NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-5083	Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in ...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-5082	Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generate_session_id function will atte...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-3311	The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-33273	Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary fil...	2026-04-08	5.1	NETWORK	MEDIUM	NVD
CVE-2026-27787	Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on ...	2026-04-08	5.1	NETWORK	MEDIUM	NVD
CVE-2026-24913	SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be ...	2026-04-08	8.7	NETWORK	HIGH	NVD
CVE-2026-4785	The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-4341	The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'follow_us_text' setting of the Moun...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-4333	The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skin' attribute of the learn_press_co...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-4299	The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missi...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-4003	The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1...	2026-04-08	9.8	NETWORK	CRITICAL	NVD
CVE-2026-3646	The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to Missing Authorization via the plugin's webhook handler in all vers...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-3600	The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion' shortcode's 'maximum-num-years...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-3513	The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableon_button' shortcode in...	2026-04-08	6.4	NETWORK	MEDIUM	NVD
CVE-2026-3239	The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonial_view shortcode in all versions ...	2026-04-08	6.4	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.