|
2601
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: fr…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-42644
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2602
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42643
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2603
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 4.14.5.
|
CWE-862
Missing Authorization
|
CVE-2026-42642
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2604
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Server-Side Request Forgery (SSRF) vulnerability in ILLID Share This Image share-this-image allows Server Side Request Forgery.This issue affects Share This Image: from n/a through <= 2.14.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42641
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2605
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontend_rewrite' function's 'WPMETEOR[N]WPMETEOR' placeholder content in all…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2902
|
2026-04-29 21:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2606
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/co…
|
CWE-862
Missing Authorization
|
CVE-2026-4019
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2607
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vu…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-42518
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2608
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulat…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42517
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2609
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in th…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42516
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2610
|
- |
|
-
|
-
|
This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API re…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42515
|
2026-04-29 18:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
