Lucene search
K

60 matches found

Patchstack
Patchstack
added 2025/07/31 10:0 p.m.8 views

WordPress The Plus Addons for Elementor Page Builder Lite plugin <= 6.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.3.10...

6.4CVSS5.2AI score0.00231EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/31 6:51 p.m.5 views

WordPress Benaa Framework plugin <= 4.0.0 - Missing Authorization to Authenticated (Subscriber+) Settings Updates vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Updates vulnerability discovered by Lucio Sá in WordPress Plugin Benaa Framework versions = 4.0.0...

4.3CVSS8.8AI score0.002EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/18 4:10 a.m.6 views

WordPress Block Editor Gallery Slider plugin <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Limited Post Meta Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Post Meta Update vulnerability discovered by Poli in WordPress Plugin Block Editor Gallery Slider versions = 1.1.1...

4.3CVSS6.8AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/16 12:12 p.m.5 views

WordPress JetSmartFilters plugin <= 3.6.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetSmartFilters versions = 3.6.8...

6.5CVSS6AI score0.00165EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/07/09 9:28 p.m.7 views

WordPress Easy Contact Form Lite plugin <= 1.1.28 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Krugov Artyom in WordPress Plugin Easy Contact Form Lite versions = 1.1.28...

4.3CVSS5.5AI score0.00206EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/07/01 11:20 p.m.10 views

WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via button+modal Widget vulnerability discovered by Webbernaut in WordPress Plugin WidgetKit versions = 2.5.4...

6.4CVSS5.5AI score0.00216EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/27 2:53 p.m.7 views

WordPress EC Stars Rating plugin <= 1.0.11 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin EC Stars Rating versions = 1.0.11...

5.9CVSS6.1AI score0.00212EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/27 2:52 p.m.10 views

WordPress iCount Payment Gateway plugin <= 2.0.7 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin iCount Payment Gateway versions = 2.0.7...

5.3CVSS6.7AI score0.00257EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/27 2:47 p.m.7 views

WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin File Manager Plugin For Wordpress versions = 7.5...

9.1CVSS6.7AI score0.00343EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/27 7:12 a.m.9 views

WordPress Responsive Lightbox & Gallery plugin < 2.5.2 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin Responsive Lightbox versions 2.5.2...

5.4CVSS5.9AI score0.0019EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/06/27 12:0 a.m.7 views

WordPress Constructor Theme <= 1.6.5 is vulnerable to Broken Access Control

Software Constructor Type Theme Vulnerable versions = 1.6.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-53302 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 616342014c3c Credits Sulabh Jain Required privilege...

6.5AI score0.00187EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/26 1:5 a.m.8 views

WordPress WP-PhotoNav plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photonav Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via photonav Shortcode vulnerability discovered by Gilang in WordPress Plugin WP-PhotoNav versions = 1.2.2...

6.4CVSS5.5AI score0.0017EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/19 4:32 p.m.5 views

WordPress CRM ERP Business Solution plugin <= 1.13 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin CRM ERP Business Solution versions = 1.13...

5.3CVSS6.6AI score0.00249EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/19 4:29 p.m.8 views

WordPress Inventory Presser plugin <= 15.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by greenhats in WordPress Plugin Inventory Presser versions = 15.2.6...

5.9CVSS5.9AI score0.00218EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/19 3:34 p.m.9 views

WordPress Classified Listing plugin <= 4.2.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin Classified Listing versions = 4.2.0...

7.5CVSS6.7AI score0.00384EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/17 11:0 a.m.7 views

WordPress Slider, Gallery, and Carousel by MetaSlider plugin <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via aria-label Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin Responsive Slider by MetaSlider versions = 3.98.0...

6.4CVSS5.9AI score0.00209EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/13 6:40 a.m.6 views

WordPress IndieBlocks plugin <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via kind Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via kind Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin IndieBlocks versions = 0.13.2...

6.4CVSS5.5AI score0.00209EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/05 8:13 p.m.11 views

WordPress WP-Addpub plugin <= 1.2.8 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by muhammad yudha in WordPress Plugin WP-Addpub versions = 1.2.8...

6.5CVSS7.8AI score0.00295EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/05 1:42 a.m.9 views

WordPress WP Post Corrector plugin <= 1.0.2 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin WP Post Corrector versions = 1.0.2...

7.6CVSS7.8AI score0.00358EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/05 1:30 a.m.9 views

WordPress Viral Loops WP Integration plugin <= 3.8.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin Viral Loops WP Integration versions = 3.8.1...

5.3CVSS6.7AI score0.00273EPSS
Exploits0Affected Software1
Rows per page
Query Builder