Lucene search
K

1527 matches found

Patchstack
Patchstack
added 2024/11/14 12:0 a.m.20 views

WordPress WPvivid Backup and Migration Plugin <= 0.9.107 is vulnerable to PHP Object Injection

Software WPvivid Backup and Migration Type Plugin Vulnerable versions = 0.9.107 Fixed in 0.9.108 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10962 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID b2861821d90b Credits Webbernaut Required...

8.8CVSS6.8AI score0.00635EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/14 12:0 a.m.26 views

WordPress Automation By Autonami Plugin < 3.3.0 is vulnerable to SQL Injection

Software Automation By Autonami Type Plugin Vulnerable versions 3.3.0 Fixed in 3.3.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9186 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0bc9c96e6168 Credits y4ng0615 Required privilege Unauthenticated...

8.6CVSS6.9AI score0.02241EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.19 views

WordPress CF7 Reply Manager Plugin <= 1.2.3 is vulnerable to Arbitrary File Upload

Software CF7 Reply Manager Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52404 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID ea9af17f6366 Credits stealthcopter Required privilege...

9.9CVSS7.2AI score0.00478EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.12 views

WordPress MultiManager WP Plugin <= 1.0.5 is vulnerable to Broken Authentication

Software MultiManager WP Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.1.0 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-11028 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 80e81dabfc85 Credits shaman0x01 Required privilege...

9.8CVSS6.8AI score0.01254EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.20 views

WordPress WP Project Manager Plugin <= 2.6.13 is vulnerable to Insecure Direct Object References (IDOR)

Software WP Project Manager Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.14 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-10174 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 6aaed61c0d51 Credits stealthcopt...

7.3CVSS6.5AI score0.00637EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.19 views

WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Privilege Escalation

Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2024-10800 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 90d7101cbd67 Credits Tonn Required privilege...

8.8CVSS6.5AI score0.00789EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.19 views

WordPress Kognetiks Chatbot for WordPress Plugin <= 2.1.7 is vulnerable to Broken Access Control

Software Kognetiks Chatbot for WordPress Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10530 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 918318d433d6 Credits Tieu Pham Tro...

4.3CVSS6.7AI score0.00438EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.14 views

WordPress CSV to html Plugin <= 3.06 is vulnerable to Arbitrary File Upload

Software CSV to html Type Plugin Vulnerable versions = 3.06 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52406 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID f31bd5d837b7 Credits stealthcopter Required privilege Subscriber...

9.9CVSS9.6AI score0.00478EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/12 12:0 a.m.12 views

WordPress RSS Feed Widget Plugin < 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Software RSS Feed Widget Type Plugin Vulnerable versions 3.0.1 Fixed in 3.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9835 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a28316c34943 Credits Bob Matyas Required...

4.8CVSS5.7AI score0.00303EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2024/11/12 12:0 a.m.17 views

WordPress Styler for Ninja Forms Plugin <= 3.3.4 is vulnerable to Settings Change

Software Styler for Ninja Forms Type Plugin Vulnerable versions = 3.3.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2024-10717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b68f06a005e Credits...

6.5CVSS6.5AI score0.00398EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/11 12:0 a.m.18 views

WordPress WP Photo Album Plus Plugin <= 8.8.08.007 is vulnerable to Broken Access Control

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.8.08.007 Fixed in 8.9.01.001 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-10958 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d60c5fd2604a Credits Arkadiusz...

7.3CVSS6.8AI score0.01577EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/11/11 12:0 a.m.10 views

WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One Plugin <= 2.1.2 is vulnerable to Broken Access Control

Software Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-52383 Patch priority High CVSS severity High 7.5 Developer Claim...

7.5CVSS6.8AI score0.00437EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.10 views

WordPress Text Advertisements Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Text Advertisements Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51879 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c4a6f56c833e Credits SOPROBRO Required privilege Contributo...

6.5CVSS6.5AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.11 views

WordPress Responsive Addons for Elementor Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Addons for Elementor Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52358 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5e0984c9c585 Credits Khalid Yusuf Required...

6.5CVSS6.9AI score0.00258EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.12 views

WordPress OSM – OpenStreetMap Plugin <= 6.1.2 is vulnerable to Cross Site Scripting (XSS)

Software OSM – OpenStreetMap Type Plugin Vulnerable versions = 6.1.2 Fixed in 6.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52355 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 68bca5f9bb55 Credits Junwoo Kang Required privilege...

6.5CVSS6.9AI score0.00263EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.10 views

WordPress Countdown Timer Plugin <= 1.2.4 is vulnerable to Sensitive Data Exposure

Software Countdown Timer Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10669 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97d2e3a5c021 Credits Francesco Carlucci Required privilege...

4.3CVSS6.8AI score0.003EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.13 views

WordPress Registrations for the Events Calendar Plugin < 2.12.4 is vulnerable to Cross Site Scripting (XSS)

Software Registrations for the Events Calendar Type Plugin Vulnerable versions 2.12.4 Fixed in 2.12.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7982 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 576ddc99ad72...

9.6CVSS5.7AI score0.00665EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.8 views

WordPress Custom URL Shortener Plugin <= 0.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Custom URL Shortener Type Plugin Vulnerable versions = 0.3.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51930 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 721373a7389e Credits SOPROBRO Required privilege...

6.5CVSS6.9AI score0.00231EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.15 views

WordPress WP Membership Plugin <= 1.6.2 is vulnerable to Arbitrary File Upload

Software WP Membership Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-10547 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 06e3f08b54a5 Credits Tonn Required privilege Unauthenticated...

9.8CVSS7.2AI score0.00829EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.16 views

WordPress Forms Plugin <= 2.8.0 is vulnerable to Arbitrary File Upload

Software Forms Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51791 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 0594a374dbac Credits stealthcopter Required privilege Unauthenticated...

10CVSS7.2AI score0.00609EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder