NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-1672	The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forg...	2026-04-08	6.5	NETWORK	MEDIUM	NVD
CVE-2026-4303	The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wsm_showDayStatsGrap...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-4300	The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and includin...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-4073	The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdflio' shortcode in all versions up to, and including, 1.0.5. ...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-4025	The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the [pc-login-form] s...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-39716	Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-39715	Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configur...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-39714	Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrectly Configured Access Control Security Levels.This ...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-39713	Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webfo...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-39712	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injectio...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-39711	Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 \| Extensions rt18-extensions allows Retrieve Embedded Sensitive ...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-39710	Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 \| Extensions rt18-extensions allows Cross Site Request Forgery.This issue affect...	2026-04-08	5.4	NETWORK	MEDIUM	NVD
CVE-2026-39709	Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-39708	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements uicore-elements allows St...	2026-04-08	6.5	NETWORK	MEDIUM	NVD
CVE-2026-39707	Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension allows Exploiting Incorr...	2026-04-08	5.3	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.