NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-39476	Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Le...	2026-04-08	4.3	NETWORK	MEDIUM	NVD
CVE-2026-39475	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allo...	2026-04-08	8.5	NETWORK	HIGH	NVD
CVE-2026-39473	Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows Retrieve Embedded Sensitive Dat...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-39469	Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded S...	2026-04-08	4.3	NETWORK	MEDIUM	NVD
CVE-2026-39466	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Br...	2026-04-08	7.6	NETWORK	HIGH	NVD
CVE-2026-39464	Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Se...	2026-04-08	5.5	NETWORK	MEDIUM	NVD
CVE-2026-33088	Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement.	2026-04-08	6.9	NETWORK	MEDIUM	NVD
CVE-2026-25776	Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.	2026-04-08	9.3	NETWORK	CRITICAL	NVD
CVE-2026-1396	The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magic-conversation' shortcode in a...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-4655	The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-4654	The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, an...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-4483	An exposed IOCTL with an insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa’s industrial x86 compute...	2026-04-08	7.0	NETWORK	HIGH	NVD
CVE-2026-4330	The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all vers...	2026-04-08	4.3	NETWORK	MEDIUM	NVD
CVE-2026-5508	The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wowpress` shortcode in all versions up to, and includ...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-5506	The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` shortcode in all versions up to, and including, 0.2...	2026-04-08	6.4	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.