Lucene search
K
PatchstackMost viewed

46606 matches found

Patchstack
Patchstack
added 2018/10/03 12:0 a.m.31 views

WordPress Wechat Broadcast plugin <= 1.2.0 - Local/Remote File Inclusion vulnerability

Local/Remote File Inclusion vulnerability found by Manuel Garcia Cardenas in WordPress Wechat Broadcast plugin versions = 1.2.0. Solution 2018 October 3rd - no patched version available to download. We recommend to deactivate and uninstall...

9.8CVSS3.8AI score0.6307EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
added 2017/12/04 12:0 a.m.31 views

WordPress Apocalypse Meow plugin <=21.2.7 - BCrypt Authentication Bypass vulnerability

BCrypt Authentication Bypass vulnerability found by Steve Sc00bzT in WordPress Apocalypse Meow plugin versions =21.2.7. Solution Update the WordPress Apocalypse Meow plugin to the latest available version at least 21.2.8...

3.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/08/23 12:0 a.m.31 views

WordPress Mail Masta plugin <= 1.0 - Local File Inclusion (LFI) vulnerability

A Local File Inclusion vulnerability exists in WordPress Mail Masta Plugin 1.0 plugin. This vulnerability allows remote attackers to include arbitrary files on the server by "dynamic file inclusion" mechanism in Mail Masta Plugin. Solution This plugin has been closed and is no longer available fo...

3.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/06/29 12:0 a.m.31 views

WordPress Ultimate Membership Pro Plugin 3.3 - SQL Injection

This WordPress Ultimate Membership Pro plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update WordPress plugin to the newest stable and safe...

3.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2015/12/26 12:0 a.m.31 views

WordPress Ninja Forms Plugin <= 2.9.42.0 - PHP Object Injection

This vulnerability allows an attacker to conduct PHP object injection attacks via crafted serialized values in a POST request. Solution Update the plugin...

9.8CVSS4.3AI score0.61612EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
added 2015/03/05 12:0 a.m.31 views

WordPress Ninja Forms Plugin <= 2.8.8 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "ninjaformsfield1" parameter in a ninjaformsajaxsubmit action to wp-admin/admin-ajax.php. Also, multiple cross site scripting vulnerabilities allow the administrators to inject arbitrary web script or...

4.3CVSS3.2AI score0.02041EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/09/09 12:0 a.m.31 views

WordPress <= 3.6.0 - Privilege Escalation

Because of this vulnerability, the authors can create an entry appearing as written by another user. Solution Update the plugin...

3.5CVSS4.4AI score0.0263EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2013/06/12 12:0 a.m.31 views

WordPress <= 3.6.0 - Multiple vulnerabilities

The attackers can bypass intended redirection restrictions via a crafted string, because this WordPress version and lower versions too does not properly validate URLs before use in an HTTP redirect. Solution Update the plugin...

7.5CVSS3.6AI score0.07493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2012/08/13 12:0 a.m.31 views

WordPress Better WP Security Plugin <= 3.2.4 - XSS

Because of this vulnerability in inc/admin/content.php, the attackers can inject arbitrary web script or HTML via the HTTPUSERAGENT header. Solution Update the plugin...

4.3CVSS2.3AI score0.02066EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/04/21 12:0 a.m.31 views

WordPress <= 3.3.1 - Unspecified vulnerability

There is an unspecified vulnerability in wp-includes/js/swfobject.js, that has unknown impact and attack vectors. Solution Update WordPress...

10CVSS8.9AI score0.03062EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2011/08/20 12:0 a.m.31 views

WordPress Block Spam By Math Reloaded Plugin - Bypass

BYPASS vulnerability was discovered in WordPress Block Spam By Math Reloaded plugin. Solution Update the plugin...

5CVSS1.8AI score0.85EPSS
Exploits14References1Affected Software1
Patchstack
Patchstack
added 2011/03/28 12:0 a.m.31 views

WordPress BackWPup Plugin - Remote and Local Code Execution

WordPress BackWPup plugin is prone to a remote and local code execution vulnerability. The input that is passed to the component "wpxmlexport.php" via the "wpabs" variable allows the inclusion and execution of local or remote PHP files as long as a "nonce" value is known. Solution Update the plug...

7.5CVSS5.9AI score0.10403EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2007/01/16 12:0 a.m.31 views

WordPress <= 2.0.6 - Full Path disclosure

Because of this vulnerability, the attackers can obtain sensitive information via an invalid m parameter. Solution Update the WordPress to the latest available version at least 2.0.7...

7.8CVSS3.5AI score0.02433EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/07 12:0 a.m.30 views

WordPress Advanced Custom Fields Plugin <= 6.3.6 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields Type Plugin Vulnerable versions = 6.3.6 Fixed in 6.3.6.1 OWASP Top 10 A1: Injection Classification Arbitrary Code Execution CVE CVE-2024-9529 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2b40e735610b Credits Automattic Security Team...

6.6CVSS6.7AI score0.00435EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/08/26 12:0 a.m.30 views

WordPress WP Testimonial Widget Plugin <= 3.1 is vulnerable to SQL Injection

Software WP Testimonial Widget Type Plugin Vulnerable versions = 3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43966 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 505085fbb60c Credits hnwmn Required privilege Administrator Publishe...

7.6CVSS6.9AI score0.00439EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/22 12:0 a.m.30 views

WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 is vulnerable to SQL Injection

Software TI WooCommerce Wishlist Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.9.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43917 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 55f8b0990265 Credits Rafie Muhammad Patchstack Required...

9.8CVSS9.6AI score0.21769EPSS
Exploits3References2Affected Software1
Patchstack
Patchstack
added 2024/01/30 12:0 a.m.30 views

WordPress MapPress Maps for WordPress Plugin <= 2.88.16 is vulnerable to Cross Site Scripting (XSS)

Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.88.16 Fixed in 2.88.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7225 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fbcdd95991b2 Credits Akbar...

6.4CVSS5.8AI score0.00491EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.30 views

WordPress JetSmartFilters Plugin <= 3.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software JetSmartFilters Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.2.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48762 Patch priority Low CVSS severity Low 6.3 Developer Crocoblock PSID cc4e59f9bb8e Credits Rafie Muhammad...

8.8CVSS8.6AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/10/16 12:0 a.m.30 views

WordPress Ajax Archive Calendar Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Archive Calendar Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46069 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2c6a1e009987 Credits Ngô Thiên An ancorn from...

6.5CVSS6.5AI score0.00409EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.30 views

WordPress Defender Security Plugin < 4.1.0 is vulnerable to Bypass Vulnerability

Software Defender Security Type Plugin Vulnerable versions 4.1.0 Fixed in 4.1.0 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-5089 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID e45ed857552b Credits Juan Pablo Gomez Postigo Required...

5.3CVSS6.9AI score0.02235EPSS
Exploits3References4Affected Software1
Patchstack
Patchstack
added 2023/03/14 12:0 a.m.30 views

WordPress WP-Advanced-Search Plugin <= 3.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP-Advanced-Search Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47447 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c0a9b80e999 Credits rezaduty Require...

8.8CVSS6.6AI score0.0026EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2022/11/21 12:0 a.m.30 views

WordPress WPTools plugin <= 3.42 - Auth. Arbitrary Plugin Installation vulnerability

Auth. Arbitrary Plugin Installation vulnerability discovered by Lana Codes in WordPress WPTools plugin versions = 3.42. Solution Update the WordPress WP Tools plugin to the latest available version at least 3.43...

3.2AI score0.00438EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/11/15 12:0 a.m.30 views

WordPress ProfileGrid plugin <= 5.1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in the WordPress ProfileGrid plugin versions = 5.1.0. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 5.1.1...

6.1CVSS2.2AI score0.00946EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/11/02 12:0 a.m.30 views

WordPress Font Awesome 4 Menus plugin <= 4.7.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress Font Awesome 4 Menus plugin versions = 4.7.0. Solution Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full...

2AI score0.00524EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.30 views

WordPress Booster for WooCommerce plugin <= 5.6.6 - Auth. Arbitrary File Download vulnerability

Auth. Arbitrary File Download vulnerability discovered by WPScan in WordPress Booster for WooCommerce plugin versions = 5.6.6. Solution Update the WordPress Booster for WooCommerce plugin to the latest available version at least 5.6.7...

