|
4531
|
7.2 |
HIGH
Network
|
-
|
-
|
The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hb_country_iso', 'hb_usa_state_iso', and 'hb_canada_province_iso' parameters in all versions up to, and including,…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8143
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4532
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on a function. This ma…
|
CWE-352
Origin Validation Error
|
CVE-2026-8906
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4533
|
8.8 |
HIGH
Network
|
-
|
-
|
The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due…
|
CWE-94
Code Injection
|
CVE-2026-8832
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4534
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MetaMagic SEO Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the metama…
|
CWE-352
Origin Validation Error
|
CVE-2026-8942
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4535
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RiceTheme Felan Framework allows Reflected XSS.
This issue affects Felan Framework: from n/a thr…
|
CWE-79
Cross-site Scripting
|
CVE-2025-22741
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4536
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS.
This issue affects Themebox …
|
CWE-79
Cross-site Scripting
|
CVE-2025-52747
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4537
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data.
This issue affects GenerateBlocks: from n/a through 2.1.0.
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-48877
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4538
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows DOM-Based XSS.
This issue affects Master Slider: from n/a through 3.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48968
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4539
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authentica…
|
CWE-73
External Control of File Name or Path
|
CVE-2025-0898
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4540
|
4.8 |
MEDIUM
Network
|
-
|
-
|
The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output esca…
|
CWE-79
Cross-site Scripting
|
CVE-2026-2280
|
2026-05-27 23:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
