Lucene search
K

19 matches found

Patchstack
Patchstack
added 2022/09/21 12:0 a.m.19 views

WordPress Passster plugin <= 3.5.5.5.1 - Insecure Storage of Password vulnerability

Insecure Storage of Password vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Passster plugin versions = 3.5.5.5.1. Solution Update the WordPress Passster – Password Protection plugin to the latest available version at least 3.5.5.5.2...

5.9CVSS1.6AI score0.00452EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/09/19 12:0 a.m.22 views

WordPress reSmush.it Image Optimizer plugin <= 0.4.5 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress reSmush.it Image Optimizer plugin versions = 0.4.5. Solution Update the WordPress reSmush.it plugin to the latest available version at least 0.4.6...

4.8CVSS1.3AI score0.00506EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/19 12:0 a.m.18 views

WordPress Simple File List plugin <= 4.4.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Simple File List plugin versions = 4.4.11. Solution Update the WordPress Simple File List plugin to the latest available version at least 4.4.12...

4.8CVSS1.4AI score0.0047EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/07 12:0 a.m.23 views

WordPress Frontend File Manager plugin <= 21.2 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Frontend File Manager plugin versions = 21.2. Solution Update the WordPress Frontend File Manager plugin to the latest available version at least 21.3...

8.8CVSS2.1AI score0.01113EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/05 12:0 a.m.21 views

WordPress Post SMTP Mailer/Email Log plugin <= 2.1.6 - Authenticated Blind Server-Side Request Forgery (SSRF) vulnerability

Authenticated Blind Server-Side Request Forgery SSRF vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Post SMTP Mailer/Email Log plugin versions = 2.1.6. Solution Update the WordPress Post SMTP Mailer/Email Log plugin to the latest available version at least 2.1.7...

7.2CVSS1.3AI score0.01039EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/16 12:0 a.m.38 views

WordPress WP Database Backup Plugin <= 5.8.3 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Raad Haddad in WP Database Backup plugin versions = 5.8.3 Solution Update the WordPress WP Database Backup plugin to the latest available version at least 5.9...

4.8CVSS1.5AI score0.00419EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/08/08 12:0 a.m.16 views

WordPress Simply Schedule Appointments plugin <= 1.5.7.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability was discovered by Raad Haddad in the WordPress Simply Schedule Appointments plugin versions = 1.5.7.6. Solution Update the WordPress Simply Schedule Appointments plugin to the latest available version at least 1.5.7.7...

4.8CVSS1.4AI score0.00559EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/08 12:0 a.m.25 views

WordPress Simply Schedule Appointments plugin <= 1.5.7.6 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Raad Haddad in WordPress Simply Schedule Appointments plugin versions = 1.5.7.6. Solution Update the WordPress Simply Schedule Appointments plugin to the latest available version at least 1.5.7.7...

5.3CVSS2.1AI score0.01424EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/03 12:0 a.m.36 views

WordPress WPIDE – File Manager & Code Editor plugin <= 2.6 - Authenticated Local File Inclusion (LFI) vulnerability

Authenticated Local File Inclusion LFI vulnerability discovered by Raad Haddad in WordPress WPIDE – File Manager & Code Editor plugin versions = 2.6. Solution Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version at least 3.0...

7.2CVSS1.5AI score0.01145EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/08/01 12:0 a.m.20 views

WordPress WP phpMyAdmin plugin <= 5.2.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress WP phpMyAdmin plugin versions = 5.2.0.3. Solution Update the WordPress WP phpMyAdmin plugin to the latest available version at least 5.2.0.4...

4.8CVSS1.2AI score0.00642EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/26 12:0 a.m.18 views

WordPress WP Social Chat plugin <= 6.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress WP Social Chat plugin versions = 6.0.4. Solution Update the WordPress WP Social Chat plugin to the latest available version at least 6.0.5...

4.8CVSS2AI score0.00513EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/07/19 12:0 a.m.15 views

WordPress Easy Student Results plugin <= 2.2.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress Easy Student Results plugin versions = 2.2.8. Solution Deactivate and delete. This plugin has been closed as of July 11, 2022 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS1.7AI score0.0051EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/18 12:0 a.m.21 views

WordPress Thinkific Uploader plugin <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress Thinkific Uploader plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download. This closure is temporary, pending a fu...

4.8CVSS1AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/12 12:0 a.m.30 views

WordPress WSM Downloader plugin <= 1.4.0 - Domain Name Restriction Bypass vulnerability

Domain Name Restriction Bypass vulnerability discovered by Raad Haddad in WordPress WSM Downloader plugin versions = 1.4.0. Solution Deactivate and delete. This plugin has been closed as of July 8, 2022 and is not available for download. This closure is temporary, pending a full review...

7.5CVSS2.4AI score0.00953EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/07/12 12:0 a.m.21 views

WordPress User Private Files plugin <= 1.1.2 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Raad Haddad in WordPress User Private Files plugin versions = 1.1.2. Solution Update the WordPress User Private Files plugin to the latest available version at least 1.1.3...

8.8CVSS2.3AI score0.0078EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/11 12:0 a.m.19 views

WordPress Featured Image from URL plugin <= 3.9.9 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability

Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Raad Haddad in WordPress Featured Image from URL plugin versions = 3.9.9. Solution Update the WordPress Featured Image from URL plugin to the latest available version at least 4.0.0...

6.1CVSS3AI score0.00529EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/11 12:0 a.m.23 views

WordPress GiveWP plugin <= 2.21.2 - DoS via Cross-Site Request Forgery (CSRF) vulnerability

DoS via Cross-Site Request Forgery CSRF vulnerability discovered by Raad Haddad in WordPress GiveWP plugin versions = 2.21.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.3...

6.5CVSS2.8AI score0.00383EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/11 12:0 a.m.27 views

WordPress GiveWP plugin <= 2.21.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress GiveWP plugin versions = 2.21.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.3...

4.8CVSS1AI score0.00511EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/04 12:0 a.m.28 views

WordPress Unyson plugin <= 2.7.26 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress Unyson plugin versions = 2.7.26. Solution Update the WordPress to the latest available version at least 2.7.27...

7.2CVSS1.6AI score0.01448EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder