Lucene search
+L

29 matches found

patchstack
patchstack
added 2025/03/03 11:36 p.m.10 views

WordPress Newscrunch theme <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Chloe Chamberland in WordPress Theme Newscrunch versions = 1.8.4...

9.8CVSS7AI score0.01977EPSS
Exploits2References1Affected Software1
patchstack
patchstack
added 2023/05/11 12:0 a.m.8 views

WordPress WordPress Announcement & Notification Banner Plugin – Bulletin Plugin <= 3.6.0 is vulnerable to Broken Access Control

Software WordPress Announcement & Notification Banner Plugin – Bulletin Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.7.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2066 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSI...

6.3CVSS6.8AI score0.00505EPSS
Exploits0References3Affected Software1
patchstack
patchstack
added 2023/04/07 12:0 a.m.22 views

WordPress WP Data Access Plugin <= 5.3.7 is vulnerable to Broken Access Control

Software WP Data Access Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1874 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d34193572ac0 Credits Chloe Chamberland Required...

8.8CVSS6.8AI score0.02726EPSS
Exploits3References3Affected Software1
patchstack
patchstack
added 2023/04/06 12:0 a.m.13 views

WordPress WCFM Marketplace Plugin <= 3.4.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software WCFM Marketplace Type Plugin Vulnerable versions = 3.4.12 Fixed in 3.5.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4936 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13c6dc4f50f8 Credits Chloe Chamberland...

8.8CVSS7AI score0.00248EPSS
Exploits0References3Affected Software1
packetstorm
packetstorm
added 2022/08/04 12:0 a.m.429 views

WordPress Download Manager 3.2.50 Arbitrary File Deletion

Description: Authenticated Contributor+ Arbitrary File Deletion Affected Plugin: Download Manager Plugin Slug: download-manager Plugin Developer: W3 Eden, Inc. Affected Versions: = 3.2.50 CVE ID: CVE-2022-2431 CVSS Score: 8.8 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...

8.6AI score0.02678EPSS
Exploits2
wordfence
wordfence
added 2022/08/03 2:57 p.m.29 views

High Severity Vulnerability Patched in Download Manager Plugin

On July 8, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Download Manager,” a WordPress plugin that is installed on over 100,000 sites. This flaw makes it possible for an authenticated attacker to delete arbitrary...

8.8AI score0.02678EPSS
Exploits2
patchstack
patchstack
added 2022/04/07 12:0 a.m.28 views

WordPress SiteGround Security plugin <= 1.2.5 - Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability

Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability discovered by Chloe Chamberland Wordfence in WordPress SiteGround Security plugin versions = 1.2.5. Solution Update the WordPress SiteGround Security plugin to the latest available version at...

9.8CVSS4.5AI score0.07285EPSS
Exploits2References3Affected Software1
zdt
zdt
added 2022/01/19 12:0 a.m.335 views

WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting Vulnerability

WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability. Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the...

8.3CVSS6.4AI score0.70511EPSS
Exploits3
patchstack
patchstack
added 2022/01/13 12:0 a.m.33 views

WordPress WP HTML Mail plugin <= 3.0.9 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland Wordfence in WordPress WP HTML Mail plugin versions = 3.0.9. Solution Update the WordPress WP HTML Mail plugin to the latest available version at least 3.1...

8.3CVSS0.4AI score0.70511EPSS
Exploits3References3Affected Software1
patchstack
patchstack
added 2022/01/13 12:0 a.m.31 views

WordPress Login/Signup Popup plugin <= 2.2 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Options Update

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Options Update discovered by Chloe Chamberland Wordfence in WordPress Login/Signup Popup plugin versions = 2.2. Solution Update the WordPress Login/Signup Popup plugin to the latest available version at least 2.3...

8.8CVSS2.5AI score0.0082EPSS
Exploits2References3Affected Software1
patchstack
patchstack
added 2022/01/13 12:0 a.m.22 views

WordPress Side Cart Woocommerce (Ajax) plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Options Update

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Options Update discovered by Chloe Chamberland in WordPress Side Cart Woocommerce Ajax plugin versions = 2.0. Solution Update the WordPress Side Cart Woocommerce Ajax plugin to the latest available version at least 2.1...

