|
4361
|
8.8 |
HIGH
Network
|
-
|
-
|
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. Th…
|
CWE-862
Missing Authorization
|
CVE-2026-5200
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4362
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in versions up to and including 0.…
|
CWE-352
Origin Validation Error
|
CVE-2026-6405
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4363
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get_stream_data()' function. This makes it possible for una…
|
CWE-200
Information Exposure
|
CVE-2026-6728
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4364
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Stored XSS.
This issue affects Visualizer: from n/a before 4.0.0.
|
CWE-79
Cross-site Scripting
|
CVE-2026-24573
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4365
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WpBookingly: from n/a through 1.2.9.
|
CWE-862
Missing Authorization
|
CVE-2026-27405
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4366
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Image Photo Gallery F…
|
CWE-862
Missing Authorization
|
CVE-2026-27424
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4367
|
7.6 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection.
This issue affects YITH WooCom…
|
CWE-89
SQL Injection
|
CVE-2026-42383
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4368
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affect…
|
CWE-862
Missing Authorization
|
CVE-2026-45443
|
2026-05-20 22:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4369
|
8.1 |
HIGH
Network
|
-
|
-
|
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authentica…
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-47107
|
2026-05-20 22:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4370
|
7.3 |
HIGH
Network
|
-
|
-
|
Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-26462
|
2026-05-20 22:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
