|
2551
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47982
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2552
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47983
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2553
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldn…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47984
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2554
|
6.2 |
MEDIUM
Local
|
-
|
-
|
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path param…
|
CWE-22
Path Traversal
|
CVE-2022-50953
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2555
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-54350
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2556
|
7.2 |
HIGH
Network
|
-
|
-
|
WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers c…
|
CWE-79
Cross-site Scripting
|
CVE-2023-54351
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2557
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers ca…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-54352
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2558
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attack…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-58348
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2559
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-58349
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2560
|
7.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packet…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-3238
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