6.5CVSS3.8AI score0.00914EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/24 12:0 a.m.30 views

WordPress WIP Custom Login plugin <= 1.2.7 - Multiple Broken Access Control vulnerabilities

Multiple Broken Access Control vulnerabilities were discovered by Lana Codes Patchstack Alliance in the WordPress WIP Custom Login plugin versions = 1.2.7. Solution Update the WordPress WIP Custom Login plugin to the latest available version at least 1.2.8...

3.7AI score0.00439EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/12 12:0 a.m.30 views

WordPress 3com – Asesor de Cookies plugin <= 3.4.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress 3com – Asesor de Cookies plugin versions = 3.4.3. Solution No patched version is available. No reply from the vendor...

2.9AI score0.00392EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/29 12:0 a.m.30 views

WordPress Analytify plugin <= 4.2.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Cache Deletion discovered by Muhammad Daffa Patchstack Alliance in WordPress Analytify plugin versions = 4.2.2 Solution Update the WordPress Analytify plugin to the latest available version at least 4.2.3...

8.8CVSS4.2AI score0.00301EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/15 12:0 a.m.30 views

WordPress Awesome Filterable Portfolio plugin <= 1.9.7 - Unauthenticated Plugin Settings Change vulnerability

Unauthenticated Plugin Settings Change vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Awesome Filterable Portfolio plugin versions = 1.9.7. Solution Deactivate and delete. This plugin has been closed as of September 14, 2022 and is not available for download. This...

6.5CVSS1.7AI score0.00534EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/14 12:0 a.m.30 views

WordPress Rate my Post – WP Rating System plugin <= 3.3.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability that allows arbitrary votes discovered by Nguy Minh Tuan Patchstack Alliance in WordPress Rate my Post – WP Rating System plugin plugin = 3.3.4. Solution Update the WordPress Rate my Post – WP Rating System plugin to the latest available version at...

4.3CVSS2.6AI score0.00261EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/01 12:0 a.m.30 views

WordPress MP3 jPlayer plugin <= 2.7.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Rasi Afeef Patchstack Alliance in the WordPress MP3-jPlayer plugin versions = 2.7.3. Solution Deactivate and delete. No reply from the vendor...

8.8CVSS4AI score0.00355EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2022/08/31 12:0 a.m.30 views

WordPress Restricted Site Access plugin <= 7.3.1 - Access Bypass via IP Spoofing vulnerability

Access Bypass via IP Spoofing vulnerability discovered by Daniel Ruf in WordPress Restricted Site Access plugin versions = 7.3.1. Solution Update the WordPress Restricted Site Access plugin to the latest available version at least 7.3.2...

5.3CVSS4.3AI score0.00583EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/22 12:0 a.m.30 views

WordPress Better Messages plugin <= 1.9.10.57 - Denial Of Service (DoS) vulnerability

Denial Of Service DoS vulnerability was discovered by Dhakal Ananda Patchstack Alliance in the WordPress Better Messages plugin versions = 1.9.10.57. Solution Update the WordPress BP Better Messages plugin to the latest available version at least 1.9.10.58...

7.7CVSS3.4AI score0.00871EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/02 12:0 a.m.30 views

WordPress Download Manager plugin <= 3.2.48 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities were discovered by Vlad Vector Patchstack in the WordPress Download Manager plugin versions = 3.2.48. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.49...

5.4CVSS3.1AI score0.00449EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/02 12:0 a.m.30 views

WordPress WP Hotel Booking plugin <= 1.10.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress WP Hotel Booking plugin versions = 1.10.5. Solution Update the WordPress WP Hotel Booking plugin to the latest available version at least 1.10.6...

8CVSS2.8AI score0.00325EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/02 12:0 a.m.30 views

WordPress OAuth 2.0 client for SSO plugin <= 1.11.3 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Lana Codes in WordPress OAuth 2.0 client for SSO plugin versions = 1.11.3. Solution Update the WordPress OAuth 2.0 client for SSO plugin to the latest available version at least 1.11.4...

9.8CVSS3.7AI score0.01344EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/01 12:0 a.m.30 views

WordPress NEX-Forms plugin <= 7.9.6 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Elias Hohl in WordPress NEX-Forms plugin versions = 7.9.6. Solution Update the WordPress NEX-Forms – Ultimate Form Builder plugin to the latest available version at least 7.9.7...

