Lucene search
K

27 matches found

Patchstack
Patchstack
added 2025/07/31 11:56 a.m.13 views

WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by theviper17 in WordPress Plugin StoreKeeper for WooCommerce versions = 14.4.4...

10CVSS6.6AI score0.1492EPSS
Exploits3Affected Software1
Patchstack
Patchstack
added 2025/07/23 9:53 p.m.9 views

WordPress ONLYOFFICE Docs plugin 1.1.0-2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function

Missing Authorization to Unauthenticated Privilege Escalation via callback Function vulnerability discovered by kr0d in WordPress Plugin ONLYOFFICE versions 1.1.0-2.2.0...

9.8CVSS6.8AI score0.00717EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/04 10:59 a.m.8 views

WordPress elfsight Contact Form widget plugin <= 2.3.1 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin elfsight Contact Form widget versions = 2.3.1...

7.5CVSS6.7AI score0.00385EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/05/22 12:38 p.m.10 views

WordPress Majestic Support plugin <= 1.1.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by LVT-tholv2k in WordPress Plugin Majestic Support versions = 1.1.0...

9.3CVSS7.7AI score0.00301EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/21 11:14 a.m.7 views

WordPress FoodBakery plugin <= 3.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin FoodBakery versions = 3.3...

9.8CVSS8.5AI score0.00396EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/10 7:40 a.m.7 views

WordPress WpBookingly plugin <= 1.3.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WpBookingly versions = 1.3.0...

9.8CVSS8.5AI score0.00784EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/25 12:0 a.m.8 views

WordPress Booking & Appointment Plugin for WooCommerce Plugin <= 6.9.0 is vulnerable to Broken Access Control

Software Booking & Appointment Plugin for WooCommerce Type Plugin Vulnerable versions = 6.9.0 Fixed in 6.10.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10729 Patch priority High CVSS severity High 8.8 Developer Claim ownership PS...

8.8CVSS6.8AI score0.00516EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/15 12:0 a.m.16 views

WordPress External Database Based Actions Plugin <= 0.1 is vulnerable to Privilege Escalation

Software External Database Based Actions Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-10311 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID cd4901766574...

8.8CVSS6.8AI score0.00433EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.18 views

WordPress Th Shop Mania Theme <= 1.4.9 is vulnerable to Arbitrary Code Execution

Software Th Shop Mania Type Theme Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary Code Execution CVE CVE-2024-10674 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 314680b4b995 Credits Sean...

8.8CVSS6.7AI score0.01683EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/10/01 12:0 a.m.15 views

WordPress Wechat Social login Plugin <= 1.3.0 is vulnerable to Broken Authentication

Software Wechat Social login Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9106 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26efb59ee707 Credits Istvá...

9.8CVSS6.6AI score0.0171EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/06/20 12:0 a.m.10 views

WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Arbitrary Code Execution

Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-37109 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID fa508ef02b6e Credits Dave Jong Patchstack Required...

9.9CVSS7AI score0.00532EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/19 12:0 a.m.7 views

WordPress Lifeline Donation Plugin <= 1.2.6 is vulnerable to Broken Authentication

Software Lifeline Donation Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-5432 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c4cb49e164b6 Credits István Márton Required...

9.8CVSS6.5AI score0.00664EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.16 views

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.78 is vulnerable to Sensitive Data Exposure

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.78 Fixed in 2.2.79 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32816 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4274dff100bf Credits Peng Zho...

7.5CVSS6.5AI score0.0068EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.10 views

WordPress Advanced Local Pickup for WooCommerce Plugin <= 1.6.2 is vulnerable to Broken Access Control

Software Advanced Local Pickup for WooCommerce Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31283 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 66c7c49037fc Credits Majed...

9.8CVSS6.5AI score0.00409EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/10/11 12:0 a.m.15 views

WordPress EventPrime Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45637 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7c19ecb3f3a7 Credits Phd Required privilege Unauthenticated...

7.1CVSS6.5AI score0.00437EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/09/14 12:0 a.m.21 views

WordPress Essential Blocks Pro Plugin <= 1.1.0 is vulnerable to PHP Object Injection

Software Essential Blocks Pro Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4386 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID b459be820fbe Credits Marco Wotschka Required privilege...

8.1CVSS7.2AI score0.00768EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/09/13 12:0 a.m.17 views

WordPress WPvivid Backup and Migration Plugin <= 0.9.90 is vulnerable to Privilege Escalation

Software WPvivid Backup and Migration Type Plugin Vulnerable versions = 0.9.90 Fixed in 0.9.91 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2023-41243 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a9e2cd303432 Credits Nguyen Anh Ti...

8.8CVSS6.8AI score0.00576EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/08/07 12:0 a.m.13 views

WordPress Themesflat Addons For Elementor Plugin <= 2.0.0 is vulnerable to PHP Object Injection

Software Themesflat Addons For Elementor Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-37390 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 27be6a2ff8c6 Credits Robert R Required...

9.8CVSS6.8AI score0.00632EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/06/13 12:0 a.m.8 views

WordPress MStore API Plugin < 3.9.6 is vulnerable to Broken Access Control

Software MStore API Type Plugin Vulnerable versions 3.9.6 Fixed in 3.9.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID f9c3e8cc268b Credits Unknown Required privilege Subscriber Publish...

6.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/06/07 12:0 a.m.15 views

WordPress B2BKing Plugin <= 4.6.00 is vulnerable to Broken Access Control

Software B2BKing Type Plugin Vulnerable versions = 4.6.00 Fixed in 4.6.20 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3125 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 7647d8bb49ff Credits Jerome Bruandet Required privilege...

6.5CVSS6.5AI score0.0074EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder