|
261
|
4.7 |
MEDIUM
Network
|
-
|
-
|
The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum_location_notification' parameter in versions up to, and including, 1.4.31 due to insufficient inpu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-2827
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
8.1 |
HIGH
Network
|
-
|
-
|
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlus_Remote_Communications_V2::wp…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-10795
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS.
This issue affects WP Mail Log: from n/a through 1.0.2.
New
|
CWE-79
Cross-site Scripting
|
CVE-2023-33999
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Lev…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2023-40200
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery.
This issue affects WpEvently: from n/a through 4.1.2.
New
|
CWE-352
Origin Validation Error
|
CVE-2024-32110
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Soledad: from n/a through 8.2.5.
New
|
CWE-862
Missing Authorization
|
CVE-2022-42479
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery.
This issue affects YITH WooCommerce Product Slider Carousel: from …
New
|
CWE-352
Origin Validation Error
|
CVE-2022-44630
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Advanced AJAX Product Filter…
New
|
CWE-862
Missing Authorization
|
CVE-2022-45813
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery.
This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.…
New
|
CWE-352
Origin Validation Error
|
CVE-2022-47150
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Contact Form &…
New
|
CWE-862
Missing Authorization
|
CVE-2023-25969
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
