CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

45 matches found

Patchstack•added 2025/05/19 4:6 a.m.•7 views

WordPress Plugin Oficial – Getnet para WooCommerce plugin < 1.8.1 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Plugin Oficial – Getnet para WooCommerce versions 1.8.1...

6.1CVSS6.3AI score0.0021EPSS

Exploits1References1Affected Software1

Patchstack•added 2025/05/06 9:5 p.m.•3 views

WordPress Relevanssi plugin <= 4.24.3 - Unauthenticated Stored Cross-Site Scripting via Search Highlights vulnerability

Unauthenticated Stored Cross-Site Scripting via Search Highlights vulnerability discovered by Jack Taylor in WordPress Plugin Relevanssi versions = 4.24.3...

6.1CVSS6.3AI score0.00736EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/04/16 12:0 a.m.•2 views

PT-2025-16932 · Ivanti +1 · Ivanti +1

Name of the Vulnerable Software and Affected Versions: Microsoft Office PowerPoint affected versions not specified Ivanti affected versions not specified Description: A use-after-free issue in Microsoft Office PowerPoint may allow an unauthorized attacker to execute code locally. A critical remot...

7.8CVSS6.9AI score0.00355EPSS

Exploits0References8

Patchstack•added 2025/04/15 6:45 a.m.•6 views

WordPress JetPopup plugin <= 2.0.11 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin JetPopup versions = 2.0.11...

7.5CVSS8.1AI score0.00362EPSS

Exploits0Affected Software1

Patchstack•added 2025/04/02 2:6 p.m.•4 views

WordPress Botnet Attack Blocker plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Botnet Attack Blocker versions = 2.0.0...

6.5CVSS6.5AI score0.00291EPSS

Exploits0Affected Software1

Patchstack•added 2025/04/01 12:0 a.m.•7 views

WordPress Themify Newsy Theme <= 1.9.9 is vulnerable to Arbitrary File Upload

Software Themify Newsy Type Theme Vulnerable versions = 1.9.9 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-30996 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 81aeabc7a9a6 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

6.2AI score0.00195EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/11/25 12:0 a.m.•8 views

WordPress Product Input Fields for WooCommerce Plugin <= 1.9 is vulnerable to Path Traversal

Software Product Input Fields for WooCommerce Type Plugin Vulnerable versions = 1.9 Fixed in 2.0 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10857 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1aed7531d6f7 Credits 1337Wannabe Required...

6.5CVSS6.8AI score0.01922EPSS

Exploits0References3Affected Software1

Patchstack•added 2024/11/18 12:0 a.m.•8 views

WordPress WooCommerce Price Alert Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Price Alert Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52469 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 64532f957694 Credits Mika Required privilege...

6.5AI score0.00089EPSS

Exploits0References2Affected Software1

Patchstack•added 2024/11/15 12:0 a.m.•12 views

WordPress Bounce Handler MailPoet 3 Plugin <= 1.3.21 is vulnerable to Cross Site Scripting (XSS)

Software Bounce Handler MailPoet 3 Type Plugin Vulnerable versions = 1.3.21 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9938 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ab6f81da0c5a Credits Colin Xu...

6.1CVSS5.9AI score0.01989EPSS

Exploits0References2Affected Software1

Patchstack•added 2024/11/04 12:0 a.m.•11 views

WordPress Responsive Data Table Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Data Table Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51710 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 929bb6af39fb Credits João Pedro S Alcântara Kinorth...

7.1CVSS6.9AI score0.00242EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/10/29 12:0 a.m.•8 views

WordPress Post Status Notifier Premium Plugin <= 1.11.6 is vulnerable to Cross Site Scripting (XSS)

Software Post Status Notifier Premium Type Plugin Vulnerable versions = 1.11.6 Fixed in 1.11.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10048 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5dcdb37cb71e Credits...

6.1CVSS5.5AI score0.01998EPSS

Exploits0References2Affected Software1

Patchstack•added 2024/10/21 12:0 a.m.•7 views

WordPress INK Official Plugin <= 4.1.2 is vulnerable to Arbitrary File Upload

Software INK Official Type Plugin Vulnerable versions = 4.1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49669 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 67e983d6f9c5 Credits ghsinfosec Required privilege Contributo...

9.9CVSS6.8AI score0.00489EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/10/14 12:0 a.m.•9 views

WordPress CJ Change Howdy Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software CJ Change Howdy Type Plugin Vulnerable versions = 3.3.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49223 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d1b937179167 Credits SOPROBRO Requir...

7.1CVSS6.9AI score0.00172EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/09/25 12:0 a.m.•10 views

WordPress Templately Plugin <= 3.1.2 is vulnerable to Broken Access Control

Software Templately Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47308 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e4f1c6a95d39 Credits Joshua Chan Required privile...

9.8CVSS6.5AI score0.35299EPSS

Exploits0References2Affected Software1

Patchstack•added 2024/08/26 12:0 a.m.•11 views

WordPress Droip Plugin <= 1.1.1 is vulnerable to Settings Change

Software Droip Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43954 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID d2ffab5d4b5f Credits Dave Jong Patchstack Required privilege...

6.3CVSS6.5AI score0.00253EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/08/21 12:0 a.m.•10 views

WordPress Smart Online Order for Clover Plugin <= 1.5.6 is vulnerable to Broken Access Control

Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7032 Patch priority Medium CVSS severity Medium 6.5 Developer Zaytech PSID 1d01355fa1e4 Credits Lucio Sá Required...

6.5CVSS6.5AI score0.00397EPSS

Exploits0References3Affected Software1

Patchstack•added 2024/08/06 12:0 a.m.•8 views

WordPress Cooked Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Cooked Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-41816 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 18a7c8d0faab Credits re-alter Required privilege Subscriber...

5.4CVSS6.5AI score0.0193EPSS

Exploits1References3Affected Software1

Patchstack•added 2024/06/06 12:0 a.m.•5 views

WordPress Widget Options - Extended Plugin <= 5.1.0 is vulnerable to Sensitive Data Exposure

Software Widget Options - Extended Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.3 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35691 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 80da7493f574 Credits Dave Jong...

6.5CVSS6.4AI score0.00508EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/15 12:0 a.m.•6 views

WordPress Access Category Password Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Access Category Password Type Plugin Vulnerable versions = 1.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32535 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c844ee6de29c Credits Dimas Maulana Required...

7.1CVSS6.5AI score0.00186EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/03/26 12:0 a.m.•9 views

WordPress Favicon Rotator Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)

Software Favicon Rotator Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-28001 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e90080f8961c Credits Rafie Muhammad Patchstack...

7.1CVSS6.8AI score0.00144EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by