Lucene search
K
PatchstackMost viewed

46606 matches found

Patchstack
Patchstack
added 2025/07/18 4:6 a.m.29 views

WordPress Map My Locations plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Map My Locations versions = 1.1...

6.4CVSS5.5AI score0.00218EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/26 12:0 a.m.29 views

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.2.2 is vulnerable to Arbitrary Code Execution

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.2.2 Fixed in 1.4.2.3 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-10640 Patch priority Low CVSS severity Low 7.3 Developer Claim ownership PSID 9ec73d22667c Credits mikemyers...

7.3CVSS7AI score0.00441EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/15 12:0 a.m.29 views

WordPress Jobs for WordPress Plugin < 2.7.8 is vulnerable to Cross Site Scripting (XSS)

Software Jobs for WordPress Type Plugin Vulnerable versions 2.7.8 Fixed in 2.7.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10104 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 470159fcd95b Credits Krugov Artyom Required...

5.9CVSS5.9AI score0.00341EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2024/11/14 12:0 a.m.29 views

WordPress Chartify Plugin <= 2.9.5 is vulnerable to Remote Code Execution (RCE)

Software Chartify Type Plugin Vulnerable versions = 2.9.5 Fixed in 2.9.6 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-10571 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 97f7a98a5728 Credits abrahack Required privilege Unauthenticated...

9.8CVSS7.2AI score0.04841EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2024/11/12 12:0 a.m.29 views

WordPress Advanced Order Export For WooCommerce Plugin <= 3.5.5 is vulnerable to PHP Object Injection

Software Advanced Order Export For WooCommerce Type Plugin Vulnerable versions = 3.5.5 Fixed in 3.5.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10828 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 52652ce9166f Credits Webbernaut Require...

9.8CVSS6.8AI score0.01406EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/12 12:0 a.m.29 views

WordPress LearnPress Plugin <= 4.2.7 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.2.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8522 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 13b3ec9c4ec2 Credits abrahack Required privilege Unauthenticated Publish...

10CVSS6.8AI score0.61355EPSS
Exploits6References3Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:0 a.m.29 views

WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.8.6 is vulnerable to Remote Code Execution (RCE)

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-7094 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 31d4d7c86bb1 Credits Conno...

9.8CVSS7.2AI score0.37899EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/03 12:0 a.m.29 views

WordPress Ajax Load More Plugin <= 7.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Load More Type Plugin Vulnerable versions = 7.1.1 Fixed in 7.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4711 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 049ac1eade10 Credits Webbernaut Required...

6.4CVSS5.8AI score0.0039EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/05/22 12:0 a.m.29 views

WordPress NextScripts Plugin <= 4.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software NextScripts Type Plugin Vulnerable versions = 4.4.3 Fixed in 4.4.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1446 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 891652032504 Credits Krzysztof Zając Required...

5.4CVSS6.6AI score0.00181EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/12/15 12:0 a.m.29 views

WordPress Essential Real Estate Plugin <= 4.3.5 is vulnerable to Arbitrary File Upload

Software Essential Real Estate Type Plugin Vulnerable versions = 4.3.5 Fixed in 4.4.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6827 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4162eb3df384 Credits István Márton Required privilege...

8.8CVSS6.8AI score0.01265EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/11/07 12:0 a.m.29 views

WordPress UpdraftPlus Plugin <= 1.23.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software UpdraftPlus Type Plugin Vulnerable versions = 1.23.10 Fixed in 1.23.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5982 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ef8f3eafdf9f Credits Nicolas Decayeux...

5.4CVSS6.6AI score0.00218EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/10/12 12:0 a.m.29 views

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Broken Access Control

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5533 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ffa27d384955 Credits Marco Wotschka Required privilege...

9.8CVSS6.5AI score0.00531EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/09/14 12:0 a.m.29 views

WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)

Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4648 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 36513c06abe2 Credits Marco Wotschka...

4.8CVSS6AI score0.00303EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/05/09 12:0 a.m.29 views

WordPress Divi Theme <= 4.20.2 is vulnerable to Cross Site Scripting (XSS)

Software Divi Type Theme Vulnerable versions = 4.20.2 Fixed in 4.20.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29099 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 15fa42e5d3af Credits Rafie Muhammad Patchstack Require...

6.5CVSS5.7AI score0.00358EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/11/22 12:0 a.m.29 views

WordPress YITH WooCommerce Gift Cards Premium plugin <= 3.19.0 - Unauth. Arbitrary File Upload vulnerability

Unauth. Arbitrary File Upload vulnerability discovered by Dave Jong Patchstack in WordPress YITH WooCommerce Gift Cards Premium plugin versions = 3.19.0. Solution Update the WordPress YITH WooCommerce Gift Cards Premium plugin to the latest available version at least 3.20.0...

3.8AI score0.13514EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/11/15 12:0 a.m.29 views

WordPress OAuth Client by DigitialPixies plugin <= 1.1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress OAuth Client by DigitialPixies plugin versions = 1.1.0. Solution No patched version is available. This plugin has been closed as of October 21, 2022 and is not available for download. This closure is...

4.8CVSS3AI score0.00501EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/30 12:0 a.m.29 views

WordPress Soledad premium theme <= 8.2.5 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. Cross-Site Scripting XSS vulnerability discovered by Dave Jong in WordPress Soledad premium theme versions = 8.2.5. Solution Update the WordPress soledad theme to the latest available version at least 8.2.6...

5.4CVSS2.1AI score0.00397EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/28 12:0 a.m.29 views

WordPress Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Ads – Ad Manager & AdSense plugin versions = 1.31.1. Solution Update the WordPress Advanced Ads – Ad Manager & AdSense plugin to the latest available version at least...

4.8CVSS2.5AI score0.00437EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/14 12:0 a.m.29 views

WordPress Disable User Login plugin <= 1.0.1 - Unauthenticated Settings Update vulnerability

Unauthenticated Settings Update vulnerability discovered by Rafshanzani Suhada in WordPress Disable User Login plugin versions = 1.0.1. Solution No patched version available...

5.3CVSS2.7AI score0.00408EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/09/05 12:0 a.m.29 views

WordPress WP Popup Builder plugin <= 1.2.9 - Authenticated Arbitrary Popup Deletion vulnerability

Authenticated Arbitrary Popup Deletion vulnerability discovered by Krzysztof Zając in WordPress WP Popup Builder plugin versions = 1.2.9. Solution Update the WordPress WP Popup Builder plugin to the latest available version at least 1.3.0...

4.3CVSS3AI score0.00262EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/30 12:0 a.m.29 views

WordPress Add User Role plugin <= 0.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Add User Role plugin versions = 0.0.1. Solution Deactivate and delete. This plugin has been closed as of August 29, 2022 and is not available for download. This closure is temporary...

4.8CVSS2.6AI score0.00437EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/29 12:0 a.m.29 views

WordPress Beaver Builder plugin <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Text Editor

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Zhouyuan Yang in WordPress Beaver Builder plugin versions = 2.5.5.2. Solution Update the WordPress Beaver Builder plugin to the latest available version at least 2.5.5.3...

6.4CVSS2.6AI score0.0044EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/08/29 12:0 a.m.29 views

WordPress Visual Composer Website Builder plugin <= 45.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Text Block

Authenticated Stored Cross-Site Scripting XSS vulnerability via Text Block discovered by Zhouyuan Yang in WordPress Visual Composer Website Builder plugin versions = 45.0 Solution Update the WordPress Visual Composer Website Builder plugin to the latest available version at least 45.0.1...

6.4CVSS2.7AI score0.00489EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/08/23 12:0 a.m.29 views

WordPress Ping Optimizer plugin <= 2.35.1.2.3 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Ping Optimizer plugin versions = 2.35.1.3.0. Solution Update the WordPress WordPress Ping Optimizer plugin to the latest available version at least 2.35.1.3.0...

4.3CVSS4.2AI score0.00284EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/16 12:0 a.m.29 views

WordPress Affiliates Manager Plugin <= 2.9.13 - Authenticated Cross-Site Scripting vulnerability

Authenticated Cross-Site Scripting vulnerability discovered by WPScan in Affiliates Managers versions = 2.9.13 Solution Update the WordPress Affiliates Manager plugin to the latest available version at least 2.9.14...

4.8CVSS3.1AI score0.00538EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/15 12:0 a.m.29 views

WordPress Visual Portfolio Plugin <= 2.18.0 - Authenticated CSS Injection vulnerability

Authenticated CSS Injection vulnerability discovered by Krzysztof Zając in Visual Portfolio plugin versions = 2.18.0 Solution Update the WordPress Visual Portfolio, Photo Gallery & Post Grid plugin to the latest available version at least 2.19.0...

5.4CVSS3.4AI score0.00416EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/12 12:0 a.m.29 views

WordPress THE Leads Management System: 59sec LITE plugin <= 3.4.1 - Unauthenticated plugin settings change vulnerability

Unauthenticated plugin settings change vulnerability discovered by ptsfence Patchstack Alliance in WordPress THE Leads Management System: 59sec LITE plugin versions = 3.4.1. Solution Deactivate and delete. This plugin has been closed as of August 12, 2022 and is not available for download. This...

6.5CVSS2.2AI score0.00547EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/02 12:0 a.m.29 views

WordPress Download Manager plugin <= 3.2.48 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities leading to stats and cache deletion were discovered by Vlad Vector Patchstack in the WordPress Download Manager plugin versions = 3.2.48. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.49...

8.8CVSS3.6AI score0.00289EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/02 12:0 a.m.29 views

WordPress ActiveDEMAND plugin <= 0.2.27 - Broken Authentication vulnerability

Broken Authentication vulnerability leading to unauthenticated post update/create/delete discovered by Tien Nguyen Anh Patchstack Alliance in WordPress ActiveDEMAND plugin versions = 0.2.27. Solution Update the WordPress ActiveDEMAND plugin to the latest available version at least 0.2.28...

6.5CVSS4.2AI score0.00569EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/01 12:0 a.m.30 views

WordPress Auto-hyperlink URLs plugin <= 5.4.1 - Tab Nabbing vulnerability

Tab Nabbing vulnerability discovered by Daniel Ruf in WordPress Auto-hyperlink URLs plugin versions = 5.4.1. Solution Deactivate and delete. This plugin has been closed as of July 18, 2022 and is not available for download. This closure is temporary, pending a full review...

5.4CVSS3.2AI score0.00504EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/07/25 12:0 a.m.29 views

WordPress Tabs plugin <= 3.6.0 - Authenticated WordPress Options Change vulnerability

Authenticated WordPress Options Change vulnerability discovered by m0ze Patchstack in WordPress Tabs plugin versions = 3.6.0. Solution Update the WordPress Tabs plugin to the latest available version at least 3.7.0...

7.2CVSS2.8AI score0.00976EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/07/20 12:0 a.m.29 views

WordPress Team plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Team plugin versions = 1.2.6. Solution Deactivate and delete. This plugin has been closed as of May 3, 2022 and is not available for download. Reason:...

5.4CVSS3.4AI score0.00457EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/07/07 12:0 a.m.29 views

WordPress Simple Membership plugin <= 4.1.2 - Unauthenticated Membership Privilege Escalation vulnerability

Unauthenticated Membership Privilege Escalation vulnerability discovered by Jet Infosystems in WordPress Simple Membership plugin versions = 4.1.2. Solution Update the WordPress Simple Membership plugin to the latest available version at least 4.1.3...

9.8CVSS3.2AI score0.01104EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/28 12:0 a.m.29 views

WordPress WP Maintenance plugin <= 6.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack in WordPress WP Maintenance plugin versions = 6.0.7 Solution Update the WordPress WP Maintenance plugin to the latest available version at least 6.0.8...

4.8CVSS2.4AI score0.00612EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/06/20 12:0 a.m.29 views

WordPress WP Event Manager plugin <= 3.1.27 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Utkarsh Agrawal in WordPress WP Event Manager plugin versions = 3.1.27. Solution Update the WordPress WP Event Manager plugin to the latest available version at least 3.1.28...

6.1CVSS1.7AI score0.00712EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/15 12:0 a.m.29 views

WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change

Cross-Site Request Forgery CSRF leading to Plugin Settings Change discovered by Rasi Afeef Patchstack Alliance in WordPress Photo Gallery by Supsystic plugin versions = 1.15.5. Solution Update the WordPress Photo Gallery by Supsystic plugin to the latest available version at least 1.15.6...

5.4CVSS3.1AI score0.00366EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2022/06/02 12:0 a.m.29 views

WordPress Ultimate Member plugin <= 2.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ruijie Li in WordPress Ultimate Member plugin versions = 2.3.2. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.4.0...

6.4CVSS2.5AI score0.00872EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/06/01 12:0 a.m.29 views

WordPress WPMK Ajax Finder plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) via CSRF vulnerability

Stored Cross-Site Scripting XSS via CSRF vulnerability discovered by Tsubasa Imaizumi Cryptography Laboratory in Tokyo Denki University in WordPress WPMK Ajax Finder plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for...

8.8CVSS2.1AI score0.00785EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.29 views

WordPress JupiterX premium plugin <= 2.0.7 - Authenticated Privilege Escalation and Post deletion vulnerability

Authenticated Privilege Escalation and Post deletion vulnerability discovered by Ramuel Gall Wordfence in WordPress JupiterX premium plugin versions = 2.0.7. Solution Update the WordPress JupiterX premium plugin to the latest available version at least 2.0.8...

9CVSS3.5AI score0.01498EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/05/16 12:0 a.m.29 views

WordPress Hover Effects plugin <= 2.1 - Authenticated Local File Inclusion (LFI) vulnerability

Authenticated Local File Inclusion LFI vulnerability discovered by 0xB9 Patchstack Alliance in WordPress Hover Effects plugin versions = 2.1. Solution Update the WordPress Hover Effects plugin to the latest available version at least 2.1.1...

7.2CVSS2.8AI score0.00979EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/05/12 12:0 a.m.29 views

WordPress CP Image Store with Slideshow plugin <= 1.0.67 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer Fraunhofer IESE, Germany and Shi Chen University of Kaiserslautern, Germany in the WordPress CP Image Store with Slideshow plugin versions = 1.0.67. Solution Update the WordPress CP Image Store with Slideshow plugin...

9.8CVSS3.4AI score0.1036EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/10 12:0 a.m.29 views

WordPress Slideshow plugin <= 2.3.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Slideshow plugin versions = 2.3.1. Solution Deactivate and delete. This plugin has been closed as of April 11, 2022 and is not available for download. This closure is temporary, pending a full review...

4.8CVSS2.5AI score0.00565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/06 12:0 a.m.29 views

WordPress wpDataTables plugin <= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities discovered by Ex.Mi Patchstack in WordPress wpDataTables plugin versions = 2.1.27. Solution Update the WordPress wpDataTables plugin to the latest available version at least 2.1.28...

4.8CVSS2.2AI score0.00489EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/05/04 12:0 a.m.29 views

WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguy Minh Tuan Patchstack Alliance in WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...

4.8CVSS2.5AI score0.00489EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/28 12:0 a.m.29 views

WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closu...

6.1CVSS1.2AI score0.00366EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/20 12:0 a.m.29 views

WordPress AGIL plugin <= 1.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Chuang LI in WordPress AGIL plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of March 31, 2022 and is not available for download. This closure is temporary, pending a full review...

7.2CVSS3.8AI score0.01436EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/04/19 12:0 a.m.29 views

WordPress Custom TinyMCE Shortcode Button plugin <= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Custom TinyMCE Shortcode Button plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of April 4, 2022 and is not available for download. This closure is temporary, pending a full revi...

6.1CVSS2.2AI score0.00757EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/04/12 12:0 a.m.29 views

WordPress Order Listener for WooCommerce plugin <= 3.2.1 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Order Listener for WooCommerce plugin versions = 3.2.1. Solution Update the WordPress Order Listener for WooCommerce plugin to the latest available version at least 3.2.2...

9.8CVSS3.4AI score0.09792EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/11 12:0 a.m.29 views

WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Template Import

Cross-Site Request Forgery CSRF vulnerability leading to Template Import discovered by Ex.Mi Patchstack in WordPress Yoo Slider plugin versions = 2.0.0. Solution Update the WordPress Yoo Slider plugin to the latest available version at least 2.1.0...

4.3CVSS2.8AI score0.00407EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/03/31 12:0 a.m.29 views

WordPress ThirstyAffiliates Affiliate Link Manager plugin <= 3.10.4 - Arbitrary Affiliate Links Creation vulnerability

Arbitrary Affiliate Links Creation vulnerability discovered by Krzysztof Zając in WordPress ThirstyAffiliates Affiliate Link Manager plugin versions = 3.10.4. Solution Update the WordPress ThirstyAffiliates Affiliate Link Manager plugin to the latest available version at least 3.10.5...

5.4CVSS3.7AI score0.00303EPSS
Exploits2References3Affected Software1
Total number of security vulnerabilities5000