Lucene search
K

33 matches found

Patchstack
Patchstack
added 2025/09/22 7:41 p.m.10 views

WordPress Event Rocket Plugin <= 3.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by muhammad yudha in WordPress Plugin Event Rocket versions = 3.3...

4.3CVSS6.7AI score0.00292EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/08/14 2:51 p.m.7 views

WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability

Settings Change Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Membership versions = 1.6.3...

5.4CVSS6.7AI score0.00202EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/07/16 7:41 a.m.7 views

WordPress Affiliate Reviews plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via numColumns Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via numColumns Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Affiliate Reviews versions = 1.0.6...

6.4CVSS5.7AI score0.00225EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/01 3:49 p.m.5 views

WordPress pCloud Backup plugin <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin pCloud Backup versions = 1.0.1...

4.3CVSS8.5AI score0.00372EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/12 12:0 a.m.10 views

WordPress Fat Rat Collect Plugin <= 2.7.3 is vulnerable to Cross Site Scripting (XSS)

Software Fat Rat Collect Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10577 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1bb18ef91a7a Credits Peter Thaleikis...

6.1CVSS6AI score0.0048EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/10/26 2:31 a.m.37 views

CVE-2024-10091 ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00309EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.17 views

WordPress WatchTowerHQ Plugin <= 3.10.1 is vulnerable to Broken Authentication

Software WatchTowerHQ Type Plugin Vulnerable versions = 3.10.1 Fixed in 3.10.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9933 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b771d8428a0 Credits István...

9.8CVSS9.4AI score0.01935EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/15 2:3 a.m.12 views

CVE-2024-9687 WP 2FA with Telegram <= 3.0 - Authenticated (Subscriber+) Authentication Bypass

The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validatetg' action. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS8.5AI score0.00465EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.11 views

WordPress ImagePress Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software ImagePress Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 664cdc394386 Credits Michelle Porter Required privilege...

4.3CVSS6.6AI score0.00322EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.14 views

WordPress CJ Change Howdy Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software CJ Change Howdy Type Plugin Vulnerable versions = 3.3.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49223 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d1b937179167 Credits SOPROBRO Requir...

7.1CVSS6.9AI score0.00156EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/01 12:0 a.m.15 views

WordPress Wechat Social login Plugin <= 1.3.0 is vulnerable to Broken Authentication

Software Wechat Social login Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9106 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26efb59ee707 Credits Istvá...

9.8CVSS6.6AI score0.01662EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/10/01 12:0 a.m.8 views

WordPress LH Copy Media File Plugin <= 1.08 is vulnerable to Cross Site Scripting (XSS)

Software LH Copy Media File Type Plugin Vulnerable versions = 1.08 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9220 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f98d57ff7d4d Credits Colin Xu Required...

6.1CVSS5.7AI score0.0036EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.9 views

WordPress Checkout Mestres WP Plugin <= 8.6 is vulnerable to Local File Inclusion

Software Checkout Mestres WP Type Plugin Vulnerable versions = 8.6 Fixed in 8.6.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44030 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 15bf1846430c Credits tahu.datar Required privilege...

7.2CVSS6.9AI score0.00631EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/08 12:0 a.m.12 views

WordPress FooBox Image Lightbox Plugin <= 2.7.28 is vulnerable to Cross Site Scripting (XSS)

Software FooBox Image Lightbox Type Plugin Vulnerable versions = 2.7.28 Fixed in 2.7.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5668 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 34ccb97b63f3 Credits Webbernaut...

6.4CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/02 12:0 a.m.11 views

WordPress Ebook Store Plugin <= 5.8001 is vulnerable to Sensitive Data Exposure

Software Ebook Store Type Plugin Vulnerable versions = 5.8001 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6567 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4d20c9d6d85a Credits stealthcopter Required privileg...

5.3CVSS6.6AI score0.00448EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/08/01 9:29 a.m.28 views

CVE-2024-6346 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00306EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/30 6:48 a.m.15 views

CVE-2024-7100 Bold Page Builder <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btbbbutton shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.8AI score0.00414EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/06/20 12:0 a.m.20 views

WordPress WP Post Author Plugin <= 3.6.7 is vulnerable to Cross Site Scripting (XSS)

Software WP Post Author Type Plugin Vulnerable versions = 3.6.7 Fixed in 3.6.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37101 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 123a43620732 Credits Khalid Yusuf Required privilege...

6.5CVSS6.6AI score0.00261EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/19 12:0 a.m.7 views

WordPress Lifeline Donation Plugin <= 1.2.6 is vulnerable to Broken Authentication

Software Lifeline Donation Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-5432 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c4cb49e164b6 Credits István Márton Required...

9.8CVSS6.5AI score0.00664EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/20 12:0 a.m.15 views

WordPress Debug Log – Manger Tool Plugin <= 1.4.5 is vulnerable to Sensitive Data Exposure

Software Debug Log – Manger Tool Type Plugin Vulnerable versions = 1.4.5 Fixed in 1.5 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-34798 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 669450ad8391 Credits emad Required...

5.3CVSS6.5AI score0.00344EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder