|
1281
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the `helpfulcrowd_validate_to…
New
|
CWE-843
Type Confusion
|
CVE-2026-8499
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1282
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is d…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8841
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1283
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute (and other attributes) of the romancart_button shortcode in versions up to, and i…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8880
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1284
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input san…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8882
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1285
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8895
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1286
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8883
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1287
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rc_o…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-8902
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1288
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-8904
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1289
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the process_init() function hook…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-8907
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1290
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralS…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-8909
|
2026-06-9 22:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
