Lucene search
K

145 matches found

Patchstack
Patchstack
added last week4 views

WordPress Image Optimizer – Optimize Images and Convert to WebP or AVIF plugin <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion vulnerability

Authenticated Author+ Arbitrary File Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Image Optimizer by Elementor versions = 1.7.4...

8.1CVSS5.8AI score0.00354EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/30 7:7 p.m.5 views

WordPress Qi Blocks plugin <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification vulnerability

Insecure Direct Object Reference to Authenticated Author+ Arbitrary Style Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Qi Blocks versions = 1.4.9...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 9:2 a.m.7 views

WordPress WooCommerce Stripe Payment Gateway plugin <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation vulnerability

Missing Authorization to Unauthenticated Order Status Manipulation vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WooCommerce Stripe Payment Gateway versions = 10.7.0...

6.5CVSS5.2AI score0.00267EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/09 9:43 a.m.17 views

WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.4.7 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin All In One WP Security & Firewall versions = 5.4.7...

7.2CVSS5.4AI score0.00338EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/28 9:25 a.m.11 views

WordPress Easy Updates Manager plugin <= 9.0.20 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Easy Updates Manager versions = 9.0.20...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/27 6:49 p.m.12 views

WordPress PDF Embedder plugin <= 4.9.3 - Authenticated (Contributor+) Information Exposure vulnerability

Authenticated Contributor+ Information Exposure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin PDF Embedder versions = 4.9.3...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/12 12:0 a.m.8 views

WordPress Hostinger Reach – AI-Powered Email Marketing for WordPress plugin <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update vulnerability

Missing Authorization to Authenticated Subscriber+ Integration API Key Update vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Hostinger Reach AI-Powered Email Marketing for WordPress versions = 1.3.8...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 7:19 p.m.9 views

WordPress HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin <= 11.3.32 - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure vulnerability

Forms, Popups, Live Chat plugin = 11.3.32 - Forms, Popups, Live Chat = 11.3.32 - Missing Authorization to Authenticated Contributor+ Installed Plugin Disclosure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin HubSpot versions = 11.3.32...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 4:35 p.m.8 views

WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Royal Elementor Addons versions = 1.7.1056...

6.4CVSS5.8AI score0.00264EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 2:48 p.m.7 views

WordPress ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval vulnerability

Authenticated Subscriber+ Missing Authorization to Google Ads Access Token Retrieval vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin ExactMetrics versions = 9.1.2...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/21 2:20 a.m.4 views

WordPress Email Encoder plugin < 2.3.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Encoder Bundle versions 2.3.4...

3.5CVSS5.8AI score0.00213EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/09 9:39 p.m.6 views

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin = 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BEAR versions = 1.1.5...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/01 10:19 a.m.4 views

WordPress Query Monitor plugin <= 3.20.3 - Reflected Cross-Site Scripting via Request URI vulnerability

Reflected Cross-Site Scripting via Request URI vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Query Monitor versions = 3.20.3...

7.2CVSS5.9AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/27 6:55 a.m.6 views

WordPress Smart Slider 3 plugin <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAll vulnerability

Authenticated Subscriber+ Arbitrary File Read via actionExportAll vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Smart Slider 3 versions = 3.5.1.33...

6.5CVSS5.9AI score0.00484EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/11 8:30 a.m.6 views

WordPress The Events Calendar plugin <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import vulnerability

Authenticated Author+ Arbitrary File Read via ajaxcreateimport vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin The Events Calendar versions = 6.15.17...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:16 p.m.6 views

WordPress Happy Addons for Elementor plugin <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Stored Cross-Site Scripting via Template Conditions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Happy Addons for Elementor versions = 3.21.0...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:15 p.m.10 views

WordPress Modular Connector plugin <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauth vulnerability

Cross-Site Request Forgery via postConfirmOauth vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Modular DS versions = 2.5.1...

4.3CVSS5.8AI score0.00104EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 8:47 p.m.9 views

WordPress The Plus Addons for Elementor plugin <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type' vulnerability

Incorrect Authorization to Authenticated Author+ Arbitrary Draft Post Creation via 'posttype' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.7...

4.3CVSS5.5AI score0.00167EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 9:20 p.m.9 views

WordPress JSM file_get_contents() Shortcode plugin < 2.7.1 - Contributor+ SSRF vulnerability

Contributor+ SSRF vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin JSM filegetcontents Shortcode versions 2.7.1...

8.8CVSS5.3AI score0.00694EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/01/30 6:24 a.m.6 views

WordPress Photo Gallery by 10Web plugin < 1.8.31 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Photo Gallery by 10Web versions 1.8.31...

4.8CVSS5.9AI score0.00369EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder