Lucene search
K

904 matches found

Patchstack
Patchstack
added 2024/11/13 12:0 a.m.19 views

WordPress WP Project Manager Plugin <= 2.6.13 is vulnerable to Insecure Direct Object References (IDOR)

Software WP Project Manager Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.14 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-10174 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 6aaed61c0d51 Credits stealthcopt...

7.3CVSS6.5AI score0.00637EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/11 7:17 p.m.13 views

CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...

4.1CVSS6.8AI score0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/11 7:17 p.m.42 views

CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...

4.1CVSS0.00322EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/11 12:0 a.m.11 views

WordPress Global Gateway e4 | Payeezy Gateway | Plugin <= 2.0 is vulnerable to Arbitrary File Deletion

Software Global Gateway e4 | Payeezy Gateway | Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-52371 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 8614ac115bc9 Credits stealthcopter...

8.6CVSS6.8AI score0.00565EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/09 12:0 a.m.24 views

WordPress Charitable Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Charitable Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10876 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a28f1e125bc Credits Peter Thaleikis...

6.1CVSS5.6AI score0.0036EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/05 12:0 a.m.12 views

WordPress Heateor Social Login Plugin <= 1.1.35 is vulnerable to Broken Authentication

Software Heateor Social Login Type Plugin Vulnerable versions = 1.1.35 Fixed in 1.1.36 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10020 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0cb2e3c4d2f1 Credits...

8.1CVSS6.8AI score0.00504EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.10 views

WordPress Jigoshop – Store Toolkit Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Jigoshop – Store Toolkit Type Plugin Vulnerable versions = 1.4.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51712 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 84e860833836 Credits Zlrqh Required privilege...

7.1CVSS6.5AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.7 views

WordPress Master Bar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Master Bar Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51698 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8fdc2a965ea2 Credits João Pedro S Alcântara Kinorth Required...

7.1CVSS6.9AI score0.00275EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.10 views

WordPress Simplistic SEO Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Simplistic SEO Type Plugin Vulnerable versions = 2.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51719 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fcffa486be1c Credits João Pedro S Alcântara Kinorth...

7.1CVSS6.9AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.12 views

WordPress HQ60 Fidelity Card Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)

Software HQ60 Fidelity Card Type Plugin Vulnerable versions = 1.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51713 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bd789775dbe4 Credits SOPROBRO Required privilege...

7.1CVSS6.5AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.16 views

WordPress Don't Break The Code Plugin <= .3.1 is vulnerable to Cross Site Scripting (XSS)

Software Don't Break The Code Type Plugin Vulnerable versions = .3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51779 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e5611bdb41d7 Credits João Pedro S Alcântara Kinorth...

7.1CVSS6.9AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.11 views

WordPress Loginplus Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Loginplus Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51782 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3789effcd64f Credits Mika Required privilege Unauthenticated...

7.1CVSS6.5AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.11 views

WordPress Satisfaction Reports from Help Scout Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Satisfaction Reports from Help Scout Type Plugin Vulnerable versions = 2.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51778 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cf60abd46d51 Credits thiennv...

7.1CVSS6.5AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/01 12:0 a.m.19 views

WordPress BBP Core - Expand bbPress powered forums with useful features Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software BBP Core - Expand bbPress powered forums with useful features Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9896 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownershi...

6.1CVSS5.7AI score0.00368EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/30 12:0 a.m.13 views

WordPress RSVPMaker for Toastmasters Plugin <= 6.2.4 is vulnerable to Arbitrary File Upload

Software RSVPMaker for Toastmasters Type Plugin Vulnerable versions = 6.2.4 Fixed in 6.2.5 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50531 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 44944f5e5051 Credits stealthcopter Required...

10CVSS6.9AI score0.00496EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/29 12:0 a.m.12 views

WordPress Crypto Plugin <= 2.18 is vulnerable to Broken Authentication

Software Crypto Type Plugin Vulnerable versions = 2.18 Fixed in 2.19 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9989 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a98b5d070482 Credits István Márton...

9.8CVSS9.5AI score0.07217EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/28 12:0 a.m.11 views

WordPress Bulk Change Role Plugin <= 1.1 is vulnerable to Privilege Escalation

Software Bulk Change Role Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50504 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID ae994493e2ec Credits Muhamad Ag...

8.8CVSS6.6AI score0.00469EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.17 views

WordPress WatchTowerHQ Plugin <= 3.10.1 is vulnerable to Broken Authentication

Software WatchTowerHQ Type Plugin Vulnerable versions = 3.10.1 Fixed in 3.10.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9933 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b771d8428a0 Credits István...

9.8CVSS9.4AI score0.01935EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.12 views

WordPress GRÜN spendino Spendenformular Plugin <= 1.0.1 is vulnerable to Privilege Escalation

Software GRÜN spendino Spendenformular Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50476 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 6ea142807fb0...

9.8CVSS6.5AI score0.01219EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.14 views

WordPress Woocommerce Quote Calculator Plugin <= 1.1 is vulnerable to SQL Injection

Software Woocommerce Quote Calculator Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-50479 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9292eef5e46d Credits LVT-tholv2k Required privilege...

9.8CVSS6.8AI score0.00475EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder