Lucene search
K

5105 matches found

Patchstack
Patchstack
added 2023/07/10 12:0 a.m.10 views

WordPress Getnet Argentina para Woocommerce Plugin 0.0.1-0.0.4 is vulnerable to Broken Access Control

Software Getnet Argentina para Woocommerce Type Plugin Vulnerable versions 0.0.1-0.0.4 Fixed in 0.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3525 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 026805019331 Credits Kijam...

7.5CVSS6.6AI score0.00637EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/07/10 12:0 a.m.11 views

WordPress Yet Another Stars Rating Plugin <= 3.3.8 is vulnerable to Race Condition

Software Yet Another Stars Rating Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A5: Broken Access Control Classification Race Condition CVE CVE-2023-37867 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 9a9795e352fc Credits Abdi Pranata Required...

8.1CVSS6.6AI score0.00405EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/07 12:0 a.m.17 views

WordPress Buy Me a Coffee Plugin <= 3.7 is vulnerable to Broken Access Control

Software Buy Me a Coffee Type Plugin Vulnerable versions = 3.7 Fixed in 3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25030 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID efd2e1e73286 Credits Abdi Pranata Required privilege...

4.3CVSS6.4AI score0.00237EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/05 12:0 a.m.15 views

WordPress Terms descriptions Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Terms descriptions Type Plugin Vulnerable versions = 3.4.4 Fixed in 3.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28779 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2f42703e921f Credits Kindaichi Hiro...

7.1CVSS5.6AI score0.00331EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/05 12:0 a.m.17 views

WordPress Media Library Helper by Codexin Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Media Library Helper by Codexin Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-37386 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 31c3323d9133 Credits...

8.8CVSS6.6AI score0.00208EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/05 12:0 a.m.19 views

WordPress Coming Soon Plugin <= 1.5.9 is vulnerable to SQL Injection

Software Coming Soon Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46849 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0a93f0e48b26 Credits Le Ngoc Anh Required privilege Administrator Publishe...

9.8CVSS6.8AI score0.00547EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/07/05 12:0 a.m.11 views

WordPress Classified Listing Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Classified Listing Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-37387 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 58373c58e878 Credits István Márton...

8.8CVSS6.6AI score0.00208EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/04 12:0 a.m.20 views

WordPress Post SMTP Plugin < 2.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post SMTP Type Plugin Vulnerable versions 2.5.7 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3179 Patch priority Low CVSS severity Low 8.8 Developer WPExperts PSID a42127c2ce5a Credits Erwan LR WPScan Required privilege...

8.8CVSS6.5AI score0.00321EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/07/04 12:0 a.m.14 views

WordPress tagDiv Cloud Library Plugin < 2.7 is vulnerable to Privilege Escalation

Software tagDiv Cloud Library Type Plugin Vulnerable versions 2.7 Fixed in 2.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-1597 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d62f2f7e76e8 Credits Truoc Pha...

8.8CVSS6.5AI score0.00474EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/07/04 12:0 a.m.24 views

WordPress User Registration Plugin <= 3.0.2 is vulnerable to Arbitrary File Upload

Software User Registration Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.2.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-3342 Patch priority High CVSS severity High 9.9 Developer Masteriyo PSID 9e6954072452 Credits István Márton Required privilege Subscribe...

9.9CVSS6.8AI score0.01454EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/07/04 12:0 a.m.18 views

WordPress WP-Optimize Plugin < 3.2.13 is vulnerable to Cross Site Scripting (XSS)

Software WP-Optimize Type Plugin Vulnerable versions 3.2.13 Fixed in 3.2.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1119 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 74a58d2a57e4 Credits Paolo Elia Required...

6.1CVSS5.6AI score0.01099EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/07/04 12:0 a.m.16 views

WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.2 is vulnerable to Broken Access Control

Software Cryptocurrency Widgets – Price Ticker & Coins List Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-36681 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ec249fa35f9a...

6.3AI score0.00719EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/04 12:0 a.m.14 views

WordPress Companion Sitemap Generator – HTML & XML Plugin < 4.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Companion Sitemap Generator – HTML & XML Type Plugin Vulnerable versions 4.5.3 Fixed in 4.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1780 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c5448d43a2a...

6.1CVSS5.5AI score0.01019EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/07/04 12:0 a.m.14 views

WordPress My Content Management Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software My Content Management Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f6e3eb68e74c Credits emad Required...

5.9CVSS5.8AI score0.00336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/07/04 12:0 a.m.12 views

WordPress LearnPress Plugin <= 4.2.3 is vulnerable to Broken Access Control

Software LearnPress Type Plugin Vulnerable versions = 4.2.3 Fixed in 4.2.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-36516 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 9d39c7dfcdce Credits Rafie Muhammad Patchstack...

8.8CVSS6.5AI score0.00406EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/04 12:0 a.m.12 views

WordPress Simple Giveaways Plugin <= 2.48.0 is vulnerable to Broken Access Control

Software Simple Giveaways Type Plugin Vulnerable versions = 2.48.0 Fixed in 2.48.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23893 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e25cb2d4a4a7 Credits Nguyen Anh Tien Required...

6.3AI score0.0046EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/03 12:0 a.m.3 views

PT-2023-4535

Name of the Vulnerable Software and Affected Versions Nullsoft Scriptable Install System NSIS versions prior to 3.09 Description The issue is related to insufficient access control in the Nullsoft Scriptable Install System, which can be exploited by a remote attacker to elevate their privileges...

5.3CVSS6.1AI score0.00734EPSS
Exploits0References30
Patchstack
Patchstack
added 2023/06/30 12:0 a.m.5 views

WordPress Request a Quote Plugin < 2.3.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Request a Quote Type Plugin Vulnerable versions 2.3.11 Fixed in 2.3.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bdadec21f189 Credits N/A Required privilege...

7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/06/30 12:0 a.m.13 views

WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to SQL Injection

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-36677 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 5776b5f22100 Credits Le Ngoc Anh Required privilege...

8.8CVSS6.8AI score0.00578EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/06/30 12:0 a.m.12 views

WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Insecure Direct Object References (IDOR)

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A1: Injection Classification Insecure Direct Object References IDOR CVE CVE-2023-3063 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 479dd26d18cf Credits István Márt...

8.8CVSS6.7AI score0.00729EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder