|
3101
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the Skysa…
|
CWE-352
Origin Validation Error
|
CVE-2026-6710
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3102
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.0. This is due to insufficient input …
|
CWE-79
Cross-site Scripting
|
CVE-2026-6808
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3103
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widget_area' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization an…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6913
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3104
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings u…
|
CWE-352
Origin Validation Error
|
CVE-2026-6932
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3105
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perf…
|
CWE-862
Missing Authorization
|
CVE-2026-7050
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3106
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `editpos_hidden` parameter in all versions up to, and including, 1.3. This is due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7437
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3107
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, 1.2. This is due to insufficient inp…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7464
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3108
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a fu…
|
CWE-352
Origin Validation Error
|
CVE-2026-7561
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3109
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form a…
|
CWE-352
Origin Validation Error
|
CVE-2026-7562
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3110
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyi_admin…
|
CWE-352
Origin Validation Error
|
CVE-2026-7616
|
2026-05-12 23:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