8.8CVSS2.7AI score0.10375EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2022/07/11 12:0 a.m.30 views

WordPress YaySMTP plugin <= 2.2 - Authenticated Logs Disclosure vulnerability

Authenticated Logs Disclosure vulnerability discovered by Rafshanzani Suhada in WordPress YaySMTP plugin versions = 2.2. Solution Update the WordPress YaySMTP plugin to the latest available version at least 2.2.1...

4.3CVSS2.2AI score0.00585EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/07 12:0 a.m.30 views

WordPress Advanced WordPress Reset plugin <= 1.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress Advanced WordPress Reset plugin versions = 1.5. Solution Update the WordPress Advanced WordPress Reset plugin to the latest available version at least 1.6...

6.1CVSS2.1AI score0.0055EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/21 12:0 a.m.30 views

WordPress Import CSV Files plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Benachi in WordPress Import CSV Files plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of June 16, 2022 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.4AI score0.00337EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/20 12:0 a.m.30 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.9.7 - Reflected Cross-Site-Scripting (XSS) vulnerability

Reflected Cross-Site-Scripting XSS vulnerability discovered by cydave in WordPress Shortcodes and extra features for Phlox theme plugin versions = 2.9.7. Solution Update the WordPress Shortcodes and extra features for Phlox theme plugin to the latest available version at least 2.9.8...

6.1CVSS2.5AI score0.01205EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/06/15 12:0 a.m.30 views

WordPress eaSYNC plugin <= 1.1.15 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by cydave in WordPress eaSYNC plugin versions = 1.1.15. Solution Update the WordPress eaSYNC plugin to the latest available version at least 1.1.16...

9.8CVSS2.7AI score0.17572EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/02 12:0 a.m.30 views

WordPress Mihdan: No External Links plugin <= 5.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vaibhav Nitin Gaikwad in WordPress Mihdan: No External Links plugin versions = 5.0.1. Solution Update the WordPress Mihdan: No External Links plugin to the latest available version at least 5.0.2...

4.8CVSS2.1AI score0.00552EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/05/27 12:0 a.m.30 views

WordPress Export All URLs plugin <= 4.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Universe Patchstack Alliance in WordPress Export All URLs plugin versions = 4.1. Solution Update the WordPress Export All URLs plugin to the latest available version at least 4.2...

4.8CVSS2.7AI score0.00477EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.30 views

WordPress Code Snippets plugin <= 2.14.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by BEE-K Patchstack in WordPress Code Snippets plugin versions = 2.14.3. Solution Update the WordPress Code Snippets plugin to the latest available version at least 2.14.4...

6.1CVSS2.1AI score0.00757EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/05/16 12:0 a.m.30 views

WordPress Ask Me premium theme < 6.8.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Veshraj Ghimire in WordPress Ask Me premium theme versions 6.8.2. Solution Update the WordPress Ask Me premium theme to the latest available version at least 6.8.2...

6.1CVSS2.1AI score0.00757EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/05/12 12:0 a.m.30 views

WordPress Note Press plugin <= 0.1.10 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer and Shi Chen in the WordPress Note Press plugin versions = 0.1.10. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022 and is not available for download. This closure is temporary, pending a...

4CVSS2.8AI score0.00764EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/10 12:0 a.m.30 views

WordPress Quotes llama plugin < 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Benachi in WordPress Quotes llama plugin versions 1.0.0. Solution Update the WordPress Quotes llama plugin to the latest available version at least 1.0.0...

4.8CVSS2.4AI score0.0064EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/04 12:0 a.m.30 views

WordPress Checkout Files Upload for WooCommerce plugin <= 2.1.2 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability was discovered by Lucio Sá Patchstack Alliance in WordPress Checkout Files Upload for WooCommerce plugin versions = 2.1.2. Solution Update the WordPress Checkout Files Upload for WooCommerce plugin to the latest available version at least 2.1.3...

6.1CVSS2.4AI score0.00655EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/05/04 12:0 a.m.30 views

WordPress StaffList plugin <= 3.1.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Hassan Khan Yusufzai in WordPress StaffList plugin versions = 3.1.2. Solution Update the WordPress StaffList plugin to the latest available version at least 3.1.5...

9.8CVSS2.6AI score0.2038EPSS
Exploits2References3Affected Software1
Total number of security vulnerabilities5000