NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-5169	The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and...	2026-04-08	4.4	NETWORK	MEDIUM	NVD
CVE-2026-5167	The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Contr...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-4871	The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' attributes of the `scm_membe...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-4808	The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUplo...	2026-04-08	7.2	NETWORK	HIGH	NVD
CVE-2026-4338	The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled...	2026-04-08	7.5	NETWORK	HIGH	NVD
CVE-2026-4141	The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to miss...	2026-04-08	4.3	NETWORK	MEDIUM	NVD
CVE-2026-3781	The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr_off' parameter in all versions up to, and including, 0.6.2....	2026-04-08	5.4	NETWORK	MEDIUM	NVD
CVE-2026-3618	The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the [print_clmns] sho...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-3594	The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4 via the '/...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-3535	The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownlo...	2026-04-08	9.8	NETWORK	CRITICAL	NVD
CVE-2026-3480	The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an admin_...	2026-04-08	6.5	NETWORK	MEDIUM	NVD
CVE-2026-3477	The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.6. The pzfm_user_request_a...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-3142	The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'post_var' parameter i...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-2838	The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘woowhole_success_msg’ parameter in a...	2026-04-08	4.4	NETWORK	MEDIUM	NVD
CVE-2025-1794	The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded SVG files in all versions up to, and including, 3.6...	2026-04-08	5.4	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.