|
4301
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout c…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-8760
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4302
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Iframe Geo Style for Amazon affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'adid' Shortcode Attribute in all versions up to, and including, 1.1 due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8837
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4303
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This is due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8842
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4304
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rspcheck' shortcode in versions up to, and including, 0.0.3. This is due to insufficient input sanitiza…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8844
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4305
|
8.8 |
HIGH
Network
|
-
|
-
|
The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the `firebase_auth()` function authentica…
|
CWE-269
Improper Privilege Management
|
CVE-2026-8787
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4306
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8845
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4307
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'TUXQUOTE' shortcode in versions up to, and including, 1.3. This is due to insufficient input sanitization and o…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8846
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4308
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dideo' shortcode in version 1.0. This is due to insufficient input sanitization and output escaping on th…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8847
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4309
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'googleslides' shortcode in all versions up to, and including, 1.3. This is due to insufficient input…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8866
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4310
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Post Category Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'postcategorygallery' shortcode in versions up to, and including, 1.0.0. This is due to in…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8867
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
