Lucene search
K
PatchstackMost viewed

46606 matches found

Patchstack
Patchstack
•added 2022/05/02 12:0 a.m.•30 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Bruno Halltari in WordPress VikBooking Hotel Booking Engine & PMS plugin versions = 1.5.8. Solution Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version at least 1.5.9...

6.1CVSS2AI score0.00757EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/01 12:0 a.m.•30 views

WordPress Ultimate Member plugin <= 2.3.1 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Ruijie Li in WordPress Ultimate Member plugin versions = 2.3.1. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.3.2...

5.4CVSS3AI score0.00692EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2022/04/21 12:0 a.m.•30 views

WordPress Rara One Click Demo Import plugin <= 1.2.9 - Cross-Site Request Forgery (CSRF) leads to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF leads to Arbitrary File Upload vulnerability discovered in Rara One Click Demo Import plugin versions = 1.2.9 by BEE-K. Solution Update the WordPress Rara One Click Demo Import plugin to the latest available version at least 1.3.0...

8.8CVSS3.9AI score0.00569EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/04/15 12:0 a.m.•30 views

WordPress Simple Ajax Chat plugin <= 20220115 - Multiple Cross-Site Request Forgery (CSRF) vulnerability

Multiple Cross-Site Request Forgery CSRF vulnerability discovered by Ex.Mi Patchstack in WordPress Simple Ajax Chat plugin versions = 20220115. Solution Update the WordPress Simple Ajax Chat plugin to the latest available version at least 20220216...

5.4CVSS2.8AI score0.00374EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/04/13 12:0 a.m.•30 views

WordPress IgniteUp – Coming Soon and Maintenance Mode plugin <= 3.4.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Kaushalendra Dubey in WordPress IgniteUp – Coming Soon and Maintenance Mode plugin versions = 3.4.1. Solution Deactivate and delete. This plugin has been closed as of March 9, 2022 and is not available for download. This closure is...

5.4CVSS1.3AI score0.00571EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/04/11 12:0 a.m.•30 views

WordPress Photo Gallery plugin <= 1.6.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Photo Gallery plugin versions = 1.6.2. Solution Update the WordPress Photo Gallery plugin to the latest available version at least 1.6.3...

6.1CVSS2.2AI score0.00847EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/04/11 12:0 a.m.•30 views

WordPress All In One WP Security plugin <= 4.4.10 - Authenticated Arbitrary Redirect / Reflected XSS vulnerability

Authenticated Arbitrary Redirect / Reflected XSS vulnerability discovered by JrXnm in WordPress All In One WP Security plugin versions = 4.4.10. Solution Update the WordPress All In One WP Security plugin to the latest available version at least 4.4.11...

4.7CVSS2.9AI score0.00726EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/04/05 12:0 a.m.•30 views

WordPress Documentor plugin <= 1.5.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Documentor plugin versions = 1.5.3. Solution Deactivate and delete. This plugin has been closed as of March 29, 2022 and is not available for download. This closure is temporary, pending a full review...

9.8CVSS3.6AI score0.42764EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/03/28 12:0 a.m.•30 views

WordPress Easy Digital Downloads plugin <= 2.11.5 - Arbitrary Payment Note Insertion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Payment Note Insertion via Cross-Site Request Forgery CSRF vulnerability was discovered by Muhamad Hidayat in WordPress Easy Digital Downloads plugin versions = 2.11.5. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 2.11.6...

4.3CVSS3.9AI score0.00461EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/03/07 12:0 a.m.•30 views

WordPress Sync WooCommerce Product feed to Google Shopping plugin <= 1.2.4 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by 0xdecafbad in WordPress Sync WooCommerce Product feed to Google Shopping plugin versions = 1.2.4. Solution Deactivate and delete. This plugin has been closed as of February 21, 2022 and is not available for download. This closure is temporary, pendin...

7.2CVSS2.5AI score0.01281EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2022/03/07 12:0 a.m.•30 views

WordPress GTranslate plugin <= 2.9.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Account Takeover

Cross-Site Request Forgery CSRF vulnerability leading to Account Takeover discovered in WordPress GTranslate plugin versions = 2.9.8. Solution Update the WordPress GTranslate plugin to the latest available version at least 2.9.9...

8.8CVSS3.8AI score0.00602EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2022/03/04 12:0 a.m.•30 views

WordPress Conference Scheduler plugin <= 2.4.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Conference Scheduler plugin versions = 2.4.2. Solution Update the WordPress Conference Scheduler plugin to the latest available version at least 2.4.3...

6.1CVSS1.8AI score0.00788EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/03/01 12:0 a.m.•30 views

WordPress Sermon Browser plugin <= 0.45.22 - Arbitrary File Upload via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary File Upload via Cross-Site Request Forgery CSRF vulnerability discovered by Krishna Harsha Kondaveeti in WordPress Sermon Browser plugin versions = 0.45.22. Solution Deactivate and delete. This plugin has been closed as of February 4, 2022 and is not available for download. This closure...

8.8CVSS3.7AI score0.00618EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/02/10 12:0 a.m.•30 views

WordPress wpDiscuz plugin <= 7.3.11 - Sensitive Information Disclosure

Sensitive Information Disclosure vulnerability discovered in WordPress wpDiscuz plugin versions = 7.3.11 by Muhammad Daffa. Solution Update the WordPress wpDiscuz plugin to the latest available version at least 7.3.12...

7.5CVSS2.7AI score0.01092EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/01/26 12:0 a.m.•30 views

WordPress Grand FlaGallery plugin <= 6.1.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Tyler Miller in WordPress Grand FlaGallery plugin versions = 6.1.2. Solution Deactivate and delete. This plugin has been closed as of November 12, 2021 and is not available for download. Reason: Security Issue...

4.8CVSS2.8AI score0.00588EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/11 12:0 a.m.•30 views

WordPress Remove Footer Credit plugin <= 1.0.10 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Remove Footer Credit plugin versions = 1.0.10. Solution Update the WordPress Remove Footer Credit plugin to the latest available version at least 1.0.11...

4.8CVSS2.3AI score0.00644EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/12/24 12:0 a.m.•30 views

WordPress Arrival theme <= 1.4.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Arrival theme versions = 1.4.2. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...

8.8CVSS2.6AI score0.01652EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/12/21 12:0 a.m.•30 views

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Jeremie Amsellem in WordPress Backup and Staging by WP Time Capsule plugin versions = 1.22.6. Solution Update the WordPress Backup and Staging by WP Time Capsule plugin to the latest available version at least 1.22.7...

6.1CVSS2.4AI score0.00887EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/12/06 12:0 a.m.•30 views

WordPress Chaty Pro premium plugin <= 2.8.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Chaty Pro premium plugin versions = 2.8.1. Solution Update the WordPress Chaty Pro premium plugin to the latest available version at least 2.8.2...

6.1CVSS2.1AI score0.01806EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/11/08 12:0 a.m.•30 views

WordPress Secure Copy Content Protection and Content Locking plugin <= 2.8.1 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Krzysztof ZajÄ…c in WordPress Secure Copy Content Protection and Content Locking plugin versions = 2.8.1. Solution Update the WordPress Secure Copy Content Protection and Content Locking plugin to the latest available version at least...

9.8CVSS3.3AI score0.78812EPSS
Exploits7References3Affected Software1
Patchstack
Patchstack
•added 2021/10/25 12:0 a.m.•30 views

WordPress Age Gate plugin <= 2.17.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability was discovered by Nguyen Van Khanh Patchstack Alliance in the WordPress Age Gate plugin versions = 2.17.0. Solution Update the WordPress Age Gate plugin to the latest available version at least 2.17.1...

6.1CVSS3.2AI score0.00745EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
•added 2021/10/11 12:0 a.m.•30 views

WordPress Affiliates Manager plugin <= 2.8.6 - SQL injection (SQLi) vulnerability

SQL injection SQLi vulnerability discovered by JrXnm in WordPress Affiliates Manager plugin versions = 2.8.6. Solution Update the WordPress Affiliates Manager plugin to the latest available version at least 2.8.7...

7.2CVSS3.7AI score0.01484EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/10/05 12:0 a.m.•30 views

WordPress Google Language Translator plugin <= 6.0.11 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Google Language Translator plugin versions = 6.0.11. Solution Update the WordPress Google Language Translator plugin to the latest available version at least 6.0.12...

