CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

Patchstack•added 2025/03/25 9:41 p.m.•3 views

WordPress Jobs for WordPress plugin <= 2.7.11 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Jobs for WordPress versions = 2.7.11...

6.5CVSS7AI score0.00617EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/01/08 11:53 p.m.•3 views

WordPress Greenshift plugin <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Server-Side Request Forgery and Stored Cross-Site Scripting vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Greenshift versions = 9.0.0...

6.4CVSS5.9AI score0.00247EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/12/24 12:23 a.m.•2 views

WordPress PlugVersions plugin <= 0.0.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Creation vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin PlugVersions versions = 0.0.7...

8.8CVSS7AI score0.00467EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/12/20 8:24 p.m.•2 views

WordPress WP Docs plugin <= 2.2.0 - Authenticated (Subscriber+) Time-Based SQL Injection via 'dir_id' vulnerability

Authenticated Subscriber+ Time-Based SQL Injection via 'dirid' vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Docs versions = 2.2.0...

6.5CVSS8.1AI score0.00493EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/12/16 10:36 p.m.•3 views

WordPress Easy Digital Downloads plugin 3.1-3.3.4 - Improper Authorization to Paywall Bypass vulnerability

Improper Authorization to Paywall Bypass vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Easy Digital Downloads versions 3.1-3.3.4...

3.7CVSS7AI score0.00058EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/11/19 8:3 p.m.•18 views

WordPress Sirv plugin <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Option Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Sirv versions = 7.3.0...

8.1CVSS7AI score0.00192EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/11/01 9:29 p.m.•5 views

WordPress BookingPress plugin <= 1.1.16 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin BookingPress versions = 1.1.16...

6.5CVSS8.1AI score0.0032EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/10/29 8:39 p.m.•3 views

WordPress WPAdverts plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode vulnerability

Unauthenticated Stored Cross-Site Scripting via advertsadd Shortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WPAdverts versions = 2.1.6...

7.2CVSS5.8AI score0.01995EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/08/22 12:34 a.m.•6 views

WordPress AcyMailing plugin <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function vulnerability

Authenticated Subscriber+ Arbitrary File Upload via acymextractArchive Function vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin AcyMailing SMTP Newsletter versions = 9.7.2...

8.8CVSS7AI score0.1119EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/08/14 1:5 a.m.•3 views

WordPress Depicter Slider plugin <= 3.1.1 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Depicter Slider versions = 3.1.1...

8.8CVSS7AI score0.1184EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/07/30 2:45 a.m.•2 views

WordPress Bold Page Builder plugin <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via btbbbutton Shortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Bold Page Builder versions = 5.0.2...

6.4CVSS5.5AI score0.002EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/07/19 2:49 a.m.•3 views

WordPress FV Player plugin <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter vulnerability

Authenticated Subscriber+ SQL Injection via exclude Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin FV Flowplayer Video Player versions = 7.5.46.7212...

8.8CVSS8.1AI score0.0048EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/07/17 2:12 a.m.•3 views

WordPress BookingPress Appointment Booking plugin <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation vulnerability

Authenticated Subscriber+ Arbitrary File Read to Arbitrary File Creation vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin BookingPress versions = 1.1.5...

8.8CVSS7AI score0.01093EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/06/25 6:50 a.m.•8 views

WordPress Quiz Maker plugin <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' vulnerability

Unauthenticated SQL Injection via 'aysquestions' vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Quiz Maker versions = 6.5.8.3...

9.8CVSS8.1AI score0.80299EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/06/21 1:30 a.m.•4 views

WordPress Themify - WooCommerce Product Filter plugin <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter vulnerability

WordPress Themify - WooCommerce Product Filter plugin = 1.4.9 - Unauthenticated SQL Injection via conditions Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Themify – WooCommerce Product Filter versions = 1.4.9...

9.8CVSS8.1AI score0.00947EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/06/20 5:31 p.m.•5 views

WordPress Icegram Express plugin <= 5.7.23 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.23...

9.8CVSS8.1AI score0.00891EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/06/12 8:13 a.m.•2 views

WordPress Icegram Express plugin <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] vulnerability

Authenticated Subscriber+ SQL Injection Vulnerability via optionslistid vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.22...

8.8CVSS8AI score0.01231EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/06/04 12:27 p.m.•4 views

WordPress Newsletter plugin <= 8.3.4 - Unauthenticated Stored Cross-Site Scripting via np1 vulnerability

Unauthenticated Stored Cross-Site Scripting via np1 vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Newsletter versions = 8.3.4...

6.4CVSS5.8AI score0.00532EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by