Lucene search
K
PatchstackMost viewed

46606 matches found

Patchstack
Patchstack
•added 2022/08/29 12:0 a.m.•32 views

WordPress Visual Composer Website Builder plugin <= 45.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Title

Authenticated Stored Cross-Site Scripting XSS vulnerability via Title discovered by Zhouyuan Yang in WordPress Visual Composer Website Builder plugin versions = 45.0. Solution Update the WordPress Visual Composer Website Builder plugin to the latest available version at least 45.0.1...

6.4CVSS2.7AI score0.00489EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2022/08/23 12:0 a.m.•32 views

WordPress BadgeOS plugin <= 3.7.1.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress BadgeOS plugin versions = 3.7.1.2. Solution Update the WordPress BadgeOS plugin to the latest available version at least 3.7.1.3...

8.8CVSS3AI score0.00994EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/08/02 12:0 a.m.•32 views

WordPress Banner Cycler plugin <= 1.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by MOTEKI TAKERU in WordPress Banner Cycler plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of June 30, 2022 and is not available for download. This closure is...

8.8CVSS2.2AI score0.00502EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2022/08/02 12:0 a.m.•32 views

WordPress Fluent Support plugin <= 1.5.7 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Rafshanzani Suhada in WordPress Fluent Support plugin versions = 1.5.7. Solution Update the WordPress Fluent Support plugin to the latest available version at least 1.5.8...

7.2CVSS2.7AI score0.00966EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/07/19 12:0 a.m.•32 views

WordPress E Unlocked - Student Result plugin <= 1.0.4 - Arbitrary File Upload via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary File Upload via Cross-Site Request Forgery CSRF vulnerability discovered by Raad Haddad in WordPress E Unlocked - Student Result plugin versions = 1.0.4. Solution Deactivate and delete. This plugin has been closed as of July 11, 2022 and is not available for download. This closure is...

8.8CVSS2.1AI score0.00443EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/07/18 12:0 a.m.•32 views

WordPress WP OAuth2 Server plugin <= 1.0.1 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Lana Codes in WordPress WP OAuth2 Server plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of June 23, 2022 and is not available for download. This closure is temporary, pending a full review...

9.8CVSS3.5AI score0.0088EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/06/29 12:0 a.m.•32 views

WordPress Exports and Reports plugin <= 0.9.1 - Authenticated CSV Injection vulnerability

Authenticated CSV Injection vulnerability discovered by websafe2021 in WordPress Exports and Reports plugin versions = 0.9.1. Solution Update the WordPress Exports and Reports plugin to the latest available version at least 0.9.2...

8.8CVSS2.9AI score0.01213EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2022/06/21 12:0 a.m.•32 views

WordPress CDI plugin <= 5.1.8 - Reflected Cross-Site-Scripting (XSS) vulnerability

Reflected Cross-Site-Scripting XSS vulnerability discovered by WordPress CDI plugin versions = 5.1.8. Solution Update the WordPress CDI plugin to the latest available version at least 5.1.9...

6.1CVSS3.1AI score0.01297EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/05/30 12:0 a.m.•32 views

WordPress Events Made Easy plugin <= 2.2.80 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Events Made Easy plugin versions = 2.2.80. Solution Update the WordPress Events Made Easy plugin to the latest available version at least 2.2.81...

9.8CVSS2.9AI score0.36655EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/05/27 12:0 a.m.•32 views

WordPress Admin Management Xtended plugin <= 2.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Nguy Minh Tuan Patchstack Alliance in the WordPress Admin Management Xtended plugin versions = 2.4.4. Solution Update the WordPress Admin Management Xtended plugin to the latest available version at least 2.4.5...

8.8CVSS3.8AI score0.0039EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/05/17 12:0 a.m.•32 views

WordPress Newsletter plugin <= 7.4.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Newsletter plugin versions = 7.4.4. Solution Update the WordPress Newsletter plugin to the latest available version at least 7.4.5...

2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2022/05/09 12:0 a.m.•32 views

WordPress Form Maker by 10Web plugin <= 1.14.11 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Abhinav Porwal & Hitesh Kumar in WordPress Form Maker by 10Web plugin versions = 1.14.11. Solution Update the WordPress Form Maker by 10Web plugin to the latest available version at least 1.14.12...

4.8CVSS1AI score0.00995EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/06 12:0 a.m.•32 views

WordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF leading to Persistent Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress PNG to JPG plugin versions = 4.0. Solution Update the WordPress PNG to JPG plugin to the latest available version at least 4.1...

