Lucene search
K

22 matches found

Patchstack
Patchstack
added 2025/03/25 9:41 p.m.6 views

WordPress Jobs for WordPress plugin <= 2.7.11 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Jobs for WordPress versions = 2.7.11...

6.5CVSS7AI score0.0067EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/08 11:53 p.m.4 views

WordPress Greenshift plugin <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Server-Side Request Forgery and Stored Cross-Site Scripting vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Greenshift versions = 9.0.0...

6.4CVSS5.9AI score0.00274EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/12/24 12:23 a.m.4 views

WordPress PlugVersions plugin <= 0.0.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Creation vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin PlugVersions versions = 0.0.7...

8.8CVSS7AI score0.00411EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/12/20 8:24 p.m.3 views

WordPress WP Docs plugin <= 2.2.0 - Authenticated (Subscriber+) Time-Based SQL Injection via 'dir_id' vulnerability

Authenticated Subscriber+ Time-Based SQL Injection via 'dirid' vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Docs versions = 2.2.0...

6.5CVSS8.1AI score0.00425EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/12/16 10:36 p.m.6 views

WordPress Easy Digital Downloads plugin 3.1-3.3.4 - Improper Authorization to Paywall Bypass vulnerability

Improper Authorization to Paywall Bypass vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Easy Digital Downloads versions 3.1-3.3.4...

3.7CVSS7AI score0.0034EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/19 8:3 p.m.19 views

WordPress Sirv plugin <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Option Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Sirv versions = 7.3.0...

8.1CVSS7AI score0.00517EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/12 4:4 p.m.5 views

WordPress Styler for Ninja Forms plugin <= 3.3.4 - Authenticated (Subscriber+) Arbitrary Option Deletion via deactivate_license vulnerability

Authenticated Subscriber+ Arbitrary Option Deletion via deactivatelicense vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Styler for Ninja Forms versions = 3.3.4...

6.5CVSS7AI score0.00398EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/12 12:0 a.m.15 views

WordPress Styler for Ninja Forms Plugin <= 3.3.4 is vulnerable to Settings Change

Software Styler for Ninja Forms Type Plugin Vulnerable versions = 3.3.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2024-10717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b68f06a005e Credits...

6.5CVSS6.5AI score0.00398EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/01 9:29 p.m.13 views

WordPress BookingPress plugin <= 1.1.16 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin BookingPress versions = 1.1.16...

6.5CVSS8.1AI score0.00575EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/29 8:39 p.m.5 views

WordPress WPAdverts plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode vulnerability

Unauthenticated Stored Cross-Site Scripting via advertsadd Shortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WPAdverts versions = 2.1.6...

7.2CVSS5.8AI score0.00382EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/22 12:34 a.m.7 views

WordPress AcyMailing plugin <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function vulnerability

Authenticated Subscriber+ Arbitrary File Upload via acymextractArchive Function vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin AcyMailing SMTP Newsletter versions = 9.7.2...

8.8CVSS7AI score0.00958EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/22 12:0 a.m.24 views

WordPress AcyMailing SMTP Newsletter Plugin <= 9.7.2 is vulnerable to Arbitrary File Upload

Software AcyMailing SMTP Newsletter Type Plugin Vulnerable versions = 9.7.2 Fixed in 9.8.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7384 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 51ad1438d775 Credits Arkadiusz Hydzik Required...

8.8CVSS6.8AI score0.00958EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/14 1:5 a.m.5 views

WordPress Depicter Slider plugin <= 3.1.1 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Depicter Slider versions = 3.1.1...

8.8CVSS7AI score0.01021EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/30 2:45 a.m.4 views

WordPress Bold Page Builder plugin <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via btbbbutton Shortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Bold Page Builder versions = 5.0.2...

6.4CVSS5.5AI score0.00414EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/19 2:49 a.m.4 views

WordPress FV Player plugin <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter vulnerability

Authenticated Subscriber+ SQL Injection via exclude Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin FV Flowplayer Video Player versions = 7.5.46.7212...

8.8CVSS8.1AI score0.00509EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/17 2:12 a.m.5 views

WordPress BookingPress Appointment Booking plugin <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation vulnerability

Authenticated Subscriber+ Arbitrary File Read to Arbitrary File Creation vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin BookingPress versions = 1.1.5...

8.8CVSS7AI score0.00856EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/25 6:50 a.m.10 views

WordPress Quiz Maker plugin <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' vulnerability

Unauthenticated SQL Injection via 'aysquestions' vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Quiz Maker versions = 6.5.8.3...

9.8CVSS8.1AI score0.11755EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/21 1:30 a.m.6 views

WordPress Themify - WooCommerce Product Filter plugin <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter vulnerability

WordPress Themify - WooCommerce Product Filter plugin = 1.4.9 - Unauthenticated SQL Injection via conditions Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Themify – WooCommerce Product Filter versions = 1.4.9...

9.8CVSS8.1AI score0.00771EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/20 5:31 p.m.8 views

WordPress Icegram Express plugin <= 5.7.23 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.23...

9.8CVSS8.1AI score0.00688EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/12 8:13 a.m.4 views

WordPress Icegram Express plugin <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] vulnerability

Authenticated Subscriber+ SQL Injection Vulnerability via optionslistid vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.22...

8.8CVSS8AI score0.00454EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder