Lucene search
K
PatchstackMost viewed

46578 matches found

Patchstack
Patchstack
•added 2022/02/28 12:0 a.m.•33 views

WordPress Locations and Areas – Leaflet Map with Region Tabs plugin <= 1.7.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Locations and Areas – Leaflet Map with Region Tabs plugin versions = 1.7.0. Solution Update the WordPress Locations and Areas – Leaflet Map with Region Tabs plugin to the latest available version at least 1.7.1...

2.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/02/28 12:0 a.m.•33 views

WordPress Tarot Card Oracle plugin <= 1.0.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Tarot Card Oracle plugin versions = 1.0.5. Solution Update the WordPress Tarot Card Oracle plugin to the latest available version at least 1.0.6...

2.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/02/17 12:0 a.m.•33 views

WordPress WP Statistics plugin <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability via 'IP' discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress WP Statistics plugin versions = 13.1.5. Solution Update the WordPress WP Statistics plugin to the latest available version at least 13.1.6...

7.2CVSS2.6AI score0.81157EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2022/02/13 12:0 a.m.•33 views

WordPress Spider Event Calendar plugin <= 1.5.65 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Spider Event Calendar plugin versions = 1.5.65 by Krzysztof ZajÄ…c. Solution This plugin has been closed as of January 13, 2022 and is not available for download. This closure is permanent. Deactivate the plugin and delete it...

6.1CVSS2.5AI score0.02291EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
•added 2022/01/27 12:0 a.m.•33 views

WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason: Guideline...

9.8CVSS3.6AI score0.01074EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/12/30 12:0 a.m.•33 views

WordPress Custom Dashboard & Login Page – AGCA plugin <= 6.9.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by 0ppr2s in WordPress Custom Dashboard & Login Page – AGCA plugin versions = 6.9.5. Solution Update the WordPress Custom Dashboard & Login Page – AGCA plugin to the latest available version at least 7.0...

4.8CVSS2.1AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/11/28 12:0 a.m.•33 views

WordPress VMag theme <= 1.2.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress VMag theme versions = 1.2.7. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...

8.8CVSS2.7AI score0.01652EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
•added 2021/10/21 12:0 a.m.•33 views

WordPress Catch Themes Demo Import plugin <= 1.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Thinkland Security Team in WordPress Catch Themes Demo Import plugin versions = 1.7. Solution Update the WordPress Catch Themes Demo Import plugin to the latest available version at least 1.8...

7.2CVSS2.7AI score0.55729EPSS
Exploits6References3Affected Software1
Patchstack
Patchstack
•added 2021/10/15 12:0 a.m.•33 views

WordPress JobBoardWP – Job Board Listings and Submissions plugin <= 1.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress JobBoardWP – Job Board Listings and Submissions plugin versions = 1.0.7. Solution Update the WordPress JobBoardWP – Job Board Listings and Submissions plugin to the latest available...

5.5CVSS1.6AI score0.01003EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/10/11 12:0 a.m.•33 views

WordPress WP Project Manager plugin <= 2.4.13 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Jörgson Patchstack Alliance in WordPress WP Project Manager plugin versions = 2.4.13. Solution Update the WordPress WP Subscribe plugin to the latest available version at least 2.4.14...

5.4CVSS2.5AI score0.00608EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2021/09/01 12:0 a.m.•33 views

WordPress Redux Framework plugin <= 4.2.11 - Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion vulnerability

Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion vulnerability discovered by Ramuel Gall WordFence in WordPress Redux Framework plugin versions = 4.2.11. Solution Update the WordPress Redux Framework plugin to the latest available version at least 4.2.13...

5.3CVSS3.4AI score0.28961EPSS
Exploits6References3Affected Software1
Patchstack
Patchstack
•added 2021/07/29 12:0 a.m.•33 views

WordPress WordPress Download Manager plugin <= 3.1.24 - Authenticated Directory Traversal vulnerability

Authenticated Directory Traversal vulnerability discovered by Ramuel Gall WordFence in WordPress WordPress Download Manager plugin versions = 3.1.24. Solution Update the WordPress WordPress Download Manager plugin to the latest available version at least 3.1.25...

8.8CVSS2.9AI score0.0058EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
•added 2021/06/30 12:0 a.m.•33 views

WordPress TaxoPress plugin <= 3.0.7.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress TaxoPress plugin versions = 3.0.7.1. Solution Update the WordPress TaxoPress plugin to the latest available version at least 3.0.7.2...

4.8CVSS1.8AI score0.02315EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
•added 2021/04/28 12:0 a.m.•33 views

WordPress WP Super Cache plugin <= 1.7.2 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress WP Super Cache plugin versions = 1.7.2. Solution Update the WordPress WP Super Cache plugin to the latest available version at least 1.7.3...

5.4CVSS2.2AI score0.03317EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
•added 2021/03/22 12:0 a.m.•33 views

WordPress Delightful Downloads plugin <= 1.6.6 - Path Traversal vulnerability

Path Traversal vulnerability discovered by Nicholas Ferreira in WordPress Delightful Downloads plugin versions = 1.6.6. Solution Plugin closed. Deactivate and delete...

7.5CVSS2.2AI score0.57608EPSS
Exploits7References3Affected Software1
Patchstack
Patchstack
•added 2021/03/22 12:0 a.m.•33 views

WordPress Mapplic premium plugin <= 6.1 - Stored Cross-Site Scripting (XSS) Injection via Server-Side Request Forgery (SSRF) vulnerability

Stored Cross-Site Scripting XSS Injection via Server-Side Request Forgery SSRF vulnerability discovered by Eagle Eye in WordPress Mapplic premium plugin versions = 6.1. Solution Update the WordPress Mapplic premium plugin to the latest available version at least 7.0...

3.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2020/10/20 12:0 a.m.•33 views

WordPress WP-Lister for eBay plugin <= 2.0.20 - Unauthenticated Path Traversal vulnerability

Unauthenticated Path Traversal vulnerability found in WordPress WP-Lister for eBay plugin versions = 2.0.20. Solution Update the WordPress WP-Lister for eBay plugin to the latest available version at least 2.0.21...

7.5CVSS2.8AI score0.57608EPSS
Exploits7References2Affected Software1
Patchstack
Patchstack
•added 2020/02/25 12:0 a.m.•33 views

WordPress Photo Gallery by 10Web plugin <= 1.5.45 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found by Vishnupriya Ilango Fortinet's FortiGuard Labs in WordPress Photo Gallery by 10Web plugin versions = 1.5.45. Solution Update the WordPress Photo Gallery by 10Web plugin to the latest available version at least 1.5.46...

4.8CVSS2AI score0.01355EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2019/05/22 12:0 a.m.•33 views

WordPress Live Chat with Facebook Messenger plugin <= 1.4.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found in WordPress Live Chat with Facebook Messenger plugin versions = 1.4.6. Solution Update the WordPress Live Chat with Facebook Messenger plugin to the latest available version at least 1.4.7...

1.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/08/04 12:0 a.m.•33 views

WordPress <= 4.2.3 - XSS #2

This vulnerability exists in the WPNavMenuWidget class in wp-includes/default-widgets.php in the "form" function. It allows remote attackers to inject arbitrary web script or HTML via a widget title. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-2-3-xss Solution...

4.3CVSS4.1AI score0.0801EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/08/04 12:0 a.m.•33 views

WordPress Legacy Theme <= 4.2.3 - XSS

This vulnerability exists in the Legacy theme preview implementation in wp-includes/theme.php. It allows an attacker to inject arbitrary HTML or web script via a crafted string. Solution Update the theme...

4.3CVSS2.5AI score0.0743EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/07/16 12:0 a.m.•33 views

WordPress qTranslate Plugin <= 2.5.39 - XSS

This vulnerability allows an attacker to inject arbitrary web script or HTML via the "edit" parameter. Solution Update the plugin...

4.3CVSS2.2AI score0.02055EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2015/03/30 12:0 a.m.•33 views

WordPress Slider Revolution Plugin <= 4.1.4 - Arbitrary File Download

WordPress Slider Revolution plugin is prone to an arbitrary file download vulnerability. It allows an attacker to download arbitrary files from the web server and get potentially sensitive information. Solution Update the plugin...

5CVSS3.6AI score0.20631EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2015/03/30 12:0 a.m.•33 views

WordPress WPML Plugin <= 3.1.8 - Multiple Vulnerabilities

This WordPress Multilingual plugin is prone to SQL injection, missing authentication, page/post/menu deletion and reflected XSS vulnerabilities. Solution Update the plugin...

7.5CVSS2.6AI score0.038EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/01/31 12:0 a.m.•33 views

WordPress Easing Slider Plugin <= 2.2.0.6 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "edit" parameter. Solution Upgrade the plugin...

4.3CVSS2.7AI score0.02599EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2014/06/02 12:0 a.m.•33 views

WordPress Contextual Related Posts Plugin <= 1.8.10.1 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via unspecified vectors. Solution Update the plugin...

7.5CVSS6.9AI score0.02031EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/12/06 12:0 a.m.•33 views

WordPress Ad-Minister Plugin <= 0.6 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "key" parameter in a delete action to wp-admin/tools.php. Solution Update the plugin...

4.3CVSS3.1AI score0.02023EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
•added 2013/01/19 12:0 a.m.•33 views

WordPress Events Manager Plugin <= 5.3.4 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "scope" parameter to index.php. Solution Update the plugin...

4.3CVSS2.9AI score0.02058EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2008/01/09 12:0 a.m.•33 views

WordPress <= 2.0.11 - Multiple Directory Traversal

Because of these vulnerabilities, the attackers can read arbitrary files. Solution Update WordPress...

5CVSS3.9AI score0.03424EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2026/06/12 8:8 p.m.•32 views

NPM: esbuild allows arbitrary file read when running the development server on Windows

NPM: esbuild allows arbitrary file read when running the development server on Windows vulnerability discovered by ? in WordPress Npm esbuild versions = 0.27.3, 0.28.1...

6AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2026/05/14 9:14 p.m.•32 views

NPM: vm2 Has a Sandbox Breakout Using Async Generator

NPM: vm2 Has a Sandbox Breakout Using Async Generator vulnerability discovered by ? in WordPress Npm vm2 versions = 3.11.2...

9.8CVSS5.8AI score0.00568EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
•added 2024/11/26 12:0 a.m.•32 views

WordPress RegistrationMagic Plugin <= 6.0.2.6 is vulnerable to Privilege Escalation

Software RegistrationMagic Type Plugin Vulnerable versions = 6.0.2.6 Fixed in 6.0.2.7 OWASP Top 10 A3: Injection Classification Privilege Escalation CVE CVE-2024-10508 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fa83ac6f8527 Credits shaman0x01 Required privilege...

9.8CVSS6.8AI score0.01463EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2024/11/21 12:0 a.m.•32 views

WordPress Tutor LMS Plugin <= 2.7.6 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.6 Fixed in 2.7.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10393 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 196d31d95c65 Credits 1337Wannabe...

5.3CVSS6.9AI score0.00563EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/10/29 12:0 a.m.•32 views

WordPress LiteSpeed Cache Plugin <= 6.5.1 is vulnerable to Privilege Escalation

Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.5.1 Fixed in 6.5.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50550 Patch priority High CVSS severity High 8.1 Developer Hai Zheng / Lite Speed Cache PSID a12edc6aefb8...

9.8CVSS6.6AI score0.00913EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/10/14 12:0 a.m.•32 views

WordPress Jetpack Plugin < 13.9.1 is vulnerable to Broken Access Control

Software Jetpack Type Plugin Vulnerable versions 13.9.1 Fixed in 13.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9926 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 675e1d99d774 Credits Marc Montpas Required privilege...

4.3CVSS6.9AI score0.01148EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
•added 2024/06/10 12:0 a.m.•32 views

WordPress WPS Hide Login Plugin <= 1.9.15.2 is vulnerable to Bypass Vulnerability

Software WPS Hide Login Type Plugin Vulnerable versions = 1.9.15.2 Fixed in 1.9.16 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2024-2473 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6dff27358fc5 Credits Nicholas Mun Required...

5.3CVSS6.6AI score0.01235EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2024/05/13 12:0 a.m.•32 views

WordPress Zeka Theme <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Zeka Type Theme Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34810 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6e9edbf3a6c1 Credits Dhabaleshwar Das Required...

6.1AI score0.00117EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2023/01/03 12:0 a.m.•32 views

WordPress Jeg Elementor Kit Plugin < 2.5.7 is vulnerable to Broken Access Control

Software Jeg Elementor Kit Type Plugin Vulnerable versions 2.5.7 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-3805 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID cb8e3a1233cd Credits Ramuel Gall Required privile...

8.6CVSS6.5AI score0.01594EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2022/11/22 12:0 a.m.•32 views

WordPress Videojs HTML5 Player plugin <= 1.1.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Videojs HTML5 Player plugin versions = 1.1.8. Solution Update the WordPress Videojs HTML5 Player plugin to the latest available version at least 1.1.9...

2.3AI score0.00471EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/11/21 12:0 a.m.•32 views

WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to private post/page title disclosure discovered by Dave Jong Patchstack in the WordPress Betheme premium theme versions = 26.6.1. Solution Update the WordPress Betheme theme to the latest available version at least 26.6.3...

3.2AI score0.00497EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/11/07 12:0 a.m.•32 views

WordPress Awesome Support plugin <= 6.1.1 - Auth. Arbitrary Exported Tickets Download vulnerability

Auth. Arbitrary Exported Tickets Download vulnerability discovered by dc11 in WordPress Awesome Support plugin versions = 6.1.1. Solution Update the WordPress Awesome Support plugin to the latest available version at least 6.1.2...

3.9AI score0.00699EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2022/10/30 12:0 a.m.•32 views

WordPress Custom Product Tabs for WooCommerce plugin <= 1.7.9 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Custom Product Tabs for WooCommerce plugin versions = 1.7.9. Solution Update the WordPress Custom Product Tabs for WooCommerce plugin to the latest available version at least 1.8.0...

4.8CVSS2.6AI score0.00392EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/10/28 12:0 a.m.•32 views

WordPress All in One SEO Pro plugin <= 4.2.5.1 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Rafie Muhammad Yeraisci in the WordPress All in One SEO Pro plugin versions = 4.2.5.1. Solution Update the WordPress All in One SEO Pro plugin to the latest available version at least 4.2.6...

6.5CVSS3.2AI score0.00553EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/10/11 12:0 a.m.•32 views

WordPress Importer plugin <= 1.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstak Alliance in the WordPress Importer plugin versions = 1.0.2. Solution Update the WordPress WordPress Importer plugin to the latest available version at least 1.0.3...

2.5AI score0.00406EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/10/06 12:0 a.m.•32 views

WordPress WP Word Count plugin <= 3.2.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by lucy in the WordPress WP Word Count plugin versions = 3.2.3. Solution Deactivate and delete. This plugin has been closed as of October 6, 2022 and is not available for download. This closure is temporary, pending a full...

4.8CVSS1.5AI score0.00532EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2022/09/12 12:0 a.m.•32 views

WordPress YDS Support Ticket System plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress YDS Support Ticket System plugin versions = 1.0. Solution No patched version is available. No reply from the vendor...

8.8CVSS3.5AI score0.00293EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/09/08 12:0 a.m.•32 views

WordPress Export Post Info plugin <= 1.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Export Post Info plugin versions = 1.1.0. Solution Update the WordPress Export Post Info plugin to the latest available version at least 1.2.0...

4.8CVSS2.3AI score0.00437EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2022/08/31 12:0 a.m.•32 views

WordPress <= 6.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by John Blackbourn in WordPress versions = 6.0.1 Solution Update the WordPress to the latest available version at least 6.0.2 or another patched version...

2.2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2022/08/31 12:0 a.m.•32 views

WordPress <= 6.0.1 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered by Khalilov Moe in WordPress = 6.0.1 Solution Update the WordPress to the latest available version at least 6.0.2 or another patched version...

2.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2022/08/29 12:0 a.m.•32 views

WordPress Visual Composer Website Builder plugin <= 45.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Title

Authenticated Stored Cross-Site Scripting XSS vulnerability via Title discovered by Zhouyuan Yang in WordPress Visual Composer Website Builder plugin versions = 45.0. Solution Update the WordPress Visual Composer Website Builder plugin to the latest available version at least 45.0.1...

6.4CVSS2.7AI score0.00489EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000