6.1CVSS2.2AI score0.00336EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/05/04 12:0 a.m.•32 views

WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerability

Cross-Site Request Forgery CSRF leading to Remote Code Execution RCE vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress Code Snippets Extended plugin versions = 1.4.7. Solution No patched version is available. No reply from the vendor...

8.8CVSS4.6AI score0.00894EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/05/02 12:0 a.m.•32 views

WordPress XML Sitemap Generator for Google plugin <= 2.0.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress XML Sitemap Generator for Google plugin versions = 2.0.3. Solution Update the WordPress XML Sitemap Generator for Google plugin to the latest available version at least 2.0.4...

6.1CVSS1.9AI score0.02205EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2022/04/29 12:0 a.m.•32 views

WordPress Subscribe To Comments Reloaded plugin <= 211130 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities discovered by Ex.Mi Patchstack in WordPress Subscribe To Comments Reloaded plugin versions = 211130. Solution Update the WordPress Subscribe To Comments Reloaded plugin to the latest available version at least 220502...

5.8CVSS2.9AI score0.00372EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/04/19 12:0 a.m.•32 views

WordPress External Media without Import plugin <= 1.1.2 - Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability discovered by Luan Pedersini in WordPress External Media without Import plugin versions = 1.1.2. Solution Deactivate and delete. This plugin has been closed as of March 28, 2022 and is not available for download. This closure is temporary, pending a...

6.5CVSS3.8AI score0.02878EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2022/03/21 12:0 a.m.•32 views

WordPress Optimole plugin <= 3.3.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress Optimole plugin versions = 3.3.1. Solution Update the WordPress Optimole plugin to the latest available version at least 3.3.2...

4.8CVSS2.3AI score0.0073EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/03/08 12:0 a.m.•32 views

WordPress Slide Anything plugin <= 2.3.40 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered in WordPress Slide Anything plugin versions = 2.3.40. Solution Update the WordPress Slide Anything plugin to the latest available version at least 2.3.41...

3.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/02/14 12:0 a.m.•32 views

WordPress File Upload Pro premium plugin <= 4.16.2 - Stored Cross-Site Scripting (XSS) via Malicious SVG vulnerability

Stored Cross-Site Scripting XSS via Malicious SVG vulnerability discovered by apple502j in WordPress File Upload Pro premium plugin versions = 4.16.2. Solution Update the WordPress File Upload Pro premium plugin to the latest available version at least 4.16.3...

5.4CVSS2.8AI score0.0077EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/02/01 12:0 a.m.•32 views

WordPress MasterStudy LMS plugin <= 2.7.5 - Unauthenticated Admin Account Creation vulnerability

Unauthenticated Admin Account Creation vulnerability discovered by Numan Türle in WordPress MasterStudy LMS plugin versions = 2.7.5. Solution Update the WordPress MasterStudy LMS plugin to the latest available version at least 2.7.6...

9.8CVSS3.3AI score0.85334EPSS
Exploits8References3Affected Software1
Patchstack
Patchstack
•added 2021/12/27 12:0 a.m.•32 views

WordPress Code Snippets plugin <= 2.14.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Code Snippets plugin versions = 2.14.2. Solution Update the WordPress Code Snippets plugin to the latest available version at least 2.14.3...

6.1CVSS2.1AI score0.02268EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/11/15 12:0 a.m.•32 views

WordPress Modern Events Calendar Lite plugin <= 6.1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Modern Events Calendar Lite plugin versions = 6.1.0. Solution Update the WordPress Modern Events Calendar Lite plugin to the latest available version at least 6.1.5...

9.8CVSS2.4AI score0.73413EPSS
Exploits7References3Affected Software1
Patchstack
Patchstack
•added 2021/11/10 12:0 a.m.•32 views

WordPress core <= 5.8.1 - Expired DST Root CA X3 Certificate issue

Expired DST Root CA X3 Certificate issue discovered by Bradley Taylor in WordPress core versions = 5.8.1. Solution 5.8.1 fixed in 5.8.2, 5.8 fixed in 5.8.2, 5.7.3 fixed in 5.7.4, 5.7.2 fixed in 5.7.4, 5.7.1 fixed in 5.7.4, 5.7 fixed in 5.7.4, 5.6.5 fixed in 5.6.6, 5.6.4 fixed in 5.6.6, 5.6.3 fixe...

1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/08/06 12:0 a.m.•32 views

WordPress WP Fusion Lite plugin <= 3.37.18 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Xu-Liang Liao in WordPress WP Fusion Lite plugin versions = 3.37.18. Solution This plugin has been closed as of August 6, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3.2AI score0.00823EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
•added 2021/06/28 12:0 a.m.•32 views

WordPress W3 Total Cache plugin <= 2.1.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by renniepak in WordPress W3 Total Cache plugin versions = 2.1.3. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.4...

6.1CVSS2.1AI score0.01905EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/04/26 12:0 a.m.•32 views

WordPress Car Seller – Auto Classifieds Script plugin <= 2.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Car Seller – Auto Classifieds Script plugin versions = 2.1.0. Solution This plugin has been closed as of April 19, 2021 and is not available for download. This closure is permanent...

9.8CVSS2.2AI score0.14697EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2020/07/28 12:0 a.m.•32 views

WordPress wpDiscuz plugin <= 7.0.4 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability found by Chloe Chamberland in WordPress wpDiscuz plugin versions = 7.0.4. Solution Update the WordPress wpDiscuz plugin to the latest available version at least 7.0.5...

10CVSS2.9AI score0.94535EPSS
Exploits19References2Affected Software1
Patchstack
Patchstack
•added 2020/05/06 12:0 a.m.•32 views

WordPress Ultimate Addons for Elementor plugin <= 1.24.1 - Registration Bypass vulnerability

Registration Bypass vulnerability discovered by WordFence in WordPress Ultimate Addons for Elementor plugin versions = 1.24.1. Solution Update the WordPress Ultimate Addons for Elementor plugin to the latest available version at least 1.24.2...

7.2CVSS2.9AI score0.02307EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2020/03/09 12:0 a.m.•32 views

WordPress WPML plugin <= 4.3.6 - Authenticated Cross-Site Request Forgery (CSRF) vulnerability leading to Remote Code Execution (RCE)

Authenticated Cross-Site Request Forgery CSRF vulnerability leading to Remote Code Execution RCE discovered by Gerard Arall in WordPress WPML plugin versions = 4.3.6. Solution Update the WordPress WPML plugin to the latest available version at least 4.3.7...

8.8CVSS4.7AI score0.01705EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2019/10/31 12:0 a.m.•32 views

WordPress YITH WooCommerce Multi Vendor plugin <=3.4.0 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Multi Vendor plugin versions =3.4.0. Solution Update the WordPress YITH WooCommerce Multi Vendor plugin to the latest available version at least 3.4.1...

4.3CVSS3.3AI score0.00948EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/09/09 12:0 a.m.•32 views

WordPress Photo Gallery by 10Web plugin <= 1.5.34 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability found in WordPress Photo Gallery by 10Web plugin versions = 1.5.34. Solution Update the WordPress Photo Gallery by 10Web plugin to the latest available version at least 1.5.35...

9.8CVSS3.2AI score0.25438EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
•added 2018/08/09 12:0 a.m.•32 views

WordPress Multi Step Form plugin <= 1.2.5 - Multiple Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerabilities

Multiple Unauthenticated Reflected Cross-Site Scripting XSS vulnerabilities found by Javier Olmedo in WordPress Multi Step Form plugin versions = 1.2.5. Solution Update the plugin WordPress Multi Step Form plugin to the latest available version at least 1.2.6...

6.1CVSS2.3AI score0.01255EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2015/08/04 12:0 a.m.•32 views

WordPress <= 4.2.3 - XSS #1

This vulnerability exists in the "refreshAdvancedAccessibilityOfItem" function. It allows an attacker to inject arbitrary web script or HTML via an accessibility-helper title. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-2-3-xss-2 Solution Update WordPress...

4.3CVSS1.6AI score0.0564EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/06/05 12:0 a.m.•32 views

WordPress XCloner Plugin <= 3.1.2 - Multiple vulnerabilities

This XCloner plugin is prone to an authenticated command execution and XSS. Because of multiple vulnerabilities in cloner.functions.php, remote authenticated users can execute arbitrary commands via a file containing filenames with shell metacharacters. Solution Update the plugin...

6.5CVSS5.5AI score0.02669EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2015/04/28 12:0 a.m.•32 views

WordPress <= 4.1.1 - Multiple XSS

Because of using MySQL without strict mode, the attackers can inject arbitrary web script or HTML via a four-byte UTF-8 character or invalid character that reaches the database layer. Solution Update WordPress...

4.3CVSS3.1AI score0.08467EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/01/31 12:0 a.m.•32 views

WordPress Easing Slider Plugin <= 2.2.0.6 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "edit" parameter. Solution Upgrade the plugin...

4.3CVSS2.7AI score0.02599EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2014/12/07 12:0 a.m.•32 views

WordPress O2Tweet Plugin <= 0.0.4 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...

6.8CVSS3.7AI score0.01001EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/11/20 12:0 a.m.•32 views

WordPress <= 4.0.0 - Multiple Vulnerabilities #2

Because of multiple vulnerabilities in WordPress 4.0.0 and previous versions, the attackers can obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash. Related records:...

6.8CVSS2.1AI score0.02571EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/09/23 12:0 a.m.•32 views

WordPress NOSpamPTI Plugin - Blind SQL Injection

NOSpamPTI plugin is prone to a blind SQL injection vulnerability because of the wp-comments-post.php script not properly sanitizing the commentpostID in POST data. The issue allows to manipulate SQL queries in the back-end database. It results manipulation or disclosure of arbitrary data. Solutio...

7.5CVSS2.4AI score0.02854EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2013/09/19 12:0 a.m.•32 views

WordPress Bradesco Gateway Plugin <= 2.0 - XSS

Because of this vulnerability in falha.php, the attackers can inject arbitrary web script or HTML via the QUERYSTRING. Solution Update the plugin...

4.3CVSS2.8AI score0.02023EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2012/10/25 12:0 a.m.•32 views

WordPress Sentinel Plugin <= 1.0.0 - SQL iNJECTION

Because of this vulnerability, the attackers can execute arbitrary SQL commands via unspecified vectors. Solution Update the plugin...

7.5CVSS6.9AI score0.02736EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/04/11 12:0 a.m.•32 views

WordPress All-in-One Event Calendar Plugin 1.4 - "title" Parameter XSS

WordPress All-in-One Event Calendar plugin's /wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php "title" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the...

4.3CVSS2.2AI score0.08946EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2026/06/18 2:27 p.m.•31 views

NPM: DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)

NPM: DOMPurify: Permanent ALLOWEDATTR pollution via setConfig bypassing the hook clone-guard incomplete fix of the 3.4.7 hook-pollution patch vulnerability discovered by ? in WordPress Npm dompurify versions = 3.4.10...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2025/06/05 1:46 a.m.•31 views

WordPress Wp Easy Allopass plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin Wp Easy Allopass versions = 4.1.1...

4.3CVSS6.6AI score0.00136EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2024/11/25 12:0 a.m.•31 views

WordPress AppPresser Plugin <= 4.4.6 is vulnerable to Privilege Escalation

Software AppPresser Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11024 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 25ae1391ba68 Credits shaman0x01...

9.8CVSS6.5AI score0.00678EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/10/25 12:0 a.m.•31 views

WordPress Token Login Plugin <= 1.0.3 is vulnerable to Broken Authentication

Software Token Login Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50488 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 18531b1d1720 Credits stealthcopte...

8.8CVSS6.8AI score0.009EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2024/10/07 12:0 a.m.•31 views

WordPress Bit File Manager Plugin <= 6.5.7 is vulnerable to Arbitrary File Upload

Software Bit File Manager Type Plugin Vulnerable versions = 6.5.7 Fixed in 6.5.8 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-8743 Patch priority High CVSS severity High 6.8 Developer Claim ownership PSID c3b2ce42763f Credits TANG Cheuk Hei siunam Required privileg...

6.8CVSS6.9AI score0.00754EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2024/09/30 12:0 a.m.•31 views

WordPress LiteSpeed Cache Plugin <= 6.4.1 is vulnerable to Path Traversal

Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.4.1 Fixed in 6.5.1 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-47637 Patch priority Low CVSS severity Low 8.8 Developer Hai Zheng / Lite Speed Cache PSID 9f05c0b173ee Credits TaiYou Required privilege Author...

8.8CVSS6.8AI score0.00634EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/08/26 12:0 a.m.•31 views

WordPress Z Y N I T H Plugin <= 7.4.9 is vulnerable to Settings Change

Software Z Y N I T H Type Plugin Vulnerable versions = 7.4.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43940 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b82e28b179e8 Credits Dave Jong Patchstack Required...

6.5CVSS6.5AI score0.00355EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000