-42741
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3118
|
8.5 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects Views…
|
CWE-89
SQL Injection
|
CVE-2026-42742
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3119
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a thr…
|
CWE-862
Missing Authorization
|
CVE-2026-45210
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3120
|
8.5 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affe…
|
CWE-89
SQL Injection
|
CVE-2026-45211
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
