Lucene search
K
PatchstackRecent

46521 matches found

Patchstack
Patchstack
added yesterday7 views

WordPress Ajax Load More - Filters plugin <= 3.4.1 - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability

WordPress Ajax Load More - Filters plugin = 3.4.1 - Filters = 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by jonathan dunn in WordPress Plugin Ajax Load More - Filters versions = 3.4.1...

7.2CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday8 views

WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting vulnerability

Authenticated Custom+ Stored Cross-Site Scripting vulnerability discovered by hackthesoul - TossBank in WordPress Plugin Dokan versions = 5.0.4...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday32 views

WordPress Frisbii Pay plugin <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Payment Token Modification vulnerability discovered by momopon1415 in WordPress Plugin Frisbii Pay versions = 1.8.9...

6.5CVSS5.8AI score0.00276EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress MaxButtons – Create buttons plugin <= 9.8.5 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin MaxButtons versions = 9.8.5...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress EventON (Pro) - WordPress Virtual Event Calendar Plugin plugin <= 5.0.11 - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection vulnerability

WordPress EventON Pro - WordPress Virtual Event Calendar Plugin plugin = 5.0.11 - WordPress Virtual Event Calendar Plugin = 5.0.11 - Unauthenticated Blind SQL Injection vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin EventON versions = 5.0.11...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday8 views

WordPress Export User Data plugin <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion vulnerability

Authenticated Subscriber+ PHP Object Injection to Arbitrary File Deletion vulnerability discovered by Webbernaut in WordPress Plugin Export User Data versions = 2.2.6...

8CVSS5.8AI score0.00341EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday7 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.9.5 - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability

User Profiles, Groups and Communities plugin = 5.9.9.5 - User Profiles, Groups and Communities = 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability discovered by Ivan Kuzymchak - Wordfence in WordPress Plugin ProfileGrid versions = 5.9.9.5...

9.8CVSS5.8AI score0.0031EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday3 views

WordPress Frontend File Manager plugin plugin <= 23.6 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by sorawautsukushiii in WordPress Plugin Frontend File Manager versions = 23.6...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress Editorial Rating – Product Review & Rating System plugin <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin Editorial Rating – Product Review & Rating System versions = 4.0.5...

4.4CVSS5.8AI score0.0024EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress Premium Addons for KingComposer plugin <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Premium Addons for KingComposer versions = 1.1.1...

5.3CVSS5.8AI score0.00239EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago4 views

WordPress PixMagix – WordPress Image Editor plugin <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' Parameter vulnerability

Authenticated Author+ Path Traversal in 'layers.id' Parameter vulnerability discovered by devploit in WordPress Plugin PixMagix WordPress Image Editor versions = 1.7.2...

6.5CVSS5.8AI score0.00541EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress Plugin for Google Analytics by IO technologies plugin <= 1.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Plugin for Google Analytics by IO technologies versions = 1.1...

4.3CVSS5.8AI score0.00102EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress Team Members – Multi Language Supported Team Plugin plugin <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by AveronSec - Averon Security in WordPress Plugin Team Member versions = 8.7...

4.4CVSS5.8AI score0.00212EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago6 views

WordPress Werkstatt theme <= 4.7.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Werkstatt versions = 4.7.2...

5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2 days ago6 views

WordPress Werkstatt theme <= 4.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Werkstatt versions = 4.7.2...

5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress Martfury - WooCommerce Marketplace WordPress theme theme <= 3.2.8 - Broken Access Control vulnerability

WordPress Martfury - WooCommerce Marketplace WordPress theme theme = 3.2.8 - Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Martfury - WooCommerce Marketplace WordPress Theme versions = 3.2.8...

5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress TheFox theme <= 3.9.70 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme TheFox versions = 3.9.70...

5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2 days ago4 views

WordPress Custom Field Template plugin <= 2.7.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Custom Field Template versions = 2.7.8...

5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2 days ago7 views

WordPress Woffice theme <= 5.4.31 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Woffice versions = 5.4.31...

5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2 days ago6 views

WordPress Simple User Avatar plugin <= 4.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Simple User Avatar versions = 4.9...

4.3CVSS5.8AI score0.00183EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2 days ago4 views

WordPress Embed Privacy plugin <= 1.12.3 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin Embed Privacy versions = 1.12.3...

7.1CVSS5.8AI score0.00265EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago4 views

WordPress RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass vulnerability

Authenticated Subscriber+ Authentication Bypass vulnerability discovered by Rafael Gunawan kokon in WordPress Plugin RegistrationMagic versions = 6.0.8.6...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago5 views

WordPress Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation vulnerability

Missing Authorization to Unauthenticated Payment Record Manipulation vulnerability discovered by Netwurm - VTDR e.V.i.G. in WordPress Plugin WP Full Stripe Free versions = 8.4.3...

5.3CVSS5.8AI score0.00323EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 5 days ago4 views

WordPress Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Modification vulnerability discovered by Weerawat Pawanawiwat ErbaZZ - Reconix Co., Ltd. in WordPress Plugin Quiz And Survey Master versions = 11.1.4...

4.3CVSS5.8AI score0.00272EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago4 views

WordPress Product Specifications for Woocommerce plugin <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Attribute/Group Creation, Modification, and Deletion vulnerability discovered by dyingman in WordPress Plugin Product Specifications for Woocommerce versions = 0.8.9...

4.3CVSS5.8AI score0.00213EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago3 views

WordPress Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin <= 2.2.1 - Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement Modification vulnerability

Missing Authorization to Authenticated Student+ Arbitrary Course Announcement Modification vulnerability discovered by ilinor in WordPress Plugin Masteriyo - LMS versions = 2.2.1...

4.3CVSS5.8AI score0.0015EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago4 views

WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Information Disclosure vulnerability discovered by 0xHerc - IntegSec in WordPress Plugin Dokan versions = 5.0.4...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago5 views

WordPress Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Gutenverse versions = 3.8.0...

4.4CVSS5.8AI score0.00246EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago3 views

WordPress Surbma | Infusionsoft Shortcode plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Surbma | Infusionsoft Shortcode versions = 2.0.1...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago4 views

WordPress Spexo theme <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Plugin Activation vulnerability discovered by adhikara13 in WordPress Theme Spexo versions = 2.0.11...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago3 views

WordPress Page Builder by SiteOrigin plugin <= 2.34.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by lhking in WordPress Plugin Page Builder by SiteOrigin versions = 2.34.3...

6.4CVSS5.8AI score0.00241EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago3 views

WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by valent1 in WordPress Plugin NEX-Forms versions = 9.2.2...

5.3CVSS5.8AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago5 views

WordPress Restaurant Menu by MotoPress plugin <= 2.4.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Restaurant Menu by MotoPress versions = 2.4.11...

4.3CVSS5.8AI score0.00243EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago5 views

WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Image Carousel versions = 1.0.0.41...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago5 views

WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BNE Testimonials versions = 2.0.8...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago4 views

WordPress Donation Thermometer plugin <= 2.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Donation Thermometer versions = 2.2.7...

5.3CVSS5.8AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago6 views

WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability

Content Injection vulnerability discovered by Bonds in WordPress Plugin Auros Core versions = 5.3.1...

5.3CVSS5.8AI score0.0024EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago5 views

WordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Bonds in WordPress Plugin Eagle Booking versions = 1.3.4.3...

8.8CVSS5.8AI score0.00143EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago5 views

WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Forget About Shortcode Buttons versions = 2.1.3...

5.4CVSS5.8AI score0.00209EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago4 views

WordPress Live Copy Paste for Elementor plugin <= 1.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Live Copy Paste for Elementor versions = 1.5.3...

4.3CVSS5.8AI score0.00197EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago5 views

WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Goya Core versions 1.0.9.4...

7.5CVSS5.8AI score0.0032EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago5 views

WordPress Splash - Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4.4.3 - Local File Inclusion vulnerability

WordPress Splash - Sport Club WordPress theme for Basketball, Football, Hockey theme = 4.4.3 - Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Splash - Sport Club WordPress Theme for Basketball, Football, Hockey versions = 4.4.3...

7.5CVSS5.8AI score0.0032EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago5 views

WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Phat RiO in WordPress Plugin BookPro versions = 1.1.0...

5.3CVSS5.8AI score0.00228EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago7 views

WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Baikuya in WordPress Plugin Groundhogg versions = 4.5...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago7 views

WordPress GravityView plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Austin Ginder in WordPress Plugin GravityView versions = 3.0.0...

5.3CVSS5.8AI score0.00187EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago9 views

WordPress Contest Gallery plugin <= 30.0.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Contest Gallery versions = 30.0.0...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago4 views

WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.1.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin Bopo – WooCommerce Product Bundle Builder versions = 1.1.6...

4.3CVSS5.8AI score0.00176EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago202 views

WordPress Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.2.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin Recipe Maker For Your Food Blog from Zip Recipes versions = 8.2.7...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago6 views

WordPress WPComplete plugin <= 2.9.5.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Md. Minaruzzaman Shovon in WordPress Plugin WPComplete versions = 2.9.5.5...

5.4CVSS5.8AI score0.00223EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago7 views

WordPress Booking and Rental Manager plugin <= 2.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Averon Averenkov in WordPress Plugin Booking and Rental Manager versions = 2.7.1...

5.3CVSS5.8AI score0.00176EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46521