|
1481
|
7.5 |
HIGH
Network
|
-
|
-
|
The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the `pagseguro[metodo]` POST parameter of the `clearsale_total_push` AJAX action in all versions up to, and including, 3.4.…
|
CWE-89
SQL Injection
|
CVE-2026-8705
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1482
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The MIR blocks and shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute (and other attributes such as 'ready_animation_text') of the 'msc_stats' shor…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8896
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1483
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a funct…
|
CWE-352
Origin Validation Error
|
CVE-2026-8905
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1484
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the delete_single_…
|
CWE-862
Missing Authorization
|
CVE-2026-9172
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1485
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin not properly verifying that a user is auth…
|
CWE-862
Missing Authorization
|
CVE-2026-9616
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1486
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a use…
|
CWE-862
Missing Authorization
|
CVE-2026-9619
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1487
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the get_single_a…
|
CWE-862
Missing Authorization
|
CVE-2026-9175
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1488
|
7.5 |
HIGH
Network
|
-
|
-
|
The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/<id> (callback userDet…
|
CWE-862
Missing Authorization
|
CVE-2026-9178
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1489
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24_block_enqueue_scripts() function…
|
CWE-200
Information Exposure
|
CVE-2026-9183
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1490
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_lb24_token() AJAX function in versions up to, a…
|
CWE-862
Missing Authorization
|
CVE-2026-9184
|
2026-06-25 22:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
