Lucene search
K
PatchstackMost viewed

46606 matches found

Patchstack
Patchstack
•added 2022/02/17 12:0 a.m.•27 views

WordPress Sync QCloud COS plugin <= 2.0.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Sync QCloud COS plugin versions = 2.0.0. Solution Update the WordPress Sync QCloud COS plugin to the latest available version at least 2.0.1...

4.8CVSS1.7AI score0.00588EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/02/14 12:0 a.m.•27 views

WordPress File Upload plugin <= 4.16.2 - Contributor+ Stored Cross-Site Scripting (XSS) via Shortcode vulnerability

Contributor+ Stored Cross-Site Scripting XSS via Shortcode vulnerability discovered by apple502j in WordPress File Upload plugin versions = 4.16.2. Solution Update the WordPress File Upload plugin to the latest available version at least 4.16.3...

5.4CVSS2.9AI score0.0077EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/31 12:0 a.m.•27 views

WordPress Essential Addons for Elementor plugin <= 5.0.4 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability discovered by Wai Yan Myo Thet in WordPress Essential Addons for Elementor plugin versions = 5.0.4. Solution Update the WordPress Essential Addons for Elementor plugin to the latest available version at least 5.0.5...

9.8CVSS3.1AI score0.01989EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2022/01/31 12:0 a.m.•27 views

WordPress TI WooCommerce Wishlist premium plugin <= 1.40.0 - Unauthenticated Blind SQL Injection (SQLi) vulnerability

Unauthenticated Blind SQL Injection SQLi vulnerability discovered by Krzysztof ZajÄ…c in WordPress TI WooCommerce Wishlist premium plugin versions = 1.40.0. Solution Update the WordPress TI WooCommerce Wishlist premium plugin to the latest available version at least 1.40.1...

9.8CVSS2.6AI score0.7458EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/28 12:0 a.m.•27 views

WordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Server Information Exposure vulnerability

Server Information Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Perfect Brands for WooCommerce plugin versions = 2.0.4. Solution Update the WordPress Perfect Brands for WooCommerce plugin to the latest available version at least 2.0.5...

7.5CVSS3AI score0.0119EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/01/26 12:0 a.m.•27 views

WordPress WP Responsive Menu plugin <= 3.1.7 - Subscriber+ Settings Update to Stored Cross-Site (XSS)

Subscriber+ Settings Update to Stored Cross-Site XSS discovered by Krzysztof ZajÄ…c in WordPress WP Responsive Menu plugin versions = 3.1.7. Solution Update the WordPress WP Responsive Menu plugin to the latest available version at least 3.1.7.1...

5.4CVSS2.3AI score0.00591EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/25 12:0 a.m.•27 views

WordPress Simple Membership plugin <= 4.0.8 - Arbitrary Member Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Member Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof ZajÄ…c in WordPress Simple Membership plugin versions = 4.0.8. Solution Update the WordPress Simple Membership plugin to the latest available version at least 4.0.9...

4.7CVSS3.7AI score0.00464EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/24 12:0 a.m.•27 views

WordPress Coming soon and Maintenance mode plugin <= 3.6.7 - Arbitrary Email Sending to Subscribed Users via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Email Sending to Subscribed Users via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof ZajÄ…c in WordPress Coming soon and Maintenance mode plugin versions = 3.6.7. Solution Update the WordPress Coming soon and Maintenance mode plugin to the latest available version ...

4.3CVSS3.9AI score0.00464EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/24 12:0 a.m.•27 views

WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media)

Cross-Site Request Forgery CSRF vulnerability leading to Data Reset Posts / Pages / Media discovered by Ex.Mi Patchstack in WordPress Access Demo Importer plugin versions = 1.0.7. Solution Update the WordPress Access Demo Importer plugin to the latest available version at least 1.0.8...

8.1CVSS4.4AI score0.00467EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/01/18 12:0 a.m.•27 views

WordPress GiveWP plugin <= 2.17.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS via Donation Forms Dashboard vulnerability discovered by JrXnm in WordPress GiveWP plugin versions = 2.17.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.17.3...

6.1CVSS2.4AI score0.00853EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/17 12:0 a.m.•27 views

WordPress PPOM for WooCommerce plugin <= 23.9 - Settings Update vulnerability leading to Stored Cross-Site Scripting (XSS)

Settings Update vulnerability leading to Stored Cross-Site Scripting XSS discovered by Krzysztof ZajÄ…c in WordPress PPOM for WooCommerce plugin versions = 23.9. Solution Update the WordPress PPOM for WooCommerce plugin to the latest available version at least 24.0...

5.4CVSS2AI score0.00516EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/17 12:0 a.m.•27 views

WordPress Permalink Manager Pro premium plugin <= 2.2.14 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Permalink Manager Pro premium plugin versions = 2.2.14. Solution Update the WordPress Permalink Manager Pro premium plugin to the latest available version at least 2.2.15...

6.1CVSS2.4AI score0.03368EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/12 12:0 a.m.•27 views

WordPress Ad Invalid Click Protector (AICP) plugin <= 1.2.5.2 - SQL injection (SQLi) vulnerability

SQL injection SQLi vulnerability discovered by Krzysztof ZajÄ…c in WordPress Ad Invalid Click Protector AICP plugin versions = 1.2.5.2. Solution Update the WordPress Ad Invalid Click Protector AICP plugin to the latest available version at least 1.2.6...

8.8CVSS3.4AI score0.01272EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/12/08 12:0 a.m.•27 views

WordPress WP-DownloadManager plugin <= 1.68.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien in WordPress WP-DownloadManager plugin versions = 1.68.6. Solution Update the WordPress WP-DownloadManager plugin to the latest available version at least 1.68.7...

5.4CVSS2.2AI score0.00523EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/11/29 12:0 a.m.•27 views

WordPress WP Mail Logging plugin <= 1.9.9 - Using Components with Known Vulnerabilities (vulnerable Redux Framework version)

Using Components with Known Vulnerabilities vulnerable Redux Framework version - CVE-2021-38312, CVE-2021-38314 discovered by Rotem Reiss in WordPress WP Mail Logging plugin versions = 1.9.9. Solution Update the WordPress WP Mail Logging plugin to the latest available version at least 1.10.0...

7.1CVSS2.9AI score0.28961EPSS
Exploits7References3Affected Software1
Patchstack
Patchstack
•added 2021/11/12 12:0 a.m.•27 views

WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Ex.Mi Patchstack in WordPress Contact Form 7 Database Addon – CFDB7 plugin versions = 1.2.5.9. Solution Update the WordPress Contact Form 7 Database Addon – CFDB7 plugin to the latest available version at least 1.2.6.1...

8.8CVSS3.6AI score0.00543EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/11/09 12:0 a.m.•27 views

WordPress LearnPress plugin <= 4.1.3.2 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by JrXnm in WordPress LearnPress plugin versions = 4.1.3.2. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.4...

9.8CVSS2.7AI score0.01575EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/10/13 12:0 a.m.•27 views

WordPress Formidable Forms plugin <= 5.0.06 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Formidable Forms plugin versions = 5.0.06. Solution Update the WordPress Formidable Forms plugin to the latest available version at least 5.0.07...

1.8AI score
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/08/30 12:0 a.m.•27 views

WordPress ZoomSounds premium plugin <= 6.45 - Unauthenticated Directory Traversal vulnerability

Unauthenticated Directory Traversal vulnerability discovered by DigitalJessica Ltd in WordPress ZoomSounds premium plugin versions = 6.45. Solution Update the WordPress ZoomSounds premium plugin to the latest available version at least 6.50...

7.5CVSS2.9AI score0.66543EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
•added 2021/08/28 12:0 a.m.•27 views

WordPress Duplicate Page plugin <= 4.4.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Nikhil Kapoor EsecForte in WordPress Duplicate Page plugin versions = 4.4.2. Solution Update the WordPress Duplicate Page plugin to the latest available version at least 4.4.3...

4.8CVSS1.7AI score0.0087EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/07/27 12:0 a.m.•27 views

WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability

Modify User Roles via Cross-Site Request Forgery CSRF vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

6.5CVSS4.1AI score0.00428EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
•added 2021/07/23 12:0 a.m.•27 views

WordPress AceIDE plugin <= 2.6.2 - Authenticated Local File Inclusion vulnerability

Authenticated Local File Inclusion vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress AceIDE plugin versions = 2.6.2. Solution This plugin has been closed as of June 1, 2021 and is not available for download. Reason: Security Issue...

4.9CVSS3.4AI score0.0157EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/07/18 12:0 a.m.•27 views

WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack Red Team in WordPress iQ Block Country plugin versions = 1.2.11. Vulnerable parameter: &blockcountryblockmessage. Solution Update the WordPress iQ Block Country plugin to the latest available versi...

5.5CVSS2.3AI score0.01193EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/07/12 12:0 a.m.•27 views

WordPress Remove Footer Credit plugin <= 1.0.5 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by apple502j in WordPress Remove Footer Credit plugin versions = 1.0.5. Solution Update the WordPress Remove Footer Credit plugin to the latest available version at least 1.0.6...

6CVSS2.6AI score0.00324EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/07/04 12:0 a.m.•27 views

WordPress Popular Posts plugin <= 5.3.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack in WordPress Popular Posts plugin versions = 5.3.3. Solution Update the WordPress Popular Posts plugin to the latest available version at least 5.3.4...

5.5CVSS2.1AI score0.00566EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/06/28 12:0 a.m.•27 views

WordPress ProfilePress plugin 3.0 – 3.1.3 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Chloe Chamberland WordFence in WordPress ProfilePress plugin versions 3.0 – 3.1.3. 06.29.2021 - WordFence updated the vulnerable version to 3.0 - 3.1.3. Solution Update the WordPress ProfilePress plugin to the latest version at leas...

9.8CVSS2.7AI score0.68862EPSS
Exploits8References3Affected Software1
Patchstack
Patchstack
•added 2021/06/21 12:0 a.m.•27 views

WordPress Salon booking system plugin <= 6.3 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Phu Tran in WordPress Salon booking system plugin versions = 6.3 Solution Update the WordPress Salon booking system plugin to the latest available version at least 6.3.1...

6.1CVSS2.1AI score0.01242EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/06/21 12:0 a.m.•27 views

WordPress Export Users With Meta plugin <= 0.6.4 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Asif Nawaz Minhas in WordPress Export Users With Meta plugin versions = 0.6.4. Solution Update the WordPress Export Users With Meta plugin to the latest available version at least 0.6.5...

7.2CVSS3.1AI score0.01416EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/03/27 12:0 a.m.•27 views

WordPress N5 Upload Form plugin <= 1.0 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Jin Huang in WordPress N5 Upload Form plugin versions = 1.0. Solution Plugin closed. Deactivate and delete...

9.8CVSS4.2AI score0.02207EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2020/09/22 12:0 a.m.•27 views

WordPress Backup, Restore and Migrate plugin 4.2.1 – 4.2.12 - Unprotected AJAX Action to Arbitrary File Overwrite and Sensitive Information Disclosure vulnerability

Unprotected AJAX Action to Arbitrary File Overwrite and Sensitive Information Disclosure vulnerability discovered by Chloe Chamberland WordFence in WordPress Backup, Restore and Migrate plugin versions 4.2.1 – 4.2.12. Solution Update the WordPress Backup, Restore and Migrate plugin to the latest...

9.9CVSS3AI score0.24937EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
•added 2020/05/11 12:0 a.m.•27 views

WordPress Page Builder by SiteOrigin plugin <= 2.10.15 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Reflected Cross-Site Scripting XSS discovered by WordFence in WordPress Page Builder by SiteOrigin plugin versions = 2.10.15. Solution Update the WordPress Page Builder by SiteOrigin plugin to the latest available version at least 2.10.16...

8.8CVSS2.4AI score0.00809EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2020/04/27 12:0 a.m.•27 views

WordPress Real-Time Find and Replace plugin <= 3.9 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by WordFence in WordPress Real-Time Find and Replace plugin versions = 3.9. Solution Update the WordPress Real-Time Find and Replace plugin to the latest available version at least 4.0.2...

8.8CVSS1.9AI score0.00809EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2020/04/04 12:0 a.m.•27 views

WordPress Chop Slider 3 plugin <= 3.4 - Blind SQL injection (SQLi) vulnerability

Blind SQL injection SQLi vulnerability found by Callum Murphy in WordPress Chop Slider 3 plugin versions = 3.4. Solution 2021-01-12 - we were unable to find a patched version of this plugin...

9.8CVSS2.9AI score0.95657EPSS
Exploits8References3Affected Software1
Patchstack
Patchstack
•added 2020/04/02 12:0 a.m.•27 views

WordPress Contact Form 7 Datepicker plugin <= 2.6.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress Contact Form 7 Datepicker plugin versions = 2.6.0. Solution This plugin has been closed as of April 1, 2020 and is not available for download. Reason: Security Issue...

5.4CVSS3AI score0.00712EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2020/02/22 12:0 a.m.•27 views

WordPress CardGate Payments for WooCommerce plugin <= 3.1.15 - Payment Process Bypass vulnerability

Payment Process Bypass vulnerability discovered by GeekHack in WordPress CardGate Payments for WooCommerce plugin versions = 3.1.15. Solution Update the WordPress CardGate Payments for WooCommerce plugin to the latest available version at least 3.1.16...

8.1CVSS3.1AI score0.04541EPSS
Exploits6References3Affected Software1
Patchstack
Patchstack
•added 2019/10/31 12:0 a.m.•27 views

WordPress YITH WooCommerce Request A Quote plugin <=1.4.8 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Request A Quote plugin versions =1.4.8. Solution Update the WordPress YITH WooCommerce Request A Quote plugin to the latest available version at least 1.4.9...

4.3CVSS3.6AI score0.00948EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/01/25 12:0 a.m.•27 views

WordPress Wise Chat plugin <= 2.6.3 - Reverse Tabnabbing vulnerability

Reverse Tabnabbing vulnerability found by MTK in WordPress Wise Chat plugin versions = 2.6.3. Solution Update the WordPress Wise Chat plugin to the latest available version at least 2.7...

6.1CVSS2.8AI score0.04924EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
•added 2018/11/15 12:0 a.m.•27 views

WordPress Ninja Forms plugin <= 3.3.17 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found in WordPress Ninja Forms plugin versions = 3.3.17. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.3.18...

6.1CVSS2.2AI score0.08903EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
•added 2018/04/18 12:0 a.m.•27 views

WordPress Caldera Forms plugin <=1.5.9.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Federico Scalco in WordPress Caldera Forms versions =1.5.9.1. Solution Update the WordPress Caldera Forms plugin to the latest available version at least 1.6.0...

4.8CVSS1.7AI score0.04578EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
•added 2018/02/22 12:0 a.m.•27 views

WordPress Ninja Forms plugin <=3.2.13 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Kasper Karlsson in WordPress Ninja Forms plugin versions = 3.2.13. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.2.14...

6.1CVSS1.7AI score0.00775EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2016/06/23 12:0 a.m.•27 views

WordPress <= 4.5.2 - Session Hijacking

This vulnerability allows an attacker to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. Solution Update WordPress...

7.5CVSS2.3AI score0.03651EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/08/04 12:0 a.m.•27 views

WordPress <= 4.2.3 - CSRF

This vulnerability is in wp-admin/post.php. It allows an attacker to hijack the authentication of administrators for requests which lock a post. And then an attacker consequently cause a denial of service via a get-post-lock action. Solution Update the plugin...

6.8CVSS5.4AI score0.03854EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/05/21 12:0 a.m.•27 views

WordPress WP Membership Plugin 1.2.3 - Multiple Vulnerabilities

There are multiple vulnerabilities in this WordPress Membership plugin. 1. Privilege escalation. Because of this vulnerability, an attacker can take administrative role to the infected website via "ivmembershipupdateusersettings" AJAX action. 2. Stored XSS allows an attacker to login as regular...

6.5CVSS4AI score0.08311EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2015/03/05 12:0 a.m.•27 views

WordPress Audio Player Plugin <= 2.0 - Multiple XSS

Because of these vulnerabilities in the wpajaxsaveitem function, the attackers can inject arbitrary web script or HTML via the "itemname" or "itemcustomcss" parameters in a wonderpluginaudiosaveitem action to wp-admin/admin-ajax.php. Solution Upgrade the plugin...

4.3CVSS3.1AI score0.04186EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/02/24 12:0 a.m.•27 views

WordPress WooCommerce Plugin <= 2.2.10 - XSS

Because of this vulnerability, an attacker can inject arbitrary web script or HTML via the QUERYSTRING in the wc-reports page to wp-admin/admin.php. Solution Update to version 2.2.11...

4.3CVSS2.8AI score0.02041EPSS
Exploits1Affected Software1
Patchstack
Patchstack
•added 2015/02/24 12:0 a.m.•27 views

WordPress Apptha Video Gallery Plugin <= 2.7 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "vid" parameter in a rss action to wp-admin/admin-ajax.php. Solution Update the plugin...

7.5CVSS6.4AI score0.4107EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
•added 2015/02/20 12:0 a.m.•27 views

WordPress Acobot Live Chat & Contact Form Plugin <= 2.0 - Multiple CSRF

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that change plugin settings or conduct cross-site scripting attacks. Solution Upgrade the plugin...

6.8CVSS3.1AI score0.01196EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/02/12 12:0 a.m.•27 views

WordPress Video Gallery Plugin 2.7.0 - SQL Injection

This WordPress Video Gallery plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

7.5CVSS3.8AI score0.05173EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/10/20 12:0 a.m.•27 views

WordPress DBManager Plugin <= 2.7.1 - Multiple Vulnerabilities

There are multiple vulnerabilities in this plugin, that allow remote authenticated users to execute arbitrary commands via shell metacharacters in the $backup'filepath' or $backup'mysqldumppath' variable. Solution Update the plugin...

6.5CVSS6.8AI score0.03471EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2014/10/13 12:0 a.m.•27 views

WordPress Ad Manager Plugin <=1.1.2 - Open Redirect

This vulnerability is in the track-click.php. It allows the attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the "out" parameter. Solution Update the plugin...

5.8CVSS5.2AI score0.02256EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000