CVE Security

medium 4.3

26/05/2026

Vulnérabilité medium détectée - CVE-2026-6401

The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.1.7. This is due to missing nonc...

Web

CVE-2026-6401

Lire l'article

medium 4.4

26/05/2026

Vulnérabilité medium détectée - CVE-2026-6404

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomify_api_key' paramete...

Web

CVE-2026-6404

Lire l'article

medium 4.4

26/05/2026

Vulnérabilité medium détectée - CVE-2026-6399

The General Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.1.0. This is due to the use of...

Web

CVE-2026-6399

Lire l'article

medium 6.5

26/05/2026

Vulnérabilité medium détectée - CVE-2026-6072

The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all ver...

Web

CVE-2026-6072

Lire l'article

medium 6.1

26/05/2026

Vulnérabilité medium détectée - CVE-2026-6391

The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and inclu...

Web

CVE-2026-6391

Lire l'article

medium 5.4

26/05/2026

Vulnérabilité medium détectée - CVE-2026-6394

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF)...

Web

CVE-2026-6394

Lire l'article

medium 6.1

26/05/2026

Vulnérabilité medium détectée - CVE-2026-6395

The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in versions up to and includin...

Applications Web

CVE-2026-6395

Lire l'article

medium 6.4

26/05/2026

Vulnérabilité medium détectée - CVE-2026-6397

The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `cvmh-sticky` shortcode `readmoretext` attribute in versions up t...

Web

CVE-2026-6397

Lire l'article

medium 6.4

26/05/2026

Vulnérabilité medium détectée - CVE-2026-5293

The 診断ジェネレータ作成プラグイン (Diagnosis Generator) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js'...

Applications Web

CVE-2026-5293

Lire l'article

high 7.5

26/05/2026

Vulnérabilité high détectée - CVE-2026-3985

The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout_uuid' param...

Web

CVE-2026-3985

Lire l'article

critical 9.8

26/05/2026

Vulnérabilité critical détectée - CVE-2026-8495

Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15.

Web

CVE-2026-8495

Lire l'article

medium 6.1

26/05/2026

Vulnérabilité medium détectée - CVE-2026-6365

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (...

Web

CVE-2026-6365

Lire l'article