CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

Patchstack•added 2022/11/23 12:0 a.m.•14 views

WordPress Countdown Widget plugin <= 3.1.9.1 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS discovered by Rasi Afeef Patchstack Alliance in the WordPress Countdown Widget plugin versions = 3.1.9.1. Solution Update the WordPress WordPress Countdown Widget plugin to the latest available version at least 3.1.9.3...

3.9AI score0.002EPSS

Exploits0Affected Software1

Patchstack•added 2022/10/31 12:0 a.m.•15 views

WordPress Mantenimiento web plugin <= 0.13 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Rasi Afeef Patchstack Alliance in the WordPress Mantenimiento web plugin versions = 0.13. Solution Update the WordPress Mantenimiento web plugin to the latest available version at least 0.14...

6.1CVSS2.9AI score0.00098EPSS

Exploits0Affected Software1

Patchstack•added 2022/10/29 12:0 a.m.•22 views

WordPress Forms by CaptainForm <= 2.5.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Account Disconnect discovered by Rasi Afeef Patchstack Alliance in WordPress Forms by CaptainForm versions = 2.5.3. Solution No patched version is available. No reply from the vendor...

3.5AI score0.00104EPSS

Exploits0Affected Software1

Patchstack•added 2022/09/27 12:0 a.m.•16 views

WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability

Unauthenticated Plugin Settings Change vulnerability discovered by Rasi Affef in WordPress TH Advance Product Search plugin versions = 1.1.4. Solution Update the WordPress TH Advance Product Search plugin to the latest available version at least 1.1.5...

2.8AI score0.00456EPSS

Exploits0Affected Software1

Patchstack•added 2022/09/22 12:0 a.m.•20 views

WordPress 3D Tag Cloud plugin <= 3.8 - Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Multiple Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Rasi Afeef in WordPress 3D Tag Cloud plugin versions = 3.8. Solution No patched version is available. No reply from the vendor...

6.1CVSS2.7AI score0.00098EPSS

Exploits0Affected Software1

Patchstack•added 2022/09/11 12:0 a.m.•20 views

WordPress RD Station plugin <= 5.2.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Rasi Afeef Patchstack Alliance in the WordPress RD Station plugin versions = 5.2.0. Solution Update the WordPress RD Station plugin to the latest available version at least 5.2.1...

8.8CVSS3.8AI score0.0012EPSS

Exploits0Affected Software1

Patchstack•added 2022/08/25 12:0 a.m.•17 views

WordPress wp-forecast plugin <= 7.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress wp-forecast plugin versions = 7.5. Solution Update the WordPress wp-forecast plugin to the latest available version at least 7.6...

4.8CVSS2.7AI score0.00322EPSS

Exploits0Affected Software1

Patchstack•added 2022/04/28 12:0 a.m.•22 views

WordPress Footer Text plugin <= 2.0.3 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability discovered by Rasi Afeef in WordPress Footer Text plugin versions = 2.0.3. Solution No patched version is available. No response from the vendor...

6.1CVSS2.2AI score0.00099EPSS

Exploits0References2Affected Software1

Patchstack•added 2021/09/23 12:0 a.m.•19 views

WordPress Ark-commenteditor plugin <= 2.15.6 - Iframe Injection via Comment vulnerability

Iframe Injection via Comment vulnerability discovered by Rasi Afeef in WordPress Ark-commenteditor plugin versions = 2.15.6. Solution Deactivate and delete. This plugin has been closed as of September 23, 2021 and is not available for download. Reason: Security Issue...

4.9AI score0.00222EPSS

Exploits1References3Affected Software1

Patchstack•added 2021/06/14 12:0 a.m.•18 views

WordPress WP SVG images plugin <= 3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via uploaded SVG file

Authenticated Stored Cross-Site Scripting XSS vulnerability via uploaded SVG file discovered by Rasi in WordPress WP SVG images plugin versions = 3.3. Solution Update the WordPress WP SVG images plugin to the latest available version at least 3.4...

5.4CVSS2.8AI score0.0018EPSS

Exploits2References3Affected Software1