Lucene search
+L

66 matches found

patchstack
patchstack
added 2024/10/25 10:34 p.m.9 views

WordPress WPSchoolPress plugin <= 2.2.10 - Insecure Direct Object Reference to Authenticated (Teacher+) Account Takeover/Privilege Escalation vulnerability

Insecure Direct Object Reference to Authenticated Teacher+ Account Takeover/Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin WPSchoolPress versions = 2.2.10...

8.8CVSS7AI score0.00489EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/10/23 8:53 p.m.8 views

WordPress MultiVendorX plugin <= 4.2.4 - Cross-Site Request Forgery to Vendor Updates vulnerability

Cross-Site Request Forgery to Vendor Updates vulnerability discovered by wesley wcraft in WordPress Plugin MultiVendorX versions = 4.2.4...

6.3CVSS7AI score0.00192EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/10/15 1:17 p.m.7 views

WordPress AppPresser plugin <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP vulnerability

Privilege Escalation and Account Takeover via Weak OTP vulnerability discovered by wesley wcraft in WordPress Plugin AppPresser versions = 4.4.4...

9.8CVSS7AI score0.00662EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/09/25 8:1 a.m.7 views

WordPress Ninja Forms Contact Form plugin <= 3.8.15 - Reflected Self-Based Cross-Site Scripting via Referer vulnerability

Reflected Self-Based Cross-Site Scripting via Referer vulnerability discovered by wesley wcraft in WordPress Plugin Ninja Forms versions = 3.8.15...

6.1CVSS6.4AI score0.00274EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/09/24 1:0 a.m.8 views

WordPress Charitable plugin <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation vulnerability

Insecure Direct Object Reference to Account Takeover and Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Charitable versions = 1.8.1.14...

9.8CVSS7AI score0.00733EPSS
Exploits0References1Affected Software1
wordfence
wordfence
added 2024/09/10 4:19 p.m.26 views

Over 40,000 WordPress Sites Affected by Privilege Escalation Vulnerability Patched in Post Grid and Gutenberg Blocks Plugin

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...

8.8CVSS8.7AI score0.0957EPSS
Exploits0
patchstack
patchstack
added 2024/09/09 7:0 a.m.3 views

WordPress EventON plugin < 2.2.17 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Wesley "dk4trin" Santos in WordPress Plugin EventON versions 2.2.17...

4.8CVSS6.1AI score0.00333EPSS
Exploits1References1Affected Software1
patchstack
patchstack
added 2024/09/09 12:37 a.m.6 views

WordPress Preloader Plus – WordPress Loading Screen Plugin plugin <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Preloader Plus - Wordpress Loading Screen Plugin versions = 2.2.1...

6.4CVSS5.8AI score0.00286EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/09/06 2:50 a.m.6 views

WordPress WP-Recall plugin <= 16.26.8 - Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update vulnerability

Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update vulnerability discovered by wesley wcraft in WordPress Plugin WP-Recall versions = 16.26.8...

9.8CVSS7AI score0.00603EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/09/04 12:0 a.m.15 views

WordPress WC Marketplace Plugin <= 4.2.0 is vulnerable to Privilege Escalation

Software WC Marketplace Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8289 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 9025ce00a31d Credits wesley...

9.8CVSS6.6AI score0.01255EPSS
Exploits0References3Affected Software1
patchstack
patchstack
added 2024/08/22 12:38 a.m.8 views

WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Responsive Lightbox versions = 2.4.7...

6.4CVSS5.8AI score0.00313EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/08/01 12:56 a.m.7 views

WordPress Blog2Social plugin <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Blog2Social versions = 7.5.4...

6.4CVSS5.8AI score0.00385EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/07/16 2:19 a.m.7 views

WordPress Premium Portfolio Features for Phlox theme plugin <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via ' Grid Portfolios' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via ' Grid Portfolios' vulnerability discovered by wesley wcraft in WordPress Plugin Phlox Portfolio versions = 2.3.2...

6.4CVSS5.8AI score0.00377EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/06/20 5:28 p.m.8 views

WordPress The Plus Addons for Elementor Page Builder plugin <= 5.5.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin The Plus Addons for Elementor Pro versions = 5.5.6...

6.1CVSS6.3AI score0.0031EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/06/14 12:22 p.m.7 views

WordPress ElementsKit plugin <= 3.6.2 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin ElementsKit Pro versions = 3.6.2...

6.4CVSS5.7AI score0.00263EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/06/12 8:6 a.m.4 views

WordPress Elementor Header & Footer Builder plugin <= 1.6.35 - Authenticated Stored Cross-Site Scripting via Site Title Widget vulnerability

Authenticated Stored Cross-Site Scripting via Site Title Widget vulnerability discovered by wesley wcraft in WordPress Plugin Ultimate Addons for Elementor - Lite versions = 1.6.35...

6.4CVSS5.7AI score0.00401EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/06/06 2:57 a.m.10 views

WordPress Qi Blocks plugin <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Qi Blocks versions = 1.2.9...

6.4CVSS5.7AI score0.00252EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/06/05 2:58 a.m.8 views

WordPress Brizy – Page Builder plugin <= 2.4.43 - Unauthenticated Stored Cross-Site Scripting via Form vulnerability

Unauthenticated Stored Cross-Site Scripting via Form vulnerability discovered by wesley wcraft in WordPress Plugin Brizy versions = 2.4.43...

7.2CVSS5.8AI score0.00378EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/05/29 11:57 p.m.8 views

WordPress The Plus Addons for Elementor Pro plugin <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Heading Title Widget vulnerability discovered by wesley wcraft in WordPress Plugin The Plus Addons for Elementor Pro versions = 5.5.4...

6.4CVSS5.8AI score0.00273EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/05/29 11:46 p.m.7 views

WordPress PostX plugin <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin PostX versions = 4.1.1...

6.4CVSS5.7AI score0.00326EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder