Lucene search
K

36 matches found

Patchstack
Patchstack
added 2026/02/26 7:13 a.m.7 views

WordPress OVRI Payment plugin 1.7.0 - Malicious .htaccess directive vulnerability

Malicious .htaccess directive vulnerability discovered by Marco Wotschka - Wordfence in WordPress Plugin OVRI Payment versions 1.7.0...

6.5CVSS5.3AI score0.00307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/04 3:49 a.m.5 views

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Insecure Direct Object Reference vulnerability

Insecure Direct Object Reference vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...

5.4CVSS7AI score0.00309EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/04 3:24 a.m.5 views

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download vulnerability

Directory Traversal to Authenticated Subscriber+ Arbitrary File Download vulnerability discovered by Marco Wotschka in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.8...

8.8CVSS7AI score0.00957EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/04 12:0 a.m.14 views

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Arbitrary File Download

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-8104 Patch priority High CVSS severity High 7.7 Developer WP Extended PSID 9fb5e1b755dd Credits...

8.8CVSS9.3AI score0.00957EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/26 3:19 a.m.4 views

WordPress Favicon Generator plugin <= 1.5 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by Marco Wotschka in WordPress Plugin Favicon Generator versions = 1.5...

9.6CVSS7AI score0.00252EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/29 2:30 a.m.5 views

WordPress IgnitionDeck Crowdfunding Platform plugin <= 1.9.8 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Marco Wotschka in WordPress Plugin IgnitionDeck versions = 1.9.8...

5.4CVSS7AI score0.00377EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/02/28 12:0 a.m.13 views

WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0768 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

4.3CVSS6.6AI score0.00322EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/10/31 12:0 a.m.17 views

WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Sensitive Data Exposure

Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-4686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07af2f4a4fb5 Credits Marco Wotschka Required...

4.3CVSS6.5AI score0.00524EPSS
Exploits0References3Affected Software1
0day.today
0day.today
added 2023/10/26 12:0 a.m.391 views

WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion Vulnerabilities

Vulnerability Details and Technical Analysis The AI ChatBot plugin provides website owners with a plug and play chat solution that can be expanded upon with customizable FAQs and custom text responses. It provides website users with an interface that allows them to look up order information, leav...

9.8CVSS7.8AI score0.06888EPSS
Exploits4
Patchstack
Patchstack
added 2023/10/12 12:0 a.m.17 views

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to SQL Injection

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5204 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d9d43b0258cf Credits Marco Wotschka Required privilege Unauthenticated...

9.8CVSS6.7AI score0.06888EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2023/10/12 12:0 a.m.15 views

WordPress Email Subscribers & Newsletters Plugin <= 5.6.23 is vulnerable to Path Traversal

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.6.23 Fixed in 5.6.24 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5414 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID a55da7ad2e82 Credits Marco Wotschka Required privile...

9.1CVSS6.8AI score0.01031EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/10/12 12:0 a.m.20 views

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Path Traversal

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5241 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 066f9b5875d8 Credits Marco Wotschka Required privilege Subscriber Published ...

9.6CVSS6.7AI score0.02066EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/09/25 12:0 a.m.20 views

WordPress BEAR Plugin <= 1.1.3.3 is vulnerable to Broken Access Control

Software BEAR Type Plugin Vulnerable versions = 1.1.3.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4938 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 611080b0d2da Credits Marco Wotschka Required privilege...

4.3CVSS6.8AI score0.00431EPSS
Exploits0References6Affected Software1
0day.today
0day.today
added 2023/09/19 12:0 a.m.410 views

WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection Vulnerability

Vulnerability Summary from Wordfence Intelligence Description: Insecure Deserialization/PHP Object Injection via queries Affected Plugin: Essential Blocks, Essential Blocks Pro Plugin slug: essential-blocks, essential-blocks-pro Vendor: WPDeveloper Affected versions: = 4.2.0 Free and = 1.1.0 Pro...

9.8CVSS8.8AI score0.0134EPSS
Exploits3
Patchstack
Patchstack
added 2023/09/14 12:0 a.m.21 views

WordPress Essential Blocks Pro Plugin <= 1.1.0 is vulnerable to PHP Object Injection

Software Essential Blocks Pro Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4386 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID b459be820fbe Credits Marco Wotschka Required privilege...

8.1CVSS7.2AI score0.00768EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/09/14 12:0 a.m.20 views

WordPress Essential Blocks for Gutenberg Plugin <= 4.2.0 is vulnerable to PHP Object Injection

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4402 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 12450c59ad4b Credits Marco Wotschka Required...

9.8CVSS7.2AI score0.0134EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/09/14 12:0 a.m.30 views

WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)

Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4648 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 36513c06abe2 Credits Marco Wotschka...

4.8CVSS6AI score0.00303EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/08/09 12:0 a.m.20 views

WordPress Canto Plugin <= 3.0.4 is vulnerable to Remote File Inclusion

Software Canto Type Plugin Vulnerable versions = 3.0.4 Fixed in 3.0.5 OWASP Top 10 A1: Injection Classification Remote File Inclusion CVE CVE-2023-3452 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID aabfee448799 Credits Marco Wotschka Required privilege Unauthenticated...

9.8CVSS6.7AI score0.0562EPSS
Exploits7References3Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.9 views

WordPress Quick Post Duplicator Plugin <= 2.0 is vulnerable to SQL Injection

Software Quick Post Duplicator Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2229 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 82cd33300670 Credits Marco Wotschka Required privilege Contributor...

8.8CVSS6.8AI score0.00733EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.11 views

WordPress File Uploader Plugin < 4.19.2 is vulnerable to Path Traversal

Software File Uploader Type Plugin Vulnerable versions 4.19.2 Fixed in 4.19.2 OWASP Top 10 A5: Broken Access Control Classification Path Traversal CVE CVE-2023-2688 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID f1bb8a36ca00 Credits Marco Wotschka Required privilege...

4.9CVSS6.6AI score0.01736EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder