Lucene search
K

904 matches found

Patchstack
Patchstack
added 2024/10/24 12:0 a.m.15 views

WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.14.1 is vulnerable to Cross Site Scripting (XSS)

Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.14.1 Fixed in 4.14.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50448 Patch priority Medium CVSS severity Medium 7.1 Developer YITH PSID c89cdca7b8b3 Credits Le Ngoc Anh Required...

7.1CVSS6.5AI score0.00302EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.21 views

WordPress Time Clock Pro Plugin <= 1.1.4 is vulnerable to Remote Code Execution (RCE)

Software Time Clock Pro Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-9593 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 9837dd0a77ff Credits István Márton Required privilege...

8.3CVSS7.2AI score0.12491EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.13 views

WordPress SiteBuilder Dynamic Components Plugin <= 1.0 is vulnerable to PHP Object Injection

Software SiteBuilder Dynamic Components Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49625 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7e4e11ce38e6 Credits Mika Required privilege...

9.8CVSS6.9AI score0.00514EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.10 views

WordPress Duplicate Title Validate Plugin <= 1.0 is vulnerable to SQL Injection

Software Duplicate Title Validate Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49623 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 62fe8295ce3c Credits Muhamad Agil Fachrian Required privilege...

8.8CVSS6.9AI score0.00433EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.14 views

WordPress Endless Posts Navigation Plugin <= 2.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Endless Posts Navigation Type Plugin Vulnerable versions = 2.2.7 Fixed in 2.2.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49629 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c607ad01f6a Credits...

7.1CVSS6.9AI score0.00158EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.11 views

WordPress MyTweetLinks Plugin <= 1.1.1 is vulnerable to SQL Injection

Software MyTweetLinks Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49618 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 011544e8e2d0 Credits João Pedro S Alcântara Kinorth Required privilege...

8.8CVSS8.8AI score0.00432EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/17 12:0 a.m.12 views

WordPress Sovratec Case Management Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload

Software Sovratec Case Management Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49324 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 36d5eac9e669 Credits stealthcopter Required privilege...

10CVSS6.9AI score0.00497EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/16 12:0 a.m.10 views

WordPress Nextend Social Login Pro Plugin <= 3.1.14 is vulnerable to Broken Authentication

Software Nextend Social Login Pro Type Plugin Vulnerable versions = 3.1.14 Fixed in 3.1.15 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-9893 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7fe16af79d00 Credits wesley wcraft...

9.8CVSS9.4AI score0.00645EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/16 12:0 a.m.15 views

WordPress SendPulse Free Web Push Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Software SendPulse Free Web Push Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9184 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54dee5d0997d Credits Francesco...

7.2CVSS5.9AI score0.00442EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/16 12:0 a.m.12 views

WordPress PublishPress Authors Plugin <= 4.7.1 is vulnerable to Privilege Escalation

Software PublishPress Authors Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-9215 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID dc9bff13d8f2 Credits wesley wcraft Required...

8.8CVSS6.5AI score0.00498EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.18 views

WordPress Cooked Pro Plugin < 1.8.0 is vulnerable to Arbitrary File Upload

Software Cooked Pro Type Plugin Vulnerable versions 1.8.0 Fixed in 1.8.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49291 Patch priority High CVSS severity High 10 Developer Claim ownership PSID ca91d1c3c8bf Credits RE-ALTER Required privilege Unauthenticated...

10CVSS6.8AI score0.00496EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.19 views

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8507 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID caf0adb29b86 Credits TANG Cheuk Hei...

8.8CVSS8.8AI score0.00229EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.10 views

WordPress Digitally Theme <= 1.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Digitally Type Theme Vulnerable versions = 1.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49309 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 216a2ab68c1d Credits justakazh Required privilege...

7.1CVSS6.6AI score0.00259EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.17 views

WordPress WP 2FA with Telegram Plugin <= 3.0 is vulnerable to Broken Authentication

Software WP 2FA with Telegram Type Plugin Vulnerable versions = 3.0 Fixed in 3.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9687 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID c6f09889bfbf Credits István...

8.8CVSS6.6AI score0.00465EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.21 views

WordPress GiveWP Plugin <= 3.16.3 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.16.3 Fixed in 3.16.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-9634 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID a33794a83e6f Credits lefab Required privilege Unauthenticated...

9.8CVSS9.6AI score0.01399EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.16 views

WordPress CURCY Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software CURCY Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49283 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a6bd022fc477 Credits Dimas Maulana Required privilege...

7.1CVSS7AI score0.00292EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.9 views

WordPress My Reading Library Plugin <= 1.0 is vulnerable to PHP Object Injection

Software My Reading Library Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49318 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 404c7fdc5e2d Credits LVT-tholv2k Required privilege...

9.8CVSS6.9AI score0.00513EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.15 views

WordPress Smart Online Order for Clover Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8787 Patch priority Medium CVSS severity Medium 7.1 Developer Zaytech PSID ef2985b5f2b9 Credits vgo0 Require...

6.1CVSS5.7AI score0.00363EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.9 views

WordPress Locatoraid Store Locator Plugin <= 3.9.47 is vulnerable to Cross Site Scripting (XSS)

Software Locatoraid Store Locator Type Plugin Vulnerable versions = 3.9.47 Fixed in 3.9.48 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9652 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b0bf6a78a627 Credits vgo0...

6.1CVSS5.6AI score0.00355EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.11 views

WordPress Digital Lottery Plugin <= 3.0.5 is vulnerable to Arbitrary File Upload

Software Digital Lottery Type Plugin Vulnerable versions = 3.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49242 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 7676461ee2c0 Credits stealthcopter Required privilege...

10CVSS7.2AI score0.00496EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder