Lucene search
K
PatchstackMost viewed

46541 matches found

Patchstack
Patchstack
added 2015/06/17 12:0 a.m.1933 views

WordPress Stats Plugin <= 2.51 - Multiple Vulnerabilities

This plugin is prone to cross site scripting and cross site request forgery vulnerabilities. Solution Update the plugin...

2.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.1739 views

WordPress Velvet Theme - XSS

This WordPress theme is prone to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary script or HTML. Solution Update the theme...

3.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.1717 views

WordPress Weather Station Plugin <= 3.8.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software Weather Station Type Plugin Vulnerable versions = 3.8.12 Fixed in 3.8.13 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25478 Patch priority Low CVSS severity Low 4.3 Developer Jason Rouet PSID aa96ede98f40 Credits Mika Required privile...

8.8CVSS6.6AI score0.00309EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.1142 views

WordPress BookingPress plugin <= 1.0.10 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress BookingPress plugin versions = 1.0.10. Solution Update the WordPress BookingPress plugin to the latest available version at least 1.0.11...

9.8CVSS3.2AI score0.37171EPSS
Exploits11References3Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.867 views

WordPress Multi-day Booking Calendar Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Multi-day Booking Calendar Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51873 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1e4344dc5b6c Credits SOPROBRO Required privilege...

6.5CVSS6.5AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/06/16 12:0 a.m.854 views

WordPress Template Debugger Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Template Debugger Type Plugin Vulnerable versions = 3.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35773 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56b91763eae2 Credits Nguyen Xuan Chien...

8.8CVSS6.6AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/10/18 12:0 a.m.830 views

WordPress core <= 6.0.2 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability due to improper sanitization in WPDateQuery discovered by Michael Mazzolini in WordPress core versions = 6.0.2. Solution Update the WordPress WordPress wordpress to the latest available version at least 6.0.3...

2.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/07/18 12:0 a.m.668 views

WordPress Google Maps Anywhere plugin <= 1.2.6.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Google Maps Anywhere plugin versions = 1.2.6.3. Solution Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download...

4.8CVSS0.9AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.667 views

WordPress Music Theme - Full Path Disclosure

Because of this vulnerability, the attackers can obtain sensitive information via an invalid upload request. Solution Update the theme...

3.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/10/21 12:0 a.m.553 views

WordPress Core Tweaks WP Setup plugin <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Admin Account Creation / Admin Email Update via Cross-Site Request Forgery CSRF vulnerability discovered by Francesco Carlucci in WordPress Core Tweaks WP Setup plugin versions = 4.1. Solution Deactivate and delete. This plugin has been closed as of October 7, 2021 and is not available...

8.8CVSS2.8AI score0.00618EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2015/05/17 12:0 a.m.553 views

WordPress File Uploader Plugin - File Upload

This plugin is prone to PHP file upload vulnerability. Solution Update the plugin...

1.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.491 views

WordPress Basic Theme - File Upload Arbitrary Code Execution

A "themify-ajax.php" file upload arbitrary PHP code execution vulnerability was found in WordPress Basic theme. Solution Update the theme...

2.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/01 12:0 a.m.485 views

WordPress Kubio AI Page Builder Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Kubio AI Page Builder Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39661 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f99ae38011a Credits João Pedro S Alcântara Kinorth...

6.5CVSS6.6AI score0.00245EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2012/10/17 12:0 a.m.468 views

WordPress Slideshow Plugin - Multiple Cross Site Scripting Vulnerabilities

WordPress Slideshow plugin is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. In that way, an attacker can steal cookie-based authentication...

3.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/03/26 12:0 a.m.450 views

WordPress Download Manager Plugin <= 1.60 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that insert cross site scripting sequences. Solution Update the plugin...

6.8CVSS4.1AI score0.00954EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.420 views

WordPress Expose Theme - Cross Site Scripting

Because of this vulnerability, an attacker can inject arbitrary web script or HTML. Solution Update the theme...

1.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2012/08/25 12:0 a.m.414 views

WordPress Finder Plugin - Cross Site Scripting

WordPress Finder plugin's "order" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

3.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/03/31 12:0 a.m.412 views

WordPress External Links Plugin <= 1.80 - Multiple Cross Site Scripting

This vulnerability allows remote attackers to inject malicious script codes to the application-side of the vulnerable modules. Solution Update the plugin...

4.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.404 views

WordPress Source Theme - Cross Site Scripting

This WordPress theme is prone to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary script or HTML. Solution Update the theme...

3.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2018/09/09 12:0 a.m.393 views

WordPress File Manager plugin <= 2.9 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by ly55521 in WordPress File Manager plugin versions = 2.9. Solution Update the WordPress File Manager plugin to the latest available version at least 3.0...

5.4CVSS1.8AI score0.01383EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2015/06/22 12:0 a.m.331 views

WordPress Rename Plugin <= 1.0 - Absolute Path Traversal

Absolute path traversal vulnerability in mysqldumpdownload.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter. Solution Update the plugin...

5.3CVSS6.1AI score0.02851EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2022/06/20 12:0 a.m.317 views

WordPress WooCommerce plugin <= 6.5.1 - Authenticated Stored HTML Injection vulnerability

Authenticated Stored HTML Injection vulnerability discovered by Taurus Omar in WordPress WooCommerce plugin versions = 6.5.1. Solution Update the WordPress WooCommerce plugin to the latest available version at least 6.6.0...

4.8CVSS1.9AI score0.00559EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2021/10/05 12:0 a.m.310 views

WordPress TheCartPress plugin <= 1.5.3.6 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by spacehen in WordPress TheCartPress plugin versions = 1.5.3.6. Solution Deactivate and delete. This plugin has been closed as of October 5, 2021 and is not available for download. This closure is temporary, pending a full review...

3.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2012/09/07 12:0 a.m.291 views

WordPress Purity Theme - Multiple Cross Site Scripting Vulnerabilities

WordPress Purity theme is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities fail to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

2.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/01/22 12:0 a.m.283 views

WordPress Dark Mode plugin <=1.6 - Multiple stored Cross-Site Scripting (XSS) vulnerabilities

Multiple stored Cross-Site Scripting XSS vulnerabilities found by d4wner in WordPress Dark Mode plugin versions =1.6. XSS exists via the wp-admin/profile.php darkmodestart parameter and darkmodeend parameter. Solution Update the WordPress Dark Mode plugin to the latest available version at least...

2.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/09/05 1:39 p.m.278 views

WordPress Add to Feedly Plugin <= 1.2.11 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Add to Feedly versions = 1.2.11...

7.1CVSS6.5AI score0.00108EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/05/04 12:0 a.m.273 views

WordPress Disable Right Click For WP plugin <= 1.1.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress Disable Right Click For WP plugin versions = 1.1.6. Solution No patched version is available. No reply from the vendor...

8.8CVSS2.7AI score0.00401EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/08/16 12:0 a.m.263 views

WordPress RAYS Grid plugin <= 1.2.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress RAYS Grid plugin versions = 1.2.2. Solution Update the WordPress RAYS Grid plugin to the latest available version at least 1.2.3...

2.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/06/13 12:0 a.m.250 views

WordPress Elementor plugin <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated DOM-based Reflected Cross-Site Scripting XSS vulnerability discovered by Rotem Bar Patchstack Alliance in WordPress Elementor plugin versions = 3.5.5. Solution Update the WordPress Elementor plugin to the latest available version at least 3.5.6...

6.1CVSS3.2AI score0.2318EPSS
Exploits7References1Affected Software1
Patchstack
Patchstack
added 2021/10/25 12:0 a.m.238 views

WordPress Duplicate Post plugin <= 1.1.9 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by AppCheck in WordPress Duplicate Post plugin versions = 1.1.9. Solution Update the WordPress Duplicate Post plugin to the latest available version at least 1.2.0...

9CVSS2.9AI score0.09767EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2022/08/31 12:0 a.m.228 views

WordPress <= 6.0.1 - Authenticated SQL Injection (SQLi) vulnerability via Link API

Authenticated SQL Injection SQLi vulnerability via Link API discovered by FVD in WordPress core versions = 6.0.1. Solution Update the WordPress to the latest available version at least 6.0.2 or another patched version...

4.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/04/14 12:0 a.m.227 views

WordPress Electric Studio Client Login Plugin <= 0.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Electric Studio Client Login Type Plugin Vulnerable versions = 0.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27425 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e719915b675a Credits Padavishree...

5.9CVSS6AI score0.00369EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago218 views

WordPress Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.2.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin Recipe Maker For Your Food Blog from Zip Recipes versions = 8.2.7...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/15 12:0 a.m.216 views

WordPress WPForms Pro premium plugin <= 1.7.6 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Francesco Carlucci in WordPress WPForms Pro premium plugin versions = 1.7.6. Solution Update the WordPress WPForms Pro plugin to the latest available version at least 1.7.7...

9.8CVSS3.2AI score0.01318EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/06/13 6:38 a.m.206 views

WordPress Telegram for WP plugin <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan in WordPress Plugin Telegram for WP versions = 1.6.1...

4.4CVSS5.5AI score0.00199EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.203 views

WordPress Thanh Toán Quét Mã QR Code Tự Động Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Thanh Toán Quét Mã QR Code Tự Động Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8914 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 39d2756c43d9 Credits Frances...

7.2CVSS6AI score0.00322EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.202 views

WordPress core <= 5.8 - Data Exposure via REST API vulnerability

Data Exposure via REST API vulnerability discovered by Michael Adams in WordPress core versions = 5.8. Version update list: 5.8 updated to 5.8.1, 5.7.2 updated to 5.7.3, 5.7.1 updated to 5.7.3, 5.7 updated to 5.7.3, 5.6.4 updated to 5.6.5, 5.6.3 updated to 5.6.5, 5.6.2 updated to 5.6.5, 5.6.1...

5.3CVSS3.1AI score0.02053EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2021/11/25 12:0 a.m.199 views

WordPress < 5.8 - Plugin Confusion vulnerability

Plugin Confusion vulnerability discovered by Kamil Vavra in WordPress versions = 5.7.4. Solution Update WordPress to the latest available version at least 5.8 or other patched version...

9.8CVSS2.4AI score0.28983EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/01/06 12:0 a.m.195 views

WordPress <= 5.8.2 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Ngocnb and Khuyenn GiaoHangTietKiem JSC in WordPress versions = 5.8.2. Solution Update WordPress to the latest available version at least 5.8.3...

8CVSS3.1AI score0.97795EPSS
Exploits14References4Affected Software1
Patchstack
Patchstack
added 2020/03/13 12:0 a.m.194 views

WordPress File Upload plugin <= 4.12.2 - Directory Traversal vulnerability leading to Remote Code Execution (RCE)

Directory Traversal vulnerability leading to Remote Code Execution RCE discovered by p4w in WordPress File Upload plugin versions = 4.12.2. Solution Update the WordPress File Upload plugin to the latest available version at least 4.13.0...

9.8CVSS4.1AI score0.08584EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2019/12/11 12:0 a.m.189 views

WordPress Scoutnet Kalender plugin <= 1.1.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by Simon Moser in WordPress Scoutnet Kalender plugin versions = 1.1.0. Solution 11.12.2019 - we were unable to find a patched version of this plugin...

5.4CVSS1.9AI score0.01194EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/01/06 12:0 a.m.188 views

WordPress <= 5.8.2 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Ben Bidner in WordPress versions = 5.8.2. Solution Update WordPress to the latest available version at least 5.8.3...

8.8CVSS2.7AI score0.04013EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.183 views

WordPress core <= 5.8 - Command injection vulnerability in the Lodash library

Command injection vulnerability in the Lodash library in WordPress core versions = 5.8. Version update list: 5.8 updated to 5.8.1, 5.7.2 updated to 5.7.3, 5.7.1 updated to 5.7.3, 5.7 updated to 5.7.3, 5.6.4 updated to 5.6.5, 5.6.3 updated to 5.6.5, 5.6.2 updated to 5.6.5, 5.6.1 updated to 5.6.5,...

2.8AI score0.2241EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/23 12:0 a.m.169 views

WordPress Hummingbird plugin <= 3.3.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Hummingbird plugin versions = 3.3.1. Solution Update the WordPress Hummingbird plugin to the latest available version at least 3.3.2...

4.8CVSS1.1AI score0.0282EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2019/07/10 12:0 a.m.168 views

WordPress Yoast SEO plugin 1.2.0-11.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by Sybre Waaijer in WordPress Yoast SEO plugin versions 1.2.0-11.5. Solution Update the WordPress Yoast SEO plugin to the latest available version at least 11.6...

9.9CVSS2AI score0.03304EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2021/06/30 12:0 a.m.165 views

WordPress WP Offload SES Lite plugin <= 1.4.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ionut Morosan in WordPress WP Offload SES Lite plugin versions = 1.4.4. Solution Update the WordPress WP Offload SES Lite plugin to the latest available version at least 1.4.5...

5.4CVSS1.9AI score0.00681EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.162 views

WordPress Simple Cart plugin <= 1.0.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Simple Cart plugin versions = 1.0.1. Solution Update the WordPress Simple Cart plugin to the latest available version at least 1.0.2...

2.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/08/28 12:0 a.m.159 views

WordPress Folders Plugin <= 2.9.2 is vulnerable to Arbitrary File Upload

Software Folders Type Plugin Vulnerable versions = 2.9.2 Fixed in 2.9.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-40204 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID c5881308f6ec Credits Rafie Muhammad Patchstack Required privileg...

9.1CVSS6.8AI score0.00661EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/05/02 12:0 a.m.151 views

WordPress WP Contacts Manager plugin <= 2.2.4 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress WP Contacts Manager plugin versions = 2.2.4. Solution Deactivate and delete. This plugin has been closed as of April 20, 2022 and is not available for download. This closure is temporary, pending a full review...

9.8CVSS3.1AI score0.01568EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.151 views

WordPress AI Mojo – GPT-3 Playground for WordPress plugin < 0.2.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress AI Mojo – GPT-3 Playground for WordPress plugin versions 0.2.5. Solution Update the WordPress AI Mojo – GPT-3 Playground for WordPress plugin to the latest available version at least 0.2.5...

2.8AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities5000