|
1621
|
6.6 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7566
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1622
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to an…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-7792
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1623
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' parameter in all versions up to, and including, 1.2.0 …
|
CWE-89
SQL Injection
|
CVE-2026-8978
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1624
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_text' Settings in all versio…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8991
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1625
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [chat] shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to ins…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7795
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1626
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'retu…
|
CWE-862
Missing Authorization
|
CVE-2026-8502
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1627
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated…
|
CWE-22
Path Traversal
|
CVE-2026-9197
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1628
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9280
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1629
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user i…
|
CWE-862
Missing Authorization
|
CVE-2026-7624
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1630
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoice_id' parameter due to missing valid…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8611
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