4.8CVSS1.9AI score0.00654EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/08/09 12:0 a.m.•30 views

WordPress Request Quote via Whatsapp for Woocommerce plugin <= 1.0.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress Request Quote via Whatsapp for Woocommerce plugin versions = 1.0.1. Solution This plugin has been closed as of September 25, 2019 and is not available for download...

3.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/08/09 12:0 a.m.•30 views

WordPress Custom Text Selection Colors plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Custom Text Selection Colors plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of January 6, 2022 and is not available for download. This closure is temporary, pending a full revi...

6.1CVSS2AI score0.01785EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/07/26 12:0 a.m.•30 views

WordPress SEO Backlinks plugin <= 4.0.1 – Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Takahiro Yamashita Cryptography Laboratory - Tokyo Denki University in WordPress SEO Backlinks plugin versions = 4.0.1. Solution This plugin has been closed as of July 23, 2021 and is not...

8.8CVSS1.5AI score0.00698EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
•added 2021/06/30 12:0 a.m.•30 views

WordPress Newspaper premium theme <= 10.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Truoc Phan in WordPress Newspaper premium theme versions = 10.4. Solution Update the WordPress Newspaper premium theme to the latest available version at least 11,...

8.8CVSS1.7AI score0.01608EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/06/08 12:0 a.m.•30 views

WordPress Custom css-js-php plugin <= 2.0.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by NinTechNet WordPress Custom css-js-php plugin versions = 2.0.7. Solution This plugin has been closed as of February 11, 2021 and is not available for download. Reason: Security Issue...

3.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/05/24 12:0 a.m.•30 views

WordPress JNews premium theme <= 8.0.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Truoc Phan in WordPress JNews premium theme versions = 8.0.5. Solution Update the WordPress JNews premium theme to the latest available version at least 8.0.6...

6.1CVSS1.5AI score0.01975EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/04/27 12:0 a.m.•30 views

WordPress WP Fastest Cache plugin <= 0.9.1.6 - Authenticated Arbitrary File Deletion via Path Traversal vulnerability

Authenticated Arbitrary File Deletion via Path Traversal vulnerability discovered by Gen Sato in WordPress WP Fastest Cache plugin versions = 0.9.1.6. Solution Update the WordPress WP Fastest Cache plugin to the latest available version at least 0.9.1.7...

6.5CVSS3.3AI score0.02625EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2021/04/24 12:0 a.m.•30 views

WordPress NextGEN Gallery Pro premium plugin <= 3.1.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Mg Thura Moe Myint in WordPress NextGEN Gallery Pro premium plugin versions = 3.1.9. Solution Update the WordPress NextGEN Gallery Pro premium plugin to the latest available version at least 3.1.11...

6.1CVSS2.2AI score0.00867EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2020/08/26 12:0 a.m.•30 views

WordPress File Manager plugin <= 6.4 - Backup File Directory Listing vulnerability

Backup File Directory Listing vulnerability found by zerodetail & ratherbland in WordPress File Manager plugin versions = 6.4. Solution Update the WordPress File Manager plugin to the latest available version at least 6.5...

7.5CVSS3.7AI score0.16327EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
•added 2020/04/03 12:0 a.m.•30 views

WordPress OneTone theme <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress OneTone theme versions = 3.0.6. Solution No patched version is available...

6.1CVSS2.2AI score0.01216EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
•added 2020/02/28 12:0 a.m.•30 views

WordPress Booked premium plugin <= 2.2.5 - Broken Authentication vulnerability leading to Sensitive Information disclosure

Broken Authentication vulnerability leading to Sensitive Information disclosure discovered by Noman Riffat in WordPress Booked premium plugin versions = 2.2.5. Solution Update the WordPress Booked premium plugin to the latest available version at least 2.2.6...

2.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2020/01/15 12:0 a.m.•30 views

WordPress LearnDash LMS premium plugin <= 3.1.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Jinson Varghese Behanan in WordPress LearnDash LMS premium plugin versions = 3.1.1.1. Solution Update the WordPress LearnDash LMS premium plugin to the latest available version at least 3.1.2...

5.4CVSS2AI score0.03458EPSS
Exploits6References3Affected Software1
Patchstack
Patchstack
•added 2017/05/24 12:0 a.m.•30 views

WordPress Huge-IT Video Gallery plugin <=2.0.4 - SQL Injection vulnerability

SQL Injection vulnerability found by Neven Biruski DefenseCode in WordPress Huge-IT Video Gallery plugin version 2.0.4 and earlier versions. Solution Update WordPress Huge-IT Video Gallery plugin to the latest available version...

9.8CVSS3.3AI score0.99714EPSS
Exploits58References1Affected Software1
Patchstack
Patchstack
•added 2015/02/23 12:0 a.m.•30 views

WordPress Easy Social Icons Plugin 1.2.2 - CSRF

Easy Social Icons plugin is prone to a cross-site request forgery vulnerability because of insufficient validation is performed on the "imagefile" parameter which allows arbitrary JavaScript. Solution Upgrade the plugin...

6.8CVSS2.9AI score0.02621EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/11/28 12:0 a.m.•30 views

WordPress Download Manager Plugin <= 2.0.6 - Multiple CSRF and XSS

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that change plugin settings or conduct cross-site scripting attacks. Solution Update the plugin...

6.8CVSS4.3AI score0.01533EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/11/13 12:0 a.m.•30 views

WordPress DukaPress Plugin <=2.5.3 - Directory Traversal

This vulnerability is in the "dpimgresize" function in php/dp-functions.php. It allows the attackers to read arbitrary files in the "src" parameter to lib/dpimage.php. Solution Update the plugin...

5CVSS5AI score0.6846EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2014/09/22 12:0 a.m.•30 views

WordPress Google Calendar Events Plugin <= 2.0.3 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "gcefeedids" parameter in a gceajax action to wp-admin/admin-ajax.php. Solution Update the plugin...

4.3CVSS3AI score0.02388EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2014/08/15 12:0 a.m.•30 views

WordPress <= 3.9.1 - Denial Of Service Attacks #1

The Incutio XML-RPC IXR Library, that is used in WordPress 3.9.1, does not limit the number of elements in an XML document. In that way the attackers can cause a denial of service attacks via a large document. Related records:...

5CVSS2.6AI score0.24385EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2014/07/24 12:0 a.m.•30 views

WordPress Video Gallery Plugin 2.5 - Multiple Vulnerabilities

Video Gallery plugin is prone to multiple vulnerabilities, such as SQL injection and XSS vulnerabilities. Solution Upgrade the plugin...

7.5CVSS2.5AI score0.05173EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2013/03/07 12:0 a.m.•30 views

WordPress Terillion Reviews Plugin <= 1.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the ProfileId field. Solution Update the plugin...

4.3CVSS2.9AI score0.05268EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2012/11/29 12:0 a.m.•30 views

WordPress Video Lead Form Plugin - Cross Site Scripting

WordPress Video Lead Form plugin's "errMsg" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can stea...

4.3CVSS2.1AI score0.03236EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/04/21 12:0 a.m.•30 views

WordPress SWFUpload Plugin <= 2.2.0.1 - XSS #2

Because of this vulnerability in swfupload.swf, the attackers can inject arbitrary web script or HTML via the "buttonText" parameter. Solution Update the plugin...

10CVSS2.9AI score0.0868EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2011/12/23 12:0 a.m.•30 views

WordPress <= 3.1.0 - Multiple Vulnerabilities

The attackers can cause a denial of service via a comment with a crafted URL that triggers many recursive calls, because the makeclickable function in wp-includes/formatting.php does not properly check URLs before passing them to the PCRE library. Solution Update WordPress...

5CVSS4.5AI score0.03155EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2007/09/26 12:0 a.m.•30 views

WordPress <= 2.0- Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "userlogin" parameter. Solution Update WordPress...

4.3CVSS2.7AI score0.02219EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2007/01/29 12:0 a.m.•30 views

WordPress <= 2.1 - Denial of Service Attacks

The attackers can cause a denial of service attacks via pingback service calls. Solution Update the WordPress to the latest available version at least 2.2...

5CVSS4.7AI score0.07232EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2006/03/06 12:0 a.m.•30 views

WordPress <= 1.5.2 - SQL injection

Because of this vulnerability, attackers can execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. Solution Update the WordPress to the latest available version at least 1.5.3...

7.5CVSS4.2AI score0.02907EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/07/18 4:6 a.m.•29 views

WordPress Map My Locations plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Map My Locations versions = 1.1...

6.4CVSS5.5AI score0.00218EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000