Lucene search
K

237 matches found

Patchstack
Patchstack
added 2026/02/03 3:19 p.m.7 views

WordPress Royal Elementor Addons and Templates plugin <= 1.3.87 - Cross-Site Request Forgery via add_to_compare vulnerability

Cross-Site Request Forgery via addtocompare vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.3.87...

4.3CVSS5.3AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:18 p.m.6 views

WordPress AI ChatBot plugin <= 5.3.4 - Missing Authorization via openai_file_delete_callback vulnerability

Missing Authorization via openaifiledeletecallback vulnerability discovered by Francesco Carlucci in WordPress Plugin ChatBot versions = 5.3.4...

7.7CVSS5.3AI score0.00363EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:14 p.m.5 views

WordPress Gestpay for WooCommerce plugin <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_delete_card vulnerability

Cross-Site Request Forgery CSRF via ajaxdeletecard vulnerability discovered by Francesco Carlucci in WordPress Plugin Gestpay for WooCommerce versions = 20221130...

4.3CVSS5.3AI score0.00275EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:9 p.m.6 views

WordPress Views for WPForms plugin <= 3.2.2 - Missing Authorization via get_form_fields vulnerability

Missing Authorization via getformfields vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

4.3CVSS5.3AI score0.00359EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:8 p.m.7 views

WordPress Bulk Edit Post Titles plugin <= 5.0.0 - Missing Authorization via bulkUpdatePostTitles vulnerability

Missing Authorization via bulkUpdatePostTitles vulnerability discovered by Francesco Carlucci in WordPress Plugin Bulk Edit Post Titles versions = 5.0.0...

4.3CVSS5.3AI score0.00428EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 12:36 p.m.8 views

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via restore_records() vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via restorerecords vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...

5.3CVSS5.3AI score0.00598EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:3 a.m.8 views

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via set_starred() vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via setstarred vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...

5.3CVSS5.3AI score0.00598EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 10:42 a.m.5 views

WordPress Redirects plugin <= 1.2.1 - Missing Authorization via save vulnerability

Missing Authorization via save vulnerability discovered by Francesco Carlucci in WordPress Plugin Redirects versions = 1.2.1...

6.5CVSS5.3AI score0.0053EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:2 p.m.8 views

WordPress Categorify plugin <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxDeleteCategory vulnerability

Cross-Site Request Forgery via categorifyAjaxDeleteCategory vulnerability discovered by Francesco Carlucci in WordPress Plugin Categorify versions = 1.0.7.4...

4.3CVSS6.5AI score0.00202EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 7:59 p.m.7 views

WordPress Categorify plugin <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxClearCategory vulnerability

Cross-Site Request Forgery via categorifyAjaxClearCategory vulnerability discovered by Francesco Carlucci in WordPress Plugin Categorify versions = 1.0.7.4...

4.3CVSS6.5AI score0.00202EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 7:58 p.m.5 views

WordPress Categorify plugin <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxUpdateFolderPosition vulnerability

Cross-Site Request Forgery via categorifyAjaxUpdateFolderPosition vulnerability discovered by Francesco Carlucci in WordPress Plugin Categorify versions = 1.0.7.4...

4.3CVSS6.5AI score0.00202EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 7:24 p.m.7 views

WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Testimonials Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...

6.4CVSS8.3AI score0.00423EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 7:10 a.m.6 views

WordPress Blockspare plugin <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Blockspare versions = 3.2.4...

6.4CVSS5.9AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Starter Templates by FancyWP plugin <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Starter Templates by FancyWP versions = 2.0.0...

9.1CVSS5.3AI score0.00397EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Activity Plus Reloaded for BuddyPress plugin <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Activity Plus Reloaded for BuddyPress versions = 1.1.1...

5.4CVSS5.3AI score0.00231EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/22 9:52 p.m.7 views

WordPress Memberpress plugin <= 1.11.37 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability

Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin MemberPress versions = 1.11.37...

7.5CVSS8.1AI score0.00295EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/08 2:30 a.m.5 views

WordPress Allow PHP Execute plugin <= 1.0 - Authenticated (Editor+) PHP Code Injection vulnerability

Authenticated Editor+ PHP Code Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Allow PHP Execute versions = 1.0...

7.2CVSS7.4AI score0.00435EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/04 11:20 p.m.4 views

WordPress Content Control plugin <= 2.5.0 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability

Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Content Control versions = 2.5.0...

5.3CVSS6.9AI score0.00385EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/25 10:10 p.m.8 views

WordPress SureMembers plugin <= 1.10.6 - Sensitive Information Exposure vulnerability

Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin SureMembers versions = 1.10.6...

5.3CVSS7AI score0.00511EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/21 5:31 a.m.9 views

WordPress SVG Support plugin <= 2.5.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin SVG Support versions = 2.5.10...

6.4CVSS5.8AI score0.00426EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder