Lucene search
K
PatchstackMost viewed

46578 matches found

Patchstack
Patchstack
added 2022/03/07 12:0 a.m.34 views

WordPress SpeakOut! Email Petitions plugin <= 2.14.14 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress SpeakOut! Email Petitions plugin versions = 2.14.14. Solution Update the WordPress SpeakOut! Email Petitions plugin to the latest available version at least 2.14.15.1...

9.8CVSS2.9AI score0.08785EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/01 12:0 a.m.34 views

WordPress Mapping multiple URLs redirect same page plugin <= 5.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Mapping multiple URLs redirect same page plugin versions = 5.8. Solution Deactivate and delete. This plugin has been closed as of February 14, 2022 and is not available for download. This closure is temporary,...

6.1CVSS2AI score0.01713EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.34 views

WordPress URL Shortify plugin < 1.5.11 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress URL Shortify plugin versions 1.5.11. Solution Update the WordPress URL Shortify plugin to the latest available version at least 1.5.11...

2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.34 views

WordPress AP Pricing Tables Lite plugin <= 1.1.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress AP Pricing Tables Lite plugin versions = 1.1.4. Solution Update the WordPress AP Pricing Tables Lite plugin to the latest available version at least 1.1.5...

6.1CVSS2.4AI score0.00853EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/18 12:0 a.m.34 views

WordPress Header Footer Code Manager plugin <= 1.1.16 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall in WordPress Header Footer Code Manager plugin versions = 1.1.16. Solution Update the WordPress Header Footer Code Manager plugin to the latest available version at least 1.1.17...

6.1CVSS1.8AI score0.02389EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/17 12:0 a.m.34 views

WordPress UpdraftPlus plugin <= 1.22.1 - Arbitrary Backup Downloads vulnerability

Arbitrary Backup Downloads vulnerability discovered by Marc-Alexandre Montpas Automattic in WordPress UpdraftPlus plugin versions = 1.22.1. Solution Update the WordPress UpdraftPlus plugin to the latest available version at least 1.22.3...

6.5CVSS3.7AI score0.01979EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2022/02/16 12:0 a.m.34 views

WordPress Simple Ajax Chat plugin <= 20220115 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Philippe Dourassov Patchstack Alliance in WordPress Simple Ajax Chat plugin versions = 20220115. Solution Update the WordPress Simple Ajax Chat plugin to the latest available version at least 20220216...

6.1CVSS3AI score0.00692EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/16 12:0 a.m.34 views

WordPress Flexi – Guest Submit plugin <= 4.19 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Felipe Tapia Sasot in WordPress Flexi – Guest Submit plugin versions = 4.19. Solution Update the WordPress Flexi – Guest Submit plugin to the latest available version at least 4.20...

6.1CVSS2.7AI score0.00788EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/06 12:0 a.m.34 views

WordPress PublishPress Capabilities plugin <= 2.3 - Unauthenticated Settings Change vulnerability

Unauthenticated Settings Change vulnerability discovered by Krzysztof Zając in WordPress PublishPress Capabilities plugin versions = 2.3. Solution Update the WordPress PublishPress Capabilities plugin to the latest available version at least 2.3.1...

9.8CVSS2.3AI score0.06745EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/11 12:0 a.m.34 views

WordPress Asgaros Forum plugin <= 1.15.12 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by JrXnm in WordPress Asgaros Forum plugin versions = 1.15.12. Solution Update the WordPress Asgaros Forum plugin to the latest available version at least 1.15.13...

9.8CVSS3.3AI score0.13285EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2021/07/08 12:0 a.m.34 views

WordPress Meta Data and Taxonomies Filter (MDTF) plugin <= 1.2.7.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Ryoma Nishioka in WordPress Meta Data and Taxonomies Filter MDTF plugin versions = 1.2.7.2. Solution Update the WordPress Meta Data and Taxonomies Filter MDTF plugin to the latest available version at least 1.2.8...

8.8CVSS3.6AI score0.00849EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2021/06/14 12:0 a.m.34 views

WordPress Jannah premium theme <= 5.4.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Truoc Phan in WordPress Jannah premium theme versions = 5.4.4. Solution Update the WordPress Jannah premium theme to the latest available version at least 5.4.5...

6.1CVSS1.7AI score0.02697EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/04/29 12:0 a.m.34 views

WordPress LearnPress plugin <= 3.2.6.7 - Authenticated Time Based Blind SQL Injection (SQLi) vulnerability

Authenticated Time Based Blind SQL Injection SQLi vulnerability discovered in WordPress LearnPress plugin versions = 3.2.6.7. Solution Update the WordPress LearnPress plugin to the latest available version at least 3.2.6.8...

8.8CVSS2.8AI score0.49231EPSS
Exploits6References3Affected Software1
Patchstack
Patchstack
added 2020/03/24 12:0 a.m.34 views

WordPress Post PDF Export plugin <= 1.0.1 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability discovered by Random Robbie in WordPress Post PDF Export plugin versions = 1.0.1. Solution Plugin closed. Deactivate and delete...

6.8CVSS2.4AI score0.39374EPSS
Exploits6References2Affected Software1
Patchstack
Patchstack
added 2017/11/29 12:0 a.m.34 views

WordPress 4.3.0-4.9 - HTML Language Attribute Escaping

WordPress does not properly escape the lang attribute of an HTML element in In wp-includes/general-template.php, which might allow an attacker to exploit XSS via the language setting of a site. Solution Update WordPress to v4.9.1...

5.4CVSS2AI score0.02376EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2017/10/03 12:0 a.m.34 views

WordPress Content Timeline plugin <=4.4.2 - Multiple Blind SQL Injection vulnerabilities

Multiple Blind SQL Injection vulnerabilities found by Jeroen ITNerdbox in premium WordPress plugin - Content Timeline =4.4.2 . It is possible to execute arbitrary SQL commands via the id parameter contenttimelineclass.php, contenttimelineedit.php, contenttimelineindex.php. Solution We were unable...

9.8CVSS2.2AI score0.05248EPSS
Exploits4Affected Software1
Patchstack
Patchstack
added 2015/10/27 12:0 a.m.34 views

WordPress Meta Slider Plugin <= 2.1.6 - Full Path Disclosure

This plugin is prone to a full path disclosure vulnerability. Solution Update the plugin...

1.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/10/05 12:0 a.m.34 views

WordPress ResAds Plugin <= 1.0.1 - Cross Site Scripting

This WordPress plugin is prone to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary script or HTML. Solution Update the plugin...

6.1CVSS3.7AI score0.01504EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2015/01/27 12:0 a.m.34 views

WordPress Blubrry PowerPress Podcasting Plugin <= 6.0.0 - XSS

This vulnerability allows an attacker to inject arbitrary web script or HTML via the "cat" parameter in the powerpressadmincategoryfeeds.php page to wp-admin/admin.php. Solution Upgrade the plugin...

4.3CVSS1.8AI score0.02237EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2014/11/10 12:0 a.m.34 views

WordPress W3 Total Cache Plugin <= 0.9.4 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments. Solution Update the plugin...

4.3CVSS3AI score0.02055EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2014/02/07 12:0 a.m.34 views

WordPress VideoWhisper Live Streaming Integration Plugin <= 4.29.4 - Multiple Vulnerabilities

The error-handling feature in ls/rtmp.inc.php, videowhisperstreaming.php or bp.php allows the attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. Solution Update the plugin...

5CVSS5.8AI score0.07195EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
added 2012/06/08 12:0 a.m.34 views

WordPress WPStoreCart Plugin 2.5.27 - 2.5.29 - Arbitrary File Upload

WPStoreCart plugin is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possible. Solutio...

10CVSS1.9AI score0.18425EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2009/10/15 12:0 a.m.34 views

WordPress WP Forum Server Plugin <= 2.3 - Multiple SQL Injection

Because of these vulnerabilities, the attackers can execute arbitrary SQL commands. Solution Update the plugin...

7.5CVSS5.4AI score0.02626EPSS
Exploits9References1Affected Software1
Patchstack
Patchstack
added 2009/07/10 12:0 a.m.34 views

WordPress - Privileges Unchecked in admin.php and Multiple Information

This WordPress vulnerability was found in the way that WordPress handles some URL requests. It results the content of plugins configuration pages in some plugins modifying plugin options, unprivileged users viewing and injecting JavaScript code. The code is abitrary and it may be run by a malicio...

4.9CVSS1.6AI score0.06259EPSS
Exploits8References1Affected Software1
Patchstack
Patchstack
added 5 days ago33 views

WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Vimalatithyan S. Technieum in WordPress Plugin Email Marketing for WooCommerce by Omnisend versions = 1.19.0...

5.4CVSS5.8AI score0.00275EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/13 6:41 a.m.33 views

WordPress REST API | Custom API Generator For Cross Platform And Import Export In WP plugin <= 2.0.3 - Missing Authorization to Unauthenticated Privilege Escalation via process_handler Function vulnerability

Missing Authorization to Unauthenticated Privilege Escalation via processhandler Function vulnerability discovered by kr0d in WordPress Plugin REST API | Custom API Generator For Cross Platform And Import Export In WP versions = 2.0.3...

9.8CVSS6.7AI score0.00532EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/11/25 12:0 a.m.33 views

WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.15 is vulnerable to Cross Site Scripting (XSS)

Software Booking calendar, Appointment Booking System Type Plugin Vulnerable versions = 3.2.15 Fixed in 3.2.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9504 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

7.2CVSS5.6AI score0.0046EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/18 12:0 a.m.33 views

WordPress Extensions for Elementor Plugin <= 2.0.40 is vulnerable to Cross Site Scripting (XSS)

Software Extensions for Elementor Type Plugin Vulnerable versions = 2.0.40 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52471 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 37895dfd43f1 Credits Le Ngoc Anh Required...

7.1CVSS6.9AI score0.00265EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.33 views

WordPress Download Monitor Plugin <= 5.0.12 is vulnerable to Broken Access Control

Software Download Monitor Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10092 Patch priority Low CVSS severity Low 5.4 Developer WPChill PSID 47be9fcd45fd Credits Trương Hữu Phúc truonghuuphuc...

4.3CVSS6.5AI score0.0044EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/06 12:0 a.m.33 views

WordPress WPBakery Page Builder Plugin <= 7.7 is vulnerable to Cross Site Scripting (XSS)

Software WPBakery Page Builder Type Plugin Vulnerable versions = 7.7 Fixed in 7.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5708 Patch priority Low CVSS severity Low 5.9 Developer WPBakery PSID 535392115bbf Credits João Pedro Soares de Alcântar...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/27 12:0 a.m.33 views

WordPress Networker Theme <= 1.1.9 is vulnerable to Broken Access Control

Software Networker Type Theme Vulnerable versions = 1.1.9 Fixed in 1.1.10 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2962 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c70a9d136cac Credits Muhammad Zeeshan Xib3rR4dAr Required...

5.3CVSS6.6AI score0.00504EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/01/29 12:0 a.m.33 views

WordPress (Simply) Guest Author Name Plugin <= 4.34 is vulnerable to Cross Site Scripting (XSS)

Software Simply Guest Author Name Type Plugin Vulnerable versions = 4.34 Fixed in 4.35 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0254 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cc1614290005 Credits Francesco Carlucc...

6.4CVSS5.7AI score0.00513EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/10/03 12:0 a.m.33 views

WordPress OPcache Dashboard Plugin <= 0.3.1 is vulnerable to Cross Site Scripting (XSS)

Software OPcache Dashboard Type Plugin Vulnerable versions = 0.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45064 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 88a7f0a12d7e Credits LEE SE HYOUNG...

7.1CVSS5.6AI score0.00331EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/11/23 12:0 a.m.33 views

WordPress Defender Security plugin <= 3.3.2 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Calvin Alkan in the WordPress Defender Security plugin versions = 3.3.2. Solution Update the WordPress Defender Security plugin to the latest available version at least 3.3.3...

2.4AI score0.00679EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/10 12:0 a.m.33 views

WordPress Clerk plugin <= 3.8.2 - Auth. Bypass and API Keys Disclosure vulnerability

Auth. Bypass and API Keys Disclosure vulnerability discovered by Francesco Carlucci in the WordPress Clerk plugin versions = 3.8.2. Solution Update the WordPress Clerk plugin to the latest available version at least 4.0...

3.3AI score0.00881EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/03 12:0 a.m.33 views

WordPress WP ALL Export Pro premium plugin <= 1.7.8 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Sanjay Das in WordPress WP ALL Export Pro premium plugin versions = 1.7.8. Solution Update the WordPress WP ALL Export Pro plugin to the latest available version at least 1.7.9...

8.8CVSS2.4AI score0.00945EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/26 12:0 a.m.33 views

WordPress miniOrange Discord Integration plugin <= 2.1.5 - Authenticated App Disabling vulnerability

Authenticated App Disabling vulnerability discovered by Lana Codes in WordPress miniOrange Discord Integration plugin versions = 2.1.5. Solution Update the WordPress miniOrange Discord Integration plugin to the latest available version at least 2.1.6...

6.5CVSS3.1AI score0.00411EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/09 12:0 a.m.33 views

WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Edit/Upload vulnerability

Authenticated Arbitrary File Edit/Upload vulnerability discovered by Vlad Vector Patchstack in WordPress WPide plugin versions = 2.6. Solution Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version at least 3.0...

7.2CVSS3.3AI score0.00854EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/06/28 12:0 a.m.33 views

WordPress Request a Quote plugin <= 2.3.7 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Benachi in WordPress Request a Quote plugin versions = 2.3.7. Solution Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for download. This closure is temporary, pending a full review...

8.8CVSS3.8AI score0.01184EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/01 12:0 a.m.33 views

WordPress Easy SVG Support plugin <= 3.2.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via SVG

Authenticated Stored Cross-Site Scripting XSS vulnerability via SVG discovered by Luan Pedersini in WordPress Easy SVG Support plugin versions = 3.2.0. Solution Update the WordPress Easy SVG Support plugin to the latest available version at least 3.3.0...

5.4CVSS2.9AI score0.00558EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2022/05/23 12:0 a.m.33 views

WordPress Genki Pre-Publish Reminder plugin <= 1.4.1 - Stored XSS and RCE via CSRF vulnerability

Stored XSS and RCE via CSRF vulnerability discovered by Daniel Ruf in WordPress Genki Pre-Publish Reminder plugin versions = 1.4.1. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure is temporary, pending a full review...

8.8CVSS4.1AI score0.00597EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.33 views

WordPress Jupiter premium theme <= 6.10.1 - Insufficient Access Control leading to Authenticated Arbitrary Plugin Deletion

Insufficient Access Control leading to Authenticated Arbitrary Plugin Deletion discovered by Ramuel Gall Wordfence in WordPress Jupiter premium theme versions = 6.10.1. Solution Update the WordPress Jupiter premium theme to the latest available version at least 6.10.2...

5.5CVSS3.4AI score0.00697EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/04/11 12:0 a.m.33 views

WordPress Responsive Tabs plugin <= 4.0.5 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability was discovered by Ngo Van Thien Patchstack Alliance in WordPress Responsive Tabs plugin versions = 4.0.5. Solution No patched version is available...

4.8CVSS2.7AI score0.00576EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2022/04/11 12:0 a.m.33 views

WordPress Visual Form Builder plugin <= 3.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Entries Deletion/Restoration

Cross-Site Request Forgery CSRF vulnerability leading to Entries Deletion/Restoration discovered by Vishnupriya Ilango in WordPress Visual Form Builder plugin versions = 3.0.7. Solution Update the WordPress Visual Form Builder plugin to the latest available version at least 3.0.8...

8.1CVSS3.1AI score0.00453EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/04/04 12:0 a.m.33 views

WordPress Mycred plugin <= 2.4.4 - User E-mail Addresses Disclosure vulnerability

User E-mail Addresses Disclosure vulnerability discovered by Krzysztof Zając in WordPress Mycred plugin versions = 2.4.4. Solution Update the WordPress Mycred plugin to the latest available version at least 2.4.4.1...

4.3CVSS2.5AI score0.00752EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/03/29 12:0 a.m.33 views

WordPress English WordPress Admin plugin <= 1.5.1 - Unauthenticated Open Redirect vulnerability

Unauthenticated Open Redirect vulnerability discovered by Krzysztof Zając in WordPress English WordPress Admin plugin versions = 1.5.1. Solution Update the WordPress English WordPress Admin plugin to the latest available version at least 1.5.2...

6.1CVSS3AI score0.01873EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/16 12:0 a.m.33 views

WordPress Responsive Menu plugin <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability

Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability discovered by Dave Jong Patchstack in WordPress Responsive Menu plugin versions = 4.1.7. Solution Update the WordPress Responsive Menu plugin to the latest available version at least 4.1.8...

8.8CVSS3AI score0.01262EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2022/03/15 12:0 a.m.33 views

WordPress Super Socializer plugin <= 7.13.29 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Super Socializer plugin versions = 7.13.29. Solution Update the WordPress Super Socializer plugin to the latest available version at least 7.13.30...

6.1CVSS2.7AI score0.01938EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/03/14 12:0 a.m.33 views

WordPress Library File Manager plugin <= 5.2.2 - Arbitrary File Creation/Upload/Deletion vulnerability

Arbitrary File Creation/Upload/Deletion vulnerability discovered by Luan Pedersni in WordPress Library File Manager plugin versions = 5.2.2. Solution Update the WordPress Library File Manager plugin to the latest available version at least 5.2.3...

8.1CVSS3.4AI score0.69934EPSS
Exploits6References4Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.33 views

WordPress Tranzly: Automatic Translation plugin <= 1.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Tranzly: Automatic Translation plugin versions = 1.0.2. Solution Update the WordPress Tranzly: Automatic Translation plugin to the latest available version at least 1.1.0...

4.6AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities5000