Lucene search
K

572 matches found

Patchstack
Patchstack
added 2025/06/23 9:7 p.m.9 views

WordPress Aiomatic plugin <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by khanhhnahk1 in WordPress Plugin Aiomatic versions = 2.5.0...

7.5CVSS6.8AI score0.00446EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/19 4:33 p.m.5 views

WordPress WPThumb plugin <= 0.10 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by domiee13 in WordPress Plugin WPThumb versions = 0.10...

4.9CVSS6.7AI score0.00173EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/17 10:56 a.m.6 views

WordPress Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin <= 19.9.0 - Incorrect Authorization to Authenticated (Contributor+) Plugin Settings Update vulnerability

Incorrect Authorization to Authenticated Contributor+ Plugin Settings Update vulnerability discovered by Amin Beheshti in WordPress Plugin Poll, Survey & Quiz Maker Plugin by Opinion Stage versions = 19.9.0...

4.3CVSS6.7AI score0.00241EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/13 6:45 a.m.5 views

WordPress Color Palette plugin <= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via hex Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via hex Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Color Palette versions = 4.3.2...

6.4CVSS5.5AI score0.00223EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/13 6:38 a.m.208 views

WordPress Telegram for WP plugin <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan in WordPress Plugin Telegram for WP versions = 1.6.1...

4.4CVSS5.5AI score0.00199EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/11 12:0 a.m.7 views

WordPress Aora Theme <= 1.3.9 is vulnerable to Local File Inclusion

Software Aora Type Theme Vulnerable versions = 1.3.9 Fixed in 1.3.10 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49260 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID c279fefa752d Credits Phat RiO - BlueRock Required privilege...

8.1CVSS6.8AI score0.00496EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/11 12:0 a.m.6 views

WordPress Zota Theme <= 1.3.8 is vulnerable to Local File Inclusion

Software Zota Type Theme Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49257 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 511b31ea918b Credits Phat RiO - BlueRock Required privilege...

8.1CVSS6.8AI score0.00397EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/05 8:6 p.m.10 views

WordPress ESV Bible Shortcode for WordPress plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin ESV Bible Shortcode for WordPress versions = 1.0.2...

6.4CVSS5.5AI score0.00192EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/05 1:25 a.m.11 views

WordPress WP Compress for MainWP plugin <= 6.30.32 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by HLog in WordPress Plugin WP Compress for MainWP versions = 6.30.32...

5.4CVSS6.7AI score0.00257EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/05 12:20 a.m.8 views

WordPress WP Time Slots Booking Form plugin <= 1.2.30 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Jang Jeong Ahn Jhanks in WordPress Plugin WP Time Slots Booking Form versions = 1.2.30...

4.3CVSS6.6AI score0.00128EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/05 12:12 a.m.11 views

WordPress WP Table Builder plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin WP Table Builder versions = 2.0.6...

4.3CVSS6.6AI score0.0014EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/05 12:12 a.m.14 views

WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Skalucy in WordPress Plugin Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant versions = 4.1.1...

4.3CVSS6.6AI score0.0014EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/05/30 2:9 p.m.9 views

WordPress Number of Products per Page – Pagination Manager for WooCommerce plugin <= 2.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin Number of Products per Page Pagination Manager for WooCommerce versions = 2.4.0...

6.5CVSS6.6AI score0.00209EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/05/30 10:3 a.m.10 views

WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Real Time Validation for Gravity Forms versions = 1.7.0...

7.1CVSS5.9AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/05/30 6:57 a.m.7 views

WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Compare and Google Maps Widgets vulnerability discovered by Robert DeVore in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.2...

6.4CVSS5.5AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/05/27 1:17 a.m.17 views

WordPress MStore API plugin <= 4.17.5 - Missing Authorization to Authenticated (Subscriber+) Posts Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Posts Creation vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin MStore API versions = 4.17.5...

4.3CVSS6.7AI score0.0025EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/05/23 10:8 p.m.9 views

WordPress eMagicOne Store Manager for WooCommerce plugin <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file() vulnerability

Unauthenticated Arbitrary File Upload via setfile vulnerability discovered by Ryan Kozak in WordPress Plugin eMagicOne Store Manager versions = 1.2.5...

9.8CVSS6.7AI score0.01125EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2025/05/23 9:43 p.m.4 views

WordPress WP SMTP plugin <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting via Email vulnerability

Unauthenticated Stored Cross-Site Scripting via Email vulnerability discovered by zer0gh0st in WordPress Plugin WP SMTP versions = 2.1.5...

7.2CVSS5.5AI score0.00347EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/05/23 9:43 p.m.9 views

WordPress Pagelayer plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Link vulnerability discovered by zer0gh0st in WordPress Plugin PageLayer versions = 2.0.0...

6.4CVSS5.5AI score0.00263EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/05/22 12:29 p.m.10 views

WordPress ReDi Restaurant Reservation plugin <= 24.1209 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ryan Novotny in WordPress Plugin ReDi Restaurant Reservation versions = 24.1209...

7.1CVSS5.9AI score0.00191EPSS
Exploits0Affected Software1
Rows per page
Query Builder