Lucene search
K
PatchstackMost viewed

46606 matches found

Patchstack
Patchstack
added 2021/05/10 12:0 a.m.28 views

WordPress LMS by LifterLMS plugin <= 4.21.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Amirmuhammad Vakili in WordPress LMS by LifterLMS plugin versions = 4.21.0. Solution Update the WordPress LMS by LifterLMS plugin to the latest available version at least 4.21.1...

5.4CVSS2.3AI score0.03249EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2021/04/23 12:0 a.m.28 views

WordPress Select All Categories and Taxonomies, Change Checkbox to Radio Buttons plugin <= 1.3.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Select All Categories and Taxonomies, Change Checkbox to Radio Buttons plugin versions = 1.3.1. Solution Update the WordPress Select All Categories and Taxonomies, Change Checkbox to Radio Buttons plugin to the lates...

6.1CVSS2.6AI score0.10358EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2021/04/21 12:0 a.m.28 views

WordPress Modern WPBakery Page Builder Addons premium plugin <= 3.0.1 - Arbitrary File Upload/Deletion vulnerabilities

Arbitrary File Upload/Deletion vulnerabilities discovered by Robin Goodfellow in WordPress Modern WPBakery Page Builder Addons premium plugin versions = 3.0.1. Solution Plugin removed from Envato repository. Deactivate and delete...

9.8CVSS4AI score0.4214EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2021/04/05 12:0 a.m.28 views

WordPress Tutor LMS plugin <= 1.8.7 - Authenticated Local File Inclusion vulnerability

Authenticated Local File Inclusion vulnerability discovered by sasa in WordPress Tutor LMS plugin versions = 1.8.7 Solution Update the WordPress Tutor LMS plugin to the latest available version at least 1.8.8...

5.5CVSS2.3AI score0.00778EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2020/05/29 12:0 a.m.28 views

WordPress bbPress plugin <= 2.6.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Raphael Karger in WordPress bbPress plugin versions = 2.6.4. Solution Update the WordPress bbPress plugin to the latest available version at least 2.6.5...

9.8CVSS3.8AI score0.43879EPSS
Exploits7References3Affected Software1
Patchstack
Patchstack
added 2019/07/16 12:0 a.m.28 views

WordPress Appointment Hour Booking plugin <= 1.1.45 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by ivoschyk-cs in WordPress Appointment Hour Booking plugin versions = 1.1.45. Solution Update the WordPress Appointment Hour Booking plugin to the latest available version at least 1.1.46...

6.1CVSS1.1AI score0.01376EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2019/07/10 12:0 a.m.28 views

WordPress HTML5 Maps plugin <= 1.6.5.6 - Cross-Site Request Forgery CSRF and Cross-Site Scripting (XSS) vulnerabilities

Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS vulnerabilities found by Cryptography Laboratory in WordPress HTML5 Maps plugin versions = 1.6.5.6. Solution Update the WordPress HTML5 Maps plugin to the latest available version at least 1.6.5.7...

8.8CVSS2.2AI score0.01008EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/07/02 12:0 a.m.28 views

WordPress 360 Product Rotation plugin <= 1.4.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by ImplosionSec in WordPress 360 Product Rotation plugin versions = 1.4.7. Solution Update the WordPress 360 Product Rotation plugin to the latest available version at least 1.4.8...

2.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/12/20 12:0 a.m.28 views

WordPress Captcha plugin <=4.4.4 - Backdoored

Backdoor found by WordFence team in WordPress Captcha plugin versions 4.3.6–4.4.4. Solution WordPress plugin repository team patched the plugin, but you need to decide on your own to use this plugin further or not...

2.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2017/12/01 12:0 a.m.28 views

WordPress <=4.9 - Authenticated JavaScript File Upload vulnerability

Authenticated JavaScript File Upload vulnerability found in WordPress versions =4.9 Solution Update the WordPress to the latest available version at least 4.9.1...

2.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/05/17 12:0 a.m.28 views

WordPress <=4.7.4 - Insufficient Redirect Validation vulnerability

All WordPress versions from 2.7 to 4.7.4 suffers from insufficient redirect validation in the HTTP class that leads to SSRF Server Side Request Forgery. Solution Update WordPress core to the latest possible version at least 4.7.5...

8.6CVSS2.5AI score0.03668EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/10/02 12:0 a.m.28 views

WordPress Pie Register Plugin <= 2.0.18 - Multiple SQL Injection

An SQL Injection exsist in pie-register/pie-register.php. It allows the administrators to execute arbitrary SQL commands via the 1. selectinvitaioncodebulkoption or 2. invidelid parameter in the pie-invitation-codes page to wp-admin/admin.php. Solution Update the plugin...

6.5CVSS6.5AI score0.01383EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2015/09/22 12:0 a.m.28 views

WordPress Appointment Booking Calendar Plugin <= 1.1.7 - SQL Injection

This vulnerability allows an attacker to execute arbitrary SQL commands via unspecified vectors that are related to updating the username. Solution Update the plugin...

7.5CVSS6.9AI score0.02433EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/08/18 12:0 a.m.28 views

WordPress Symposium Plugin 15.1 - SQL Injection #2

WP Symposium plugin's "size" parameter is prone to an SQL injection via getalbumitem.php. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Related records:...

7.5CVSS2.4AI score0.74127EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2015/08/14 12:0 a.m.28 views

WordPress Google Analyticator <= 6.4.9.5 - Multiple XSS

These vulnerabilities allow an attacker to inject arbitrary web script or HTML via the 1. gadownloadsprefix 2. gadownloads 3. gaadsense 4. gaadmindisableDimentionIndex 5. gaoutboundprefix parameter in the google-analyticator page to wp-admin/admin.php. Solution Update the plugin...

4.3CVSS2.3AI score0.02671EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2015/07/10 12:0 a.m.28 views

WordPress Modern Tribe Eventbrite Tickets Plugin <= 3.10.1 - XSS

This vulnerability is in the Event Import page. It allows an attacker to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php. Solution Update the plugin...

4.3CVSS2AI score0.02067EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2015/05/28 12:0 a.m.28 views

WordPress ReFlex Gallery Plugin <= 3.1.3 - Unrestricted File Upload

This vulnerability is in admin/scripts/FileUploader/php.php. It allows an attacker to execute arbitrary PHP code by uploading a file with a PHP extension. And then an attacker can access it via a direct request to the file in uploads/ directory. Solution Update the plugin...

7.5CVSS5.1AI score0.61607EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2015/04/27 12:0 a.m.28 views

WordPress Genericons Plugin <= 4.2.1 - XSS

This vulnerability is in example.html and allows an attacker to inject arbitrary web script or HTML via a fragment identifier. Solution Update the plugin...

4.3CVSS2.3AI score0.03803EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2015/03/27 12:0 a.m.28 views

WordPress AB Google Map Travel Plugin <= 3.9 - Multiple CSRF

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross site scripting attacks via the "lat", "long", "zoom", "mapheight" or "mapwidth" parameters in the abmapoptions page to wp-admin/admin.php. Solution Update the plugin...

6.8CVSS3.3AI score0.03859EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2015/02/13 12:0 a.m.28 views

WordPress Web Dorado Spider Event Calendar Plugin 1.4.9 - SQL Injection

This Web Dorado Spider Event Calendar plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

7.5CVSS2.8AI score0.11182EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/12/09 12:0 a.m.28 views

WordPress Symposium Plugin 14.10 - SQL Injection

This WordPress Symposium plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update to version 14.11...

6.5CVSS5.4AI score0.03721EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
added 2014/09/25 12:0 a.m.28 views

WordPress WP Google Maps Plugin <= 6.0.26 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "polyid" parameter. Solution Update the plugin...

4.3CVSS2.8AI score0.02461EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2014/08/13 12:0 a.m.28 views

WordPress <= 3.9.1 - Unsafe Serialization

wp-includes/class-wp-customize-widgets.php in the widget implementation in allow the attackers to execute arbitrary code via crafted serialized data. Solution Update WordPress...

7.5CVSS7.3AI score0.03892EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/07/24 12:0 a.m.28 views

WordPress Video Gallery Plugin 2.5 - Multiple Vulnerabilities

Video Gallery plugin is prone to multiple vulnerabilities, such as SQL injection and XSS vulnerabilities. Solution Upgrade the plugin...

7.5CVSS2.5AI score0.05173EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2014/05/27 12:0 a.m.28 views

WordPress Login Rebuilder Plugin <= 1.1.9 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of arbitrary users. Solution Update the plugin...

6.8CVSS4.2AI score0.01076EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/10/23 12:0 a.m.28 views

WordPress Landing Pages Plugin <=1.2.3 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "post" parameter to index.php. Solution Update the plugin...

7.5CVSS6.4AI score0.02486EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/09/09 12:0 a.m.28 views

WordPress VideoWhisper Live Streaming Integration Plugin <= 4.25.3 - Multiple XSS

Because of these multiple vulnerabilities in ls/htmlchat.php, the attackers can inject arbitrary web script or HTML via the "name" or "message" parameter. Solution Update the plugin...

4.3CVSS4.3AI score0.02044EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/03/11 12:0 a.m.28 views

WordPress PodPress Plugin - Cross Site Scripting

WordPress PodPress plugin's "playerID" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

6.1CVSS2.9AI score0.02745EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/01/24 12:0 a.m.28 views

WordPress YouSayToo Auto-Publishing Plugin 1.0 - Cross Site Scripting

WordPress YouSayToo Auto-Publishing plugin's "submit" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacke...

4.3CVSS2.6AI score0.07711EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/01/18 12:0 a.m.28 views

WordPress <= 3.3.1 - Multiple XSS

Because of these vulnerabilities in wp-admin/setup-config.php, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...

4.3CVSS1.6AI score0.03751EPSS
Exploits7References1Affected Software1
Patchstack
Patchstack
added 2011/09/24 12:0 a.m.28 views

WordPress Hybrid Theme 0.9 - Cross-Site Scripting

WordPress Hybrid theme's "cpage" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

4.3CVSS2.5AI score0.01521EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2009/04/28 12:0 a.m.28 views

WordPress <= 2.6.9 - Denial Of Service Attacks

Because of this vulnerability in the wp-admin/upgrade.php, the attackers can upgrade the application, and possibly cause a denial of service attacks. Solution Update WordPress...

10CVSS5AI score0.04584EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/11/27 12:0 a.m.27 views

WordPress Restaurant & Cafe Addon for Elementor Plugin <= 1.5.9 is vulnerable to Broken Access Control

Software Restaurant & Cafe Addon for Elementor Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.6.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10780 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

7AI score0.00377EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/26 12:0 a.m.27 views

WordPress NiceJob Plugin <= 3.7.1 is vulnerable to Cross Site Scripting (XSS)

Software NiceJob Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10887 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e99b9ef723fc Credits Peter Thaleikis Required...

6.4CVSS5.8AI score0.00447EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/26 12:0 a.m.27 views

WordPress Attesa Extra Plugin <= 1.4.2 is vulnerable to Broken Access Control

Software Attesa Extra Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10688 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5de7d31066fa Credits Francesco...

4.3CVSS6.6AI score0.00294EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.27 views

WordPress Airin Blog Theme <= 1.6.1 is vulnerable to PHP Object Injection

Software Airin Blog Type Theme Vulnerable versions = 1.6.1 Fixed in 1.6.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52413 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5d3bd1ffdbab Credits Mika Required privilege Unauthenticated...

9.8CVSS9.6AI score0.0071EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.27 views

WordPress Order Notification for Telegram Plugin <= 1.0.1 is vulnerable to Broken Access Control

Software Order Notification for Telegram Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9686 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c9ae0bfdb3a8 Credits István Márton...

5.3CVSS6.5AI score0.00318EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.27 views

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.93 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.93 Fixed in 2.2.94 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50432 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cc84fa172af9 Credits João Pedro S Alcântar...

6.5CVSS6.8AI score0.00251EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.27 views

WordPress Time Clock Plugin <= 1.2.2 is vulnerable to Remote Code Execution (RCE)

Software Time Clock Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-9593 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID ba1ac64c553d Credits István Márton Required privilege...

8.3CVSS7.3AI score0.12491EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.27 views

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.121 is vulnerable to Remote Code Execution (RCE)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.121 Fixed in 1.5.122 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-49271 Patch priority High CVSS severity High 9.1 Developer Unlimited Elements PSID...

9.1CVSS7.3AI score0.01114EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.27 views

WordPress myCred Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Software myCred Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43353 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a2faf75ac250 Credits LVT-tholv2k Required privilege Contributor...

6.5CVSS6.6AI score0.00245EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/05 12:0 a.m.27 views

WordPress Email Subscribers & Newsletters Plugin <= 5.7.20 is vulnerable to SQL Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.20 Fixed in 5.7.21 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4295 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 50be2b9566fd Credits 1337Wannabe Required privilege...

9.8CVSS6.7AI score0.10161EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/04/09 12:0 a.m.27 views

WordPress Soledad Theme <= 8.4.5 is vulnerable to Broken Access Control

Software Soledad Type Theme Vulnerable versions = 8.4.5 Fixed in 8.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31368 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 82c791d66976 Credits Rafie Muhammad Patchstack Required...

6.5CVSS6.5AI score0.00437EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/02/13 12:0 a.m.27 views

WordPress MapPress Maps for WordPress Plugin < 2.88.15 is vulnerable to Cross Site Scripting (XSS)

Software MapPress Maps for WordPress Type Plugin Vulnerable versions 2.88.15 Fixed in 2.88.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0420 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 127ee0002ebf Credits Salvatore...

6.1CVSS5.8AI score0.00462EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/02/02 12:0 a.m.27 views

WordPress Calculated Fields Form Plugin <= 1.2.52 is vulnerable to Cross Site Scripting (XSS)

Software Calculated Fields Form Type Plugin Vulnerable versions = 1.2.52 Fixed in 1.2.53 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0963 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 51ba9c951440 Credits Richard Telleng...

6.4CVSS5.7AI score0.0048EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.27 views

WordPress Media Library Assistant Plugin <= 3.09 is vulnerable to Remote Code Execution (RCE)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.09 Fixed in 3.10 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4634 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a9f84b644a17 Credits Pepitoh Required privilege...

9.8CVSS7.5AI score0.82585EPSS
Exploits6References4Affected Software1
Patchstack
Patchstack
added 2023/08/10 12:0 a.m.27 views

WordPress EmbedPress Plugin <= 3.8.2 is vulnerable to Broken Access Control

Software EmbedPress Type Plugin Vulnerable versions = 3.8.2 Fixed in 3.8.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4282 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9300647917bb Credits Lana Codes Required privilege...

5.4CVSS6.6AI score0.00419EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/06/05 12:0 a.m.27 views

WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.4.2 is vulnerable to Arbitrary File Upload

Software Online Booking & Scheduling Calendar for WordPress by vcita Type Plugin Vulnerable versions = 4.4.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-2414 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 69648001908f Credit...

5.4CVSS6.8AI score0.00484EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/03/28 12:0 a.m.27 views

WordPress fitness-trainer Plugin < 1.4.1 is vulnerable to Privilege Escalation

Software fitness-trainer Type Plugin Vulnerable versions 1.4.1 Fixed in 1.4.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 4ffd920db47c Credits Omar Badran Required privilege...

8.8CVSS8.6AI score0.00905EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/11/09 12:0 a.m.27 views

WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to status change of translation job discovered by Dave Jong Patchstack in WordPress WPML Multilingual CMS premium plugin versions = 4.5.13. Solution Update the WordPress Multilingual CMS plugin to the latest available version at least 4.5.14...

4.3CVSS3.1AI score0.00261EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000