8.8CVSS2.9AI score0.0082EPSS
Exploits2References3Affected Software1
patchstack
patchstack
added 2021/12/01 12:0 a.m.22 views

WordPress Variation Swatches for WooCommerce plugin <= 2.1.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland WordFence in WordPress Variation Swatches for WooCommerce plugin versions = 2.1.1. Solution Update the WordPress Variation Swatches for WooCommerce plugin to the latest available version at least 2.1.2...

6.4CVSS2.7AI score0.00531EPSS
Exploits0References3Affected Software1
patchstack
patchstack
added 2021/10/06 12:0 a.m.19 views

WordPress Access Demo Importer plugin <= 1.0.6 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Chloe Chamberland WordFence in WordPress Access Demo Importer plugin versions = 1.0.6. Solution Update the WordPress Access Demo Importer plugin to the latest available version at least 1.0.7...

8.8CVSS3.3AI score0.01652EPSS
Exploits2References3Affected Software1
patchstack
patchstack
added 2021/08/24 12:0 a.m.20 views

WordPress Booster for WooCommerce plugin <= 5.4.3 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Chloe Chamberland WordFence in WordPress Booster for WooCommerce plugin versions = 5.4.3. Solution Update the WordPress Booster for WooCommerce plugin to the latest available version at least 5.4.4...

9.8CVSS2.8AI score0.50869EPSS
Exploits8References3Affected Software1
patchstack
patchstack
added 2021/05/30 12:0 a.m.22 views

WordPress NinjaFirewall plugin <= 4.3.3 - Authenticated PHAR Deserialization vulnerability

Authenticated PHAR Deserialization vulnerability discovered by Chloe Chamberland in WordPress NinjaFirewall plugin versions = 4.3.3. Solution Update the WordPress NinjaFirewall plugin to the latest available version at least 4.3.4...

3.4AI score
Exploits0References2Affected Software1
patchstack
patchstack
added 2021/05/13 12:0 a.m.20 views

WordPress External Media plugin <= 1.0.33 - Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Chloe Chamberland WordFence in WordPress External Media plugin versions = 1.0.33. Solution Update the WordPress External Media plugin to the latest available version at least 1.0.34...

8.8CVSS5.6AI score0.01775EPSS
Exploits2References3Affected Software1
patchstack
patchstack
added 2021/02/16 12:0 a.m.11 views

WordPress Ninja Forms Contact Form plugin <= 3.4.33 - Administrator Open Redirect vulnerability

Administrator Open Redirect vulnerability found by Chloe Chamberland in WordPress Ninja Forms Contact Form plugin versions = 3.4.33. Solution Update the WordPress Ninja Forms Contact Form plugin to the latest available version at least 3.4.34...

3.2AI score
Exploits0References2Affected Software1
patchstack
patchstack
added 2021/02/16 12:0 a.m.14 views

WordPress Ninja Forms Contact Form plugin <= 3.4.33 - Authenticated OAuth Connection Key Disclosure vulnerability

Authenticated OAuth Connection Key Disclosure vulnerability found by Chloe Chamberland in WordPress Ninja Forms Contact Form plugin versions = 3.4.33. Solution Update the WordPress Ninja Forms Contact Form plugin to the latest available version at least 3.4.34...

2.9AI score
Exploits0References2Affected Software1
patchstack
patchstack
added 2020/11/09 12:0 a.m.13 views

WordPress Ultimate Member plugin <= 2.1.11 - Unauthenticated/Authenticated Privilege Escalation

Unauthenticated Privilege Escalation via User Meta vulnerability found by Chloe Chamberland in WordPress Ultimate Member plugin versions = 2.1.11. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.1.12...

4.8AI score
Exploits0References2Affected Software1
patchstack
patchstack
added 2020/10/14 12:0 a.m.11 views

WordPress Child Theme Creator by Orbisius plugin <= 1.5.1 - Cross-Site Request Forgery (CSRF) to Arbitrary File Modification/Creation vulnerability

Cross-Site Request Forgery CSRF to Arbitrary File Modification/Creation vulnerability found by Chloe Chamberland in WordPress Child Theme Creator by Orbisius plugin versions = 1.5.1. Solution Update the WordPress Child Theme Creator by Orbisius plugin to the latest available version at least 1.5....

3.2AI score
Exploits0References2Affected Software1
Rows per page
Query Builder