Lucene search
K

226 matches found

Patchstack
Patchstack
added 2025/12/23 12:7 a.m.15 views

WordPress WooMulti plugin <= 1.7 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin WooMulti versions = 1.7...

7.3CVSS6.8AI score0.00247EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/18 9:21 a.m.4 views

CVE-2025-14364 Demo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation

The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handlerequest function in all versions up to, and including, 2.0.8. This makes it possible for authenticated...

8.8CVSS5AI score0.00302EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/13 6:30 p.m.5 views

EUVD-2025-203229

The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postemipsumgenerateusers function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with...

8.8CVSS4.8AI score0.00248EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/13 10:4 a.m.8 views

WordPress Restrict Elementor Widgets, Columns and Sections plugin <= 1.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Restrict Elementor Widgets, Columns and Sections versions = 1.12...

4.3CVSS6.7AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/13 1:5 a.m.5 views

WordPress AnnunciFunebri Impresa plugin <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Options Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Options Deletion vulnerability discovered by Legion Hunter in WordPress Plugin AnnunciFunebri Impresa versions = 4.7.0...

5.3CVSS5.5AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/13 12:55 a.m.15 views

WordPress Popup Builder plugin <= 1.1.37 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Settings Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Settings Reset vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Popup Builder versions = 1.1.37...

6.5CVSS6.8AI score0.00221EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/12 10:2 p.m.9 views

WordPress Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Tracking Opt-In/Opt-Out Modification vulnerability discovered by Legion Hunter in WordPress Plugin Employee Spotlight versions = 5.1.3...

5.3CVSS6.7AI score0.00204EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/12 8:8 a.m.18 views

WordPress Flow-Flow Social Feed Stream plugin 3.0.0-4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by kr0d in WordPress Plugin Flow-Flow Social Stream versions 3.0.0-4.7.5...

6.4CVSS5.5AI score0.00217EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/12 7:43 a.m.7 views

WordPress WP User Manager plugin <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via 'currentuseravatar' Parameter vulnerability discovered by YCInfosec in WordPress Plugin WP User Manager versions = 2.9.12...

6.8CVSS6.8AI score0.00713EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/12 7:26 a.m.9 views

WordPress Infility Global plugin <= 2.14.42 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin Infility Global versions = 2.14.42...

8.8CVSS6.8AI score0.00515EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/12 5:51 a.m.11 views

WordPress Blaze Demo Importer plugin 1.0.0-1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Database Reset and File Deletion vulnerability discovered by kr0d in WordPress Plugin Blaze Demo Importer versions 1.0.0-1.0.13...

8.1CVSS6.7AI score0.00233EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/12 12:29 a.m.6 views

WordPress Simple Bike Rental plugin <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Booking Data Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Booking Data Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simple Bike Rental versions = 1.0.6...

5.3CVSS6.7AI score0.00207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/12 12:19 a.m.8 views

WordPress PDF for Contact Form 7 + Drag and Drop Template Builder plugin <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Duplication vulnerability discovered by Legion Hunter in WordPress Plugin PDF for Contact Form 7 versions = 6.3.3...

5.3CVSS6.8AI score0.00207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:54 p.m.7 views

WordPress Vimeo SimpleGallery plugin <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin Vimeo SimpleGallery versions = 0.2...

5.3CVSS6.7AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/08 8:49 a.m.6 views

WordPress Page View Count plugin <= 2.8.7 - Settings Change vulnerability

Settings Change vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Page View Count versions = 2.8.7...

5.4CVSS6.6AI score0.00217EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/06 1:33 a.m.11 views

WordPress Accessiy By CodeConfig Accessibility plugin <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Page Creation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CodeConfig Accessibility versions = 1.0.0...

5.3CVSS6.5AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/03 11:19 p.m.9 views

WordPress Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update vulnerability

Missing Authorization to Authenticated Subscriber+ OAuth Token Update vulnerability discovered by type5afe in WordPress Plugin Post SMTP versions = 3.6.1...

5.4CVSS6.7AI score0.0026EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/28 1:46 p.m.10 views

WordPress FluentCommunity plugin <= 2.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin FluentCommunity versions = 2.0.0...

4.3CVSS6.7AI score0.00157EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.8 views

PT-2025-47689

Name of the Vulnerable Software and Affected Versions Realty Portal plugin for WordPress versions 0.1 through 0.4.1 Description The Realty Portal plugin for WordPress is susceptible to unauthorized data modification, potentially leading to privilege escalation. A missing capability check within t...

8.8CVSS6.4AI score0.00339EPSS
Exploits0References13
Patchstack
Patchstack
added 2025/11/10 10:25 p.m.12 views

WordPress Elastic Theme Editor plugin <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin Elastic Theme Editor versions = 0.0.3...

8.8CVSS6.8AI score0.00564EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder