CVE-2026-10100 - Simple Custom Login Page <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID :CVE-2026-10100
Published : June 2, 2026, 1:28 a.m. | 1 hour, 22 minutes ago
Description :The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields (Page Background, Form Background, Text Color, Link Color) in versions up to and including 1.0.3. This is due to insufficient input sanitization of the color option values (they were registered with register_setting() and stored via the Settings API/update_option() with no sanitize_callback) combined with the values being output into a
CVE ID :CVE-2026-10100
Published : June 2, 2026, 1:28 a.m. | 1 hour, 22 minutes ago
Description :The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color settings fields (Page Background, Form Background, Text Color, Link Color) in versions up to and including 1.0.3. This is due to insufficient input sanitization of the color option values (they were registered with register_setting() and stored via the Settings API/update_option() with no sanitize_callback) combined with the values being output into a
CVE-2026-10565 - Open5GS NGAP Handover gmm-sm.c gmm_state_security_mode race condition
CVE ID :CVE-2026-10565
Published : June 2, 2026, 1:30 a.m. | 1 hour, 19 minutes ago
Description :A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10565
Published : June 2, 2026, 1:30 a.m. | 1 hour, 19 minutes ago
Description :A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10566 - FoundationAgents MetaGPT schema.py Message.check_instruct_content deserialization
CVE ID :CVE-2026-10566
Published : June 2, 2026, 1:45 a.m. | 1 hour, 4 minutes ago
Description :A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10566
Published : June 2, 2026, 1:45 a.m. | 1 hour, 4 minutes ago
Description :A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3870 - Zyxel UPnP AddPortMapping Buffer Overflow Denial-of-Service
CVE ID :CVE-2026-3870
Published : June 2, 2026, 1:54 a.m. | 55 minutes ago
Description :A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3870
Published : June 2, 2026, 1:54 a.m. | 55 minutes ago
Description :A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10510 - GeniexWebView XSS in com.transsion.aiassistantlifestyle
CVE ID :CVE-2026-10510
Published : June 2, 2026, 1:56 a.m. | 53 minutes ago
Description :Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web_action_data URL parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10510
Published : June 2, 2026, 1:56 a.m. | 53 minutes ago
Description :Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web_action_data URL parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10567 - 1Panel-dev CordysCRM ModuleFormController ModuleFormService.java save cross site scripting
CVE ID :CVE-2026-10567
Published : June 2, 2026, 2 a.m. | 49 minutes ago
Description :A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.7.0 will fix this issue. The identifier of the patch is c87682afa8df79853299f75489c9d333f7bc5fce. Upgrading the affected component is recommended.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10567
Published : June 2, 2026, 2 a.m. | 49 minutes ago
Description :A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.7.0 will fix this issue. The identifier of the patch is c87682afa8df79853299f75489c9d333f7bc5fce. Upgrading the affected component is recommended.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3871 - Zyxel UPnP Buffer Overflow Denial-of-Service
CVE ID :CVE-2026-3871
Published : June 2, 2026, 2:04 a.m. | 45 minutes ago
Description :A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3871
Published : June 2, 2026, 2:04 a.m. | 45 minutes ago
Description :A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10568 - itsourcecode Fees Management System manage_payment.php sql injection
CVE ID :CVE-2026-10568
Published : June 2, 2026, 2:15 a.m. | 35 minutes ago
Description :A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10568
Published : June 2, 2026, 2:15 a.m. | 35 minutes ago
Description :A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10529 - westboy CicadasCMS Task Scheduling Management ScheduleJobController.java cross site scripting
CVE ID :CVE-2026-10529
Published : June 2, 2026, 2:16 a.m. | 33 minutes ago
Description :A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10529
Published : June 2, 2026, 2:16 a.m. | 33 minutes ago
Description :A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10548 - NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication
CVE ID :CVE-2026-10548
Published : June 2, 2026, 2:16 a.m. | 33 minutes ago
Description :A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10548
Published : June 2, 2026, 2:16 a.m. | 33 minutes ago
Description :A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10550 - elunez eladmin Application Deployment App.java command injection
CVE ID :CVE-2026-10550
Published : June 2, 2026, 2:16 a.m. | 33 minutes ago
Description :A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10550
Published : June 2, 2026, 2:16 a.m. | 33 minutes ago
Description :A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10558 - SourceCodester Pizzafy Ecommerce System index.php file inclusion
CVE ID :CVE-2026-10558
Published : June 2, 2026, 2:16 a.m. | 33 minutes ago
Description :A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in file inclusion. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10558
Published : June 2, 2026, 2:16 a.m. | 33 minutes ago
Description :A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in file inclusion. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10559 - SourceCodester Pizzafy Ecommerce System index.php file inclusion
CVE ID :CVE-2026-10559
Published : June 2, 2026, 2:16 a.m. | 33 minutes ago
Description :A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to file inclusion. The attack may be performed from remote. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10559
Published : June 2, 2026, 2:16 a.m. | 33 minutes ago
Description :A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to file inclusion. The attack may be performed from remote. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10581 - DedeCMS download.php base64_decode server-side request forgery
CVE ID :CVE-2026-10581
Published : June 2, 2026, 4:17 a.m. | 2 hours, 33 minutes ago
Description :A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10581
Published : June 2, 2026, 4:17 a.m. | 2 hours, 33 minutes ago
Description :A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10583 - nextlevelbuilder GoClaw TTS Configuration Endpoint tts_config.go import server-side request forgery
CVE ID :CVE-2026-10583
Published : June 2, 2026, 4:17 a.m. | 2 hours, 33 minutes ago
Description :A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10583
Published : June 2, 2026, 4:17 a.m. | 2 hours, 33 minutes ago
Description :A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3198 - Improper Access Control in mlflow/mlflow
CVE ID :CVE-2026-3198
Published : June 2, 2026, 4:17 a.m. | 2 hours, 33 minutes ago
Description :MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlflow/server/auth/__init__.py` does not include entries for `ListGatewaySecretInfos`, `ListGatewayEndpoints`, and `ListGatewayModelDefinitions`. This allows any authenticated user, regardless of their assigned permissions, to enumerate all gateway secrets, endpoints, and model definitions. This vulnerability exposes sensitive information, such as API keys, endpoint configurations, and proprietary model definitions, to unauthorized users.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3198
Published : June 2, 2026, 4:17 a.m. | 2 hours, 33 minutes ago
Description :MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlflow/server/auth/__init__.py` does not include entries for `ListGatewaySecretInfos`, `ListGatewayEndpoints`, and `ListGatewayModelDefinitions`. This allows any authenticated user, regardless of their assigned permissions, to enumerate all gateway secrets, endpoints, and model definitions. This vulnerability exposes sensitive information, such as API keys, endpoint configurations, and proprietary model definitions, to unauthorized users.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8206 - Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
CVE ID :CVE-2026-8206
Published : June 2, 2026, 4:17 a.m. | 2 hours, 33 minutes ago
Description :The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. This makes it possible for unauthenticated attackers to send a password reset link for any user registered on the site to their own email address.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8206
Published : June 2, 2026, 4:17 a.m. | 2 hours, 33 minutes ago
Description :The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. This makes it possible for unauthenticated attackers to send a password reset link for any user registered on the site to their own email address.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3514 - Authentication Bypass in prefecthq/prefect
CVE ID :CVE-2026-3514
Published : June 2, 2026, 9:16 a.m. | 1 hour, 35 minutes ago
Description :In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allows an attacker to create resources with names ending in 'health' or 'ready' and access them without authentication. Affected endpoints include those for variables, flows, work pools, work queues, and deployments. This vulnerability can lead to unauthorized access to sensitive information, such as API keys and database credentials, stored in Prefect Variables.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3514
Published : June 2, 2026, 9:16 a.m. | 1 hour, 35 minutes ago
Description :In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allows an attacker to create resources with names ending in 'health' or 'ready' and access them without authentication. Affected endpoints include those for variables, flows, work pools, work queues, and deployments. This vulnerability can lead to unauthorized access to sensitive information, such as API keys and database credentials, stored in Prefect Variables.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3620 - Word Replacer <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Replacement' Parameter
CVE ID :CVE-2026-3620
Published : June 2, 2026, 9:16 a.m. | 1 hour, 35 minutes ago
Description :The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3620
Published : June 2, 2026, 9:16 a.m. | 1 hour, 35 minutes ago
Description :The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, and including, 0.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4071 - BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change
CVE ID :CVE-2026-4071
Published : June 2, 2026, 9:16 a.m. | 1 hour, 35 minutes ago
Description :The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseed_plugin_settings_page() function. The function processes the 'birdseed_token' GET parameter and saves it to the database via update_option() without verifying a nonce. This makes it possible for unauthenticated attackers to change the plugin's BirdSeed token setting via a forged request, granted they can trick a site administrator into performing an action such as clicking a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4071
Published : June 2, 2026, 9:16 a.m. | 1 hour, 35 minutes ago
Description :The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseed_plugin_settings_page() function. The function processes the 'birdseed_token' GET parameter and saves it to the database via update_option() without verifying a nonce. This makes it possible for unauthenticated attackers to change the plugin's BirdSeed token setting via a forged request, granted they can trick a site administrator into performing an action such as clicking a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4080 - Easy Cart <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVE ID :CVE-2026-4080
Published : June 2, 2026, 9:16 a.m. | 1 hour, 35 minutes ago
Description :The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_to_cart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectp_add_to_cart() function uses sanitize_text_field() on shortcode attributes like 'itemid', 'product_name', 'product_desc', 'product_qty', and 'price' before inserting them into double-quoted HTML attributes. While sanitize_text_field() strips HTML tags, it does not escape double quote characters, allowing an attacker to break out of the HTML attribute context and inject arbitrary event handlers. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4080
Published : June 2, 2026, 9:16 a.m. | 1 hour, 35 minutes ago
Description :The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_to_cart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectp_add_to_cart() function uses sanitize_text_field() on shortcode attributes like 'itemid', 'product_name', 'product_desc', 'product_qty', and 'price' before inserting them into double-quoted HTML attributes. While sanitize_text_field() strips HTML tags, it does not escape double quote characters, allowing an attacker to break out of the HTML attribute context and inject arbitrary event handlers. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...