Lucene search
K
PatchstackMost viewed

46629 matches found

Patchstack
Patchstack
added 2023/10/13 12:0 a.m.26 views

WordPress RumbleTalk Live Group Chat Plugin <= 6.2.5 is vulnerable to Broken Access Control

Software RumbleTalk Live Group Chat Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45828 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 142311804af3 Credits Mika Require...

6.5AI score0.00783EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2023/08/22 12:0 a.m.26 views

WordPress JupiterX Core Plugin <= 3.3.5 is vulnerable to Arbitrary File Upload

Software JupiterX Core Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.8 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-38388 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 8bc7c34302b7 Credits Rafie Muhammad Patchstack Required privileg...

9.8CVSS6.8AI score0.01374EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/15 12:0 a.m.26 views

WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Pre-Orders Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32793 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 835a4691203f Credits Rafie Muhammad...

6.5CVSS5.7AI score0.00374EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2023/01/10 12:0 a.m.26 views

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4700 Patch priority Medium CVSS severity Medium 5.4 Developer WProyal PSID 423004fa0a2f Credits Ramuel Gall Required...

8.8CVSS6.8AI score0.00818EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/11/25 12:0 a.m.26 views

WordPress Community Events plugin <= 1.4.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep sk4rl1ghT in the WordPress Community Events plugin versions = 1.4.8. Solution Update the WordPress Community Events plugin to the latest available version at least 1.4.9...

1.6AI score0.00392EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/24 12:0 a.m.26 views

WordPress WP ULike plugin <= 4.6.4 - Race Condition vulnerability

Race Condition vulnerability leading to rating increase/decrease discovered by Nguy Minh Tuan Patchstack Alliance in the WordPress WP ULike plugin versions = 4.6.3. Solution No patched version is available. No reply from the vendor since August 24th, 2022...

3.5AI score0.0033EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/23 12:0 a.m.26 views

WordPress miniOrange Two-Factor Authentication plugin <= 5.6.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Calvin Alkan in WordPress miniOrange Two-Factor Authentication plugin versions = 5.6.1. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at least 5.6.2...

3.1AI score0.00694EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/10 12:0 a.m.26 views

WordPress WPUpper Share Buttons plugin <= 3.42 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress WPUpper Share Buttons plugin versions = 3.42. Solution Deactivate and delete. This plugin has been closed as of November 9, 2022 and is not available for download. This closure is temporary, pending a full...

1.7AI score0.0047EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/11/09 12:0 a.m.26 views

WordPress wpForo Forum plugin <= 2.0.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress wpForo Forum plugin versions = 2.0.9. Solution Update the WordPress wpForo Forum plugin to the latest available version at least 2.1.0...

9.9CVSS3.8AI score0.00868EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/09 12:0 a.m.26 views

WordPress Car Rental by BestWebSoft plugin <= 1.1.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT Patchstack Alliance in the WordPress Car Rental by BestWebSoft plugin versions = 1.1.2. Solution No patched version is available...

2.1AI score0.00392EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/03 12:0 a.m.26 views

WordPress Find and Replace All plugin <= 1.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Replacement discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Find and Replace All plugin versions = 1.3. Solution No patched version available...

2AI score0.00267EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/03 12:0 a.m.26 views

WordPress Fancier Author Box by ThematoSoup plugin <= 1.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress Fancier Author Box by ThematoSoup plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary,...

1.8AI score0.00501EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/02 12:0 a.m.26 views

WordPress AgentEasy Properties plugin <= 1.0.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep Patchstack Alliance in the WordPress AgentEasy Properties plugin versions = 1.0.4. Solution Deactivate and delete. This plugin has been closed as of November 1, 2022 and is not available for download. This closure is...

4.8CVSS1.6AI score0.00412EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/01 12:0 a.m.26 views

WordPress Permalink Manager Lite plugin <= 2.2.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress Permalink Manager Lite plugin versions = 2.2.20. Solution Update the WordPress Permalink Manager Lite plugin to the latest available version at least 2.2.20.1...

9.8CVSS4.1AI score0.00649EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.26 views

WordPress Booster for WooCommerce premium plugin <= 5.6.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Checkout Files Deletion discovered by WPScan in WordPress Booster for WooCommerce premium plugin versions = 5.6.4. Solution Update the WordPress Booster Plus for WooCommerce plugin to the latest available version at least 5.6.5...

8.1CVSS3.4AI score0.00371EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2022/10/27 12:0 a.m.26 views

WordPress Zoho CRM Lead Magnet plugin <= 1.7.6.1 - Auth. Arbitrary Options Update vulnerability

Auth. Arbitrary Options Update vulnerability discovered by ptsfence Patchstack Alliance in WordPress Zoho CRM Lead Magnet plugin versions = 1.7.6.0. Solution Update the WordPress Zoho CRM Lead Magnet plugin to the latest available version at least 1.7.6.2...

8.8CVSS3.7AI score0.02971EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2022/10/25 12:0 a.m.26 views

WordPress WPQA premium plugin < 5.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Bikram Kharal in WordPress WPQA premium plugin versions 5.9. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.9...

8.8CVSS3.4AI score0.00477EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/10/18 12:0 a.m.26 views

WordPress core <= 6.0.2 - Content From Multipart Emails Leak vulnerability

Content From Multipart Emails Leak vulnerability when HTML/plaintext used discovered by Thomas Kräftner in WordPress core versions = 6.0.2. Solution Update the WordPress WordPress wordpress to the latest available version at least 6.0.3...

2.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/10/17 12:0 a.m.26 views

WordPress Role Based Pricing for WooCommerce premium plugin <= 1.6.2 - Auth. PHAR Deserialization vulnerability

Auth. PHAR Deserialization vulnerability discovered by WPScan in WordPress Role Based Pricing for WooCommerce premium plugin versions = 1.6.2. Solution Update the WordPress Role Based Pricing for WooCommerce plugin to the latest available version at least 1.6.3...

8.8CVSS3.6AI score0.00511EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/12 12:0 a.m.26 views

WordPress Accessibility plugin <= 1.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Accessibility plugin versions = 1.0.3. Solution Update the WordPress Accessibility plugin to the latest available version at least 1.0.4...

4.8CVSS3.8AI score0.00412EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/03 12:0 a.m.26 views

WordPress AntiSpam by CleanTalk plugin <= 5.185 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Nguyen Duy Quoc Khanh in WordPress Anti-Spam by CleanTalk plugin versions = 5.185. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version at least 5.185.1...

7.2CVSS2.9AI score0.01015EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/27 12:0 a.m.26 views

WordPress Manage Notification E-mails plugin <= 1.8.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Reset discovered by Muhammad Daffa Patchstack Alliance in WordPress Manage Notification E-mails plugin versions = 1.8.2. Solution Update the WordPress Manage Notification E-mails plugin to the latest available version at lea...

4.4AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/26 12:0 a.m.26 views

WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability

Insecure direct object references IDOR vulnerability that allows subscriber+ users to mark any forum post as Solved/Unsolved was discovered by Dhakal Ananda Patchstack Alliance in the WordPress wpForo Forum plugin versions = 2.0.5. Solution Update the WordPress wpForo Forum plugin to the latest...

5.4CVSS3.1AI score0.00485EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/26 12:0 a.m.26 views

WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to post deletion discovered by Dhakal Ananda Patchstack Alliance in WordPress wpForo Forum plugin versions = 2.0.5. Solution Update the WordPress wpForo Forum plugin to the latest available version at least 2.0.6...

5.4CVSS3.5AI score0.00254EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/26 12:0 a.m.26 views

WordPress WP Page Widget plugin <= 3.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress WP Page Widget plugin versions = 3.9. Solution Update the WordPress WP Page Widget plugin to the latest available version at least 4.0...

5.4CVSS3.5AI score0.00258EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/21 12:0 a.m.26 views

WordPress WP Custom Cursors plugin <= 3.0 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes in WordPress WP Custom Cursors plugin versions = 3.0. Solution Update the WordPress WP Custom Cursors plugin to the latest available version at least 3.0.1...

6.1CVSS3AI score0.00251EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/06 12:0 a.m.26 views

WordPress Booking Calendar plugin <= 9.2.1 - Cross-Site Request Forgery (CSRF) leading to Translations Update

Cross-Site Request Forgery CSRF leading to Translations Update discovered by Muhammad Daffa Patchstack Alliance in WordPress Booking Calendar plugin versions = 9.2.1. Solution Update the WordPress Booking Calendar plugin to the latest available version at least 9.2.2...

5.4CVSS3.5AI score0.00269EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/25 12:0 a.m.26 views

WordPress Event Calendar – Calendar plugin <= 1.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Vlad Vector Patchstack in WordPress Event Calendar – Calendar plugin versions = 1.4.6. Solution Update the WordPress Event Calendar – Calendar plugin to the latest available version at least 1.4.7...

5.4CVSS2.3AI score0.00461EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/22 12:0 a.m.26 views

WordPress Ajax Load More plugin <= 5.5.3 - Directory Traversal vulnerability

Directory Traversal vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Ajax Load More plugin versions = 5.5.3. Solution Update the WordPress Ajax Load More plugin to the latest available version at least 5.5.4...

4.9CVSS2.4AI score0.01416EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/08/16 12:0 a.m.26 views

WordPress Broken Link Checker Plugin <= 1.11.16 - Authenticated PHAR Deserialization vulnerability

Authenticated PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in Broken Link Checker versions = 1.11.16 Solution Update the WordPress Broken Link Checker plugin to the latest available version at least 1.11.17...

7.2CVSS3.5AI score0.01307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/08/10 12:0 a.m.26 views

WordPress SP Project & Document Manager plugin <= 4.59 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Vlad Vector Patchstack in WordPress SP Project & Document Manager plugin versions = 4.59. Solution Update the WordPress SP Project & Document Manager plugin to the latest available version at least 4.62...

6.1CVSS2.2AI score0.00492EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/04 12:0 a.m.26 views

WordPress Ecwid Ecommerce Shopping Cart plugin <= 6.10.23 - Cross-Site Request Forgery (CSRF) vulnerability leading to Settings/Options update

Cross-Site Request Forgery CSRF vulnerability leading to Settings/Options update discovered by Marco Wotschka in WordPress Ecwid Ecommerce Shopping Cart plugin versions = 6.10.23. Solution Update the WordPress Ecwid Shopping Cart plugin to the latest available version at least 6.10.24...

8.8CVSS3.1AI score0.00454EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/03 12:0 a.m.26 views

WordPress Mailchimp