Lucene search
K

29 matches found

Patchstack
Patchstack
added 2023/08/31 12:0 a.m.9 views

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-0689 Patch priority Low CVSS severity Low 4.3 Developer Wpmet PSID 4be7cb75c51f Credits Ramuel Gall...

4.3CVSS6.5AI score0.0046EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/06/12 12:0 a.m.16 views

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0691 Patch priority Medium CVSS severity Medium 4.3 Developer Wpmet PSID 747e7584ba0a Credits Ramuel...

4.3CVSS6.8AI score0.00603EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/06/12 12:0 a.m.11 views

WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0708 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID d2490fc4db6a Credits Ramuel Gall...

5.4CVSS5.7AI score0.0058EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/06/07 12:0 a.m.22 views

WordPress Getwid – Gutenberg Blocks Plugin <= 1.8.3 is vulnerable to Server Side Request Forgery (SSRF)

Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-1895 Patch priority Medium CVSS severity Medium 5 Developer Claim ownership PSID 688f43f1f9c1 Credits Ramuel Gall...

9.6CVSS6.8AI score0.00606EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/10 12:0 a.m.13 views

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Cross Site Scripting (XSS)

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4710 Patch priority High CVSS severity High 6.1 Developer WProyal PSID 88dfeeb21d4c Credits Ramuel Gall Required...

6.1CVSS5.9AI score0.00728EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/01/10 12:0 a.m.22 views

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4700 Patch priority Medium CVSS severity Medium 5.4 Developer WProyal PSID 423004fa0a2f Credits Ramuel Gall Required...

8.8CVSS6.8AI score0.00818EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/01/10 12:0 a.m.13 views

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Cross Site Request Forgery (CSRF)

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4707 Patch priority Low CVSS severity Low 4.3 Developer WProyal PSID d1eebd7ac349 Credits Ramuel Gall Require...

6.5CVSS7AI score0.00348EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.32 views

WordPress Jupiter premium theme <= 6.10.1 - Insufficient Access Control leading to Authenticated Arbitrary Plugin Deletion

Insufficient Access Control leading to Authenticated Arbitrary Plugin Deletion discovered by Ramuel Gall Wordfence in WordPress Jupiter premium theme versions = 6.10.1. Solution Update the WordPress Jupiter premium theme to the latest available version at least 6.10.2...

5.5CVSS3.4AI score0.00697EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.24 views

WordPress Jupiter premium theme <= 6.10.1 - Authenticated Privilege Escalation and Post deletion vulnerability

Authenticated Privilege Escalation and Post deletion vulnerability discovered by Ramuel Gall Wordfence in WordPress Jupiter premium theme versions = 6.10.1. Solution Update the WordPress Jupiter premium theme to the latest available version at least 6.10.2...

9CVSS3.6AI score0.01498EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.18 views

WordPress Jupiter premium theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion (LFI) vulnerability

Authenticated Path Traversal and Local File Inclusion LFI vulnerability discovered by Ramuel Gall Wordfence in WordPress Jupiter premium theme versions = 6.10.1. Solution Update the WordPress Jupiter premium theme to the latest available version at least 6.10.2...

8.8CVSS2.4AI score0.01624EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.18 views

WordPress JupiterX Core premium plugin <= 2.0.6 - Insufficient Access Control leading to Authenticated Arbitrary Plugin Deactivation and Settings Modification

Insufficient Access Control leading to Authenticated Arbitrary Plugin Deactivation and Settings Modification discovered by Ramuel Gall Wordfence in WordPress JupiterX Core premium plugin versions = 2.0.6. Solution Update the WordPress JupiterX Core premium plugin to the latest available version a...

5.5CVSS4.5AI score0.00513EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.26 views

WordPress JupiterX Core premium plugin <= 2.0.6 - Information Disclosure, Modification, and Denial of Service (DoS) vulnerabilities

Information Disclosure, Modification, and Denial of Service DoS vulnerabilities were discovered by Ramuel Gall Wordfence in the WordPress JupiterX Core premium plugin versions = 2.0.6. Solution Update the WordPress JupiterX Core premium plugin to the latest available version at least 2.0.7...

7.5CVSS3.1AI score0.00819EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.23 views

WordPress JupiterX premium theme <= 2.0.6 - Authenticated Path Traversal and Local File Inclusion (LFI) vulnerability

Authenticated Path Traversal and Local File Inclusion LFI vulnerability discovered by Ramuel Gall WordFence in WordPress JupiterX premium theme versions = 2.0.6. Solution Update the WordPress JupiterX premium theme to the latest available version at least 2.0.7...

8.8CVSS2.5AI score0.01624EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/04/27 12:0 a.m.35 views

WordPress Booking Calendar plugin <= 9.1 - Insecure Deserialization/PHP Object Injection vulnerability

Insecure Deserialization/PHP Object Injection vulnerability discovered by Ramuel Gall Wordfence in WordPress Booking Calendar plugin versions = 9.1. Solution Update the WordPress Booking Calendar plugin to the latest available version at least 9.1.1...

8.8CVSS2.6AI score0.01674EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/13 12:0 a.m.86 views

WordPress Elementor Website Builder plugin <= 3.6.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Ramuel Gall Wordfence in WordPress Elementor Website Builder plugin versions = 3.6.2. Solution Update the WordPress Elementor Website Builder plugin to the latest available version at least 3.6.3...

8.8CVSS2.9AI score0.92943EPSS
Exploits10References4Affected Software1
Patchstack
Patchstack
added 2021/11/11 12:0 a.m.17 views

WordPress Starter Templates plugin <= 2.7.0 - Authenticated Block Import leading to Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Block Import leading to Stored Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall in WordPress Starter Templates plugin versions = 2.7.0. Solution Update the WordPress Starter Templates plugin to the latest available version at least 2.7.1...

7.6CVSS1.8AI score0.00585EPSS
Exploits1References3Affected Software1
Wordfence Blog
Wordfence Blog
added 2021/11/02 2:4 p.m.15 views

Vulnerability in WP DSGVO Tools (GDPR) Plugin Allows Unauthenticated Page Deletion

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 27, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for a vulnerability we found in WP DSGVO Tools GDPR, a...

6.4CVSS8.8AI score0.0393EPSS
Exploits1
Patchstack
Patchstack
added 2021/11/02 12:0 a.m.15 views

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.22 - Unauthenticated Arbitrary Post Deletion vulnerability

Unauthenticated Arbitrary Post Deletion vulnerability discovered by Ramuel Gall WordFence in WordPress WP DSGVO Tools GDPR plugin versions = 3.1.22. Solution Update the WordPress WP DSGVO Tools GDPR plugin to the latest available version at least 3.1.24...

9.1CVSS2.1AI score0.0393EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/10/28 12:0 a.m.17 views

WordPress NextScripts: Social Networks Auto-Poster plugin <= 4.3.20 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall WordFence in WordPress NextScripts: Social Networks Auto-Poster plugin versions = 4.3.20. Solution Update the WordPress NextScripts: Social Networks Auto-Poster plugin to the latest available version at least 4.3.21...

2.5AI score0.00845EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2021/10/26 12:0 a.m.16 views

WordPress HashThemes Demo Importer plugin <= 1.1.1 - Improper Access Control allowing content deletion vulnerability

Improper Access Control allowing content deletion vulnerability discovered by Ramuel Gall WordFence in WordPress HashThemes Demo Importer plugin versions = 1.1.1. Solution Update the WordPress HashThemes Demo Importer plugin to the latest available version at least 1.1.2...

2.1AI score0.01016EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder