Lucene search
K

397 matches found

Patchstack
Patchstack
added 2024/10/15 12:0 a.m.9 views

WordPress My Reading Library Plugin <= 1.0 is vulnerable to PHP Object Injection

Software My Reading Library Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49318 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 404c7fdc5e2d Credits LVT-tholv2k Required privilege...

9.8CVSS6.9AI score0.00513EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.19 views

WordPress BuddyPress Better Registration Plugin <= 1.6 is vulnerable to Broken Authentication

Software BuddyPress Better Registration Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-49247 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4288fed05f70...

9.8CVSS6.5AI score0.0052EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.8 views

WordPress Azz Anonim Posting Plugin <= 0.9 is vulnerable to Arbitrary File Upload

Software Azz Anonim Posting Type Plugin Vulnerable versions = 0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49257 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a0f84f528406 Credits stealthcopter Required privilege...

10CVSS6.9AI score0.00496EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/10 12:0 a.m.12 views

WordPress Pedalo Connector Plugin <= 2.0.5 is vulnerable to Broken Authentication

Software Pedalo Connector Type Plugin Vulnerable versions = 2.0.5 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9822 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4f984c880363 Credits István...

9.8CVSS9.5AI score0.00905EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/08 12:0 a.m.16 views

WordPress LatePoint Plugin <= 5.0.12 is vulnerable to Broken Authentication

Software LatePoint Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-8943 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f9b741b682a7 Credits István Márt...

9.8CVSS6.8AI score0.02994EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/07 12:0 a.m.31 views

WordPress Bit File Manager Plugin <= 6.5.7 is vulnerable to Arbitrary File Upload

Software Bit File Manager Type Plugin Vulnerable versions = 6.5.7 Fixed in 6.5.8 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-8743 Patch priority High CVSS severity High 6.8 Developer Claim ownership PSID c3b2ce42763f Credits TANG Cheuk Hei siunam Required privileg...

6.8CVSS6.9AI score0.00754EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/10/04 12:0 a.m.19 views

WordPress Advanced Custom Fields PRO Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20865 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 148c8b46d288 Credits Keitaro Yamazaki...

7.5CVSS7.5AI score0.02462EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/01 12:0 a.m.20 views

WordPress Hello World Plugin <= 2.1.1 is vulnerable to Arbitrary File Download

Software Hello World Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-9224 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 936cc3342bfb Credits yudha Required privilege...

6.5CVSS6.5AI score0.01397EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/10/01 12:0 a.m.16 views

WordPress Affiliate Pro - Affiliate Program for WooCommerce & WordPress Plugin <= 8.4.1 is vulnerable to Privilege Escalation

Software Affiliate Pro - Affiliate Program for WooCommerce & WordPress Type Plugin Vulnerable versions = 8.4.1 Fixed in 8.5.0 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-9289 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a5bcf0c87e...

9.8CVSS6.6AI score0.00559EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/01 12:0 a.m.15 views

WordPress KB Support Plugin <= 1.6.6 is vulnerable to Broken Access Control

Software KB Support Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8548 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 4619b943c20e Credits Krzysztof Zając Required privileg...

8.1CVSS8AI score0.00358EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/01 12:0 a.m.15 views

WordPress Wechat Social login Plugin <= 1.3.0 is vulnerable to Broken Authentication

Software Wechat Social login Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9106 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26efb59ee707 Credits Istvá...

9.8CVSS6.6AI score0.01662EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.36 views

WordPress JobSearch Plugin <= 2.5.9 is vulnerable to PHP Object Injection

Software JobSearch Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-47636 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5e0aa88de68e Credits Bonds Required privilege Unauthenticated...

9.8CVSS6.8AI score0.00543EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.20 views

WordPress GiveWP Plugin <= 3.16.2 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.16.2 Fixed in 3.16.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-8353 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID ab27727ec281 Credits cuokon Required privilege Unauthenticated...

10CVSS9.5AI score0.28931EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2024/09/26 12:0 a.m.16 views

WordPress JupiterX Core Plugin <= 4.7.5 is vulnerable to Broken Authentication

Software JupiterX Core Type Plugin Vulnerable versions = 4.7.5 Fixed in 4.7.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-7781 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 4950f50fad7a Credits Geo Void...

9.8CVSS6.6AI score0.00953EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/26 12:0 a.m.15 views

WordPress Multi Step for Contact Form Plugin <= 2.7.7 is vulnerable to SQL Injection

Software Multi Step for Contact Form Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-47331 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a27c5e08d690 Credits Hakiduck Required privilege...

9.8CVSS6.8AI score0.00583EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.11 views

WordPress MH Board Plugin <= 1.3.2.1 is vulnerable to Local File Inclusion

Software MH Board Type Plugin Vulnerable versions = 1.3.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44017 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 729ae474bd3b Credits tahu.datar Required privilege Unauthenticated...

7.5CVSS6.9AI score0.00511EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.8 views

WordPress VR Calendar Plugin <= 2.4.0 is vulnerable to Local File Inclusion

Software VR Calendar Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44013 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 3e489bf6197d Credits tahu.datar Required privilege Unauthenticate...

7.5CVSS6.8AI score0.00522EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/17 12:0 a.m.15 views

WordPress Houzez Theme <= 3.2.4 is vulnerable to Privilege Escalation

Software Houzez Type Theme Vulnerable versions = 3.2.4 Fixed in 3.3.0 OWASP Top 10 A5: Security Misconfiguration Classification Privilege Escalation CVE CVE-2024-22303 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 51553a618b56 Credits luc Required privilege Subscriber...

8.8CVSS6.5AI score0.00444EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/16 12:0 a.m.11 views

WordPress WPCargo Track & Trace Plugin <= 7.0.6 is vulnerable to SQL Injection

Software WPCargo Track & Trace Type Plugin Vulnerable versions = 7.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-44004 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 8e07b930efd1 Credits LVT-tholv2k Required privilege...

9.8CVSS6.8AI score0.00462EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/10 12:0 a.m.14 views

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.90 is vulnerable to Privilege Escalation

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.90 Fixed in 2.2.91 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-8253 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 751ae97fca06 Credits wesley wcraft...

8.8CVSS6.5AI score0.0957EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder