Lucene search
K

22 matches found

Patchstack
Patchstack
added 2025/04/29 9:22 p.m.7 views

WordPress WP Statistics plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Settings Update vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Statistics versions = 14.13.3...

6.5CVSS8.7AI score0.00226EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/25 9:34 p.m.11 views

WordPress Element Pack Elementor Addons plugin <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.29...

6.4CVSS6.3AI score0.00179EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/18 12:43 p.m.8 views

WordPress AnalyticsWP plugin <= 2.1.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin AnalyticsWP versions = 2.1.2...

5.3CVSS8.4AI score0.00251EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/17 1:41 p.m.9 views

WordPress Master Slider plugin <= 3.11.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Master Slider versions = 3.11.0...

4.3CVSS8.4AI score0.00198EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/16 1:37 p.m.6 views

WordPress HelpGent plugin <= 2.2.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin HelpGent versions = 2.2.5...

9.8CVSS8.5AI score0.00463EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/15 12:0 a.m.10 views

WordPress Betheme Theme <= 28.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Betheme Type Theme Vulnerable versions = 28.0.3 Fixed in 28.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-3077 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7b297a9d938e Credits Webbernaut Required privilege...

6.4CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2025/04/11 12:21 p.m.6 views

WordPress WooCommerce Loyal Customers plugin <= 2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin WooCommerce Loyal Customers versions = 2.6...

7.5CVSS8.4AI score0.00399EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/10 1:12 p.m.8 views

WordPress Web2application Plugin <= 6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Web2application versions = 6.1...

7.1CVSS6.9AI score0.00257EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/10 12:0 a.m.6 views

WordPress Industrial Lite Theme <= 1.0.8 is vulnerable to Broken Access Control

Software Industrial Lite Type Theme Vulnerable versions = 1.0.8 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-26955 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1a08c3e67c74 Credits Mika Required privilege Subscrib...

4.3CVSS6.5AI score0.00301EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/09 10:9 p.m.7 views

WordPress Accredible Certificates & Open Badges plugin <= 1.4.9 - Authenticated (Administrator+) SQL Injection via orderby Parameter vulnerability

Authenticated Administrator+ SQL Injection via orderby Parameter vulnerability discovered by oncybersec in WordPress Plugin Accredible Certificates & Open Badges versions = 1.4.9...

4.9CVSS9AI score0.00257EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/09 4:51 p.m.7 views

WordPress Lock Your Updates Plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Lock Your Updates versions = 1.1...

7.1CVSS7.1AI score0.00401EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/04 8:29 p.m.10 views

WordPress ZoomSounds plugin <= 6.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin ZoomSounds versions = 6.91...

6.4CVSS6.3AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/04 1:40 p.m.9 views

WordPress UltraAddons – Elementor Addons plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin UltraAddons Elementor Lite versions = 2.0.2...

4.3CVSS8.2AI score0.00145EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/04 1:35 p.m.14 views

WordPress StaffList plugin <= 3.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Anhchangmutrang in WordPress Plugin StaffList versions = 3.2.7...

4.3CVSS8.5AI score0.00372EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/04 1:25 p.m.8 views

WordPress Arkhe Blocks plugin <= 2.27.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Arkhe Blocks versions = 2.27.1...

6.5CVSS7.1AI score0.00367EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/04 1:20 p.m.4 views

WordPress Posts Footer Manager plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by timomangcut in WordPress Plugin Posts Footer Manager versions = 2.2.0...

5.9CVSS7.1AI score0.00384EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/03 4:3 p.m.7 views

WordPress Wptobe-signinup plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Wptobe-signinup versions = 1.1.2...

7.1CVSS7AI score0.00276EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/03 8:53 a.m.6 views

WordPress MyBookProgress by Stormhill Media plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin MyBookProgress by Stormhill Media versions = 1.0.8...

6.5CVSS6.9AI score0.00192EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/03 6:29 a.m.8 views

WordPress Modula Image Gallery plugin <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Modula Image Gallery versions = 2.10.1...

6.4CVSS6.9AI score0.0021EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/02 8:0 p.m.9 views

WordPress Calculated Fields Form plugin < 5.2.64 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Calculated Fields Form versions 5.2.64...

4.8CVSS7.4AI score0.00266EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder