Lucene search
K

1527 matches found

Patchstack
Patchstack
added 2024/10/28 12:0 a.m.12 views

WordPress Bulk Change Role Plugin <= 1.1 is vulnerable to Privilege Escalation

Software Bulk Change Role Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50504 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID ae994493e2ec Credits Muhamad Ag...

8.8CVSS6.6AI score0.00469EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.14 views

WordPress Signup Page Plugin <= 1.0 is vulnerable to Privilege Escalation

Software Signup Page Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50475 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15ed63623277 Credits Mika Required...

9.8CVSS6.5AI score0.01219EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.19 views

WordPress Uix Shortcodes Plugin <= 1.9.9 is vulnerable to Arbitrary Code Execution

Software Uix Shortcodes Type Plugin Vulnerable versions = 1.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9772 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID a42f828d9a99 Credits Francesco Carlucci Required privilege...

7.3CVSS7AI score0.01411EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.9 views

WordPress WP-Members Plugin <= 3.4.9.5 is vulnerable to Cross Site Scripting (XSS)

Software WP-Members Type Plugin Vulnerable versions = 3.4.9.5 Fixed in 3.4.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10374 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b793b5e43f7e Credits Peter Thaleikis Required...

6.4CVSS5.7AI score0.00434EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.22 views

WordPress MaanStore API Plugin <= 1.0.1 is vulnerable to Broken Authentication

Software MaanStore API Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50487 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 80e67caa15fa Credits...

9.8CVSS6.8AI score0.00525EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.24 views

WordPress Button contact VR Plugin <= 4.7.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Button contact VR Type Plugin Vulnerable versions = 4.7.9.1 Fixed in 4.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50414 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8a3582798f30 Credits UKO Required privilege...

5.9CVSS6.5AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.20 views

WordPress BuddyPress Plugin <= 14.1.0 is vulnerable to Directory Traversal

Software BuddyPress Type Plugin Vulnerable versions = 14.1.0 Fixed in 14.2.1 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-10011 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 06408034e9a6 Credits Domons Required privilege Subscriber Publish...

8.1CVSS6.8AI score0.00914EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.11 views

WordPress Contact Form 7 - Repeatable Fields Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 - Repeatable Fields Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10180 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d39a0f706c9a Credits Pete...

6.4CVSS5.7AI score0.00304EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.9 views

WordPress Clean Retina Theme <= 3.0.6 is vulnerable to Local File Inclusion

Software Clean Retina Type Theme Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-50436 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID e56d05b5bd53 Credits tahu.datar Required privilege Unauthenticate...

7.5CVSS6.8AI score0.00456EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.7 views

WordPress File Upload Types Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Software File Upload Types Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10016 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d655bda3dd64 Credits Francesco Carlucci...

6.4CVSS5.7AI score0.00373EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.11 views

WordPress Shoutcast Icecast HTML5 Radio Player Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Shoutcast Icecast HTML5 Radio Player Type Plugin Vulnerable versions = 2.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8666 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3e71cc774a45 Credits...

6.4CVSS5.7AI score0.00282EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.22 views

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3.4 Fixed in 1.3.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0f23dd4816a6 Credits...

6.5CVSS6.5AI score0.00254EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.9 views

WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.19 is vulnerable to Cross Site Scripting (XSS)

Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.19 Fixed in 1.4.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50447 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 28c4d14cb691 Credits...

6.5CVSS6.3AI score0.00239EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.15 views

WordPress Firelight Lightbox Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Firelight Lightbox Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50460 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2edb2390ea9c Credits Robert DeVore Required privilege...

5.9CVSS6.5AI score0.00241EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.12 views

WordPress The Pack Elementor addons Plugin <= 2.0.9 is vulnerable to Local File Inclusion

Software The Pack Elementor addons Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.1.0 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-50453 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID e424fb066139 Credits João Pedro S Alcânta...

8.8CVSS7.6AI score0.00542EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/23 12:0 a.m.12 views

WordPress EventPrime Plugin <= 4.0.4.7 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 4.0.4.7 Fixed in 4.0.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9865 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b2193c9ee308 Credits zer0gh0st Required...

6.1CVSS5.9AI score0.0036EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/23 12:0 a.m.16 views

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.43 is vulnerable to Sensitive Data Exposure

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.43 Fixed in 1.6.44 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10050 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 22957639a0e5...

4.3CVSS6.5AI score0.00471EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/23 12:0 a.m.20 views

WordPress WC Marketplace Plugin <= 4.2.4 is vulnerable to Broken Access Control

Software WC Marketplace Type Plugin Vulnerable versions = 4.2.4 Fixed in 4.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9531 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7dab4da2d17f Credits Tieu Pham Trong Nhan Required...

4.3CVSS6.5AI score0.00334EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/22 12:0 a.m.14 views

WordPress Download Plugin Plugin <= 2.2.0 is vulnerable to Broken Access Control

Software Download Plugin Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9829 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID da1ab1cf4af2 Credits WordFence Required...

6.5CVSS6.4AI score0.00406EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/21 12:0 a.m.12 views

WordPress Simple Custom Admin Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Custom Admin Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49647 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3970364b5682 Credits Mika Required privilege...

7.1CVSS6.5AI score0.00275EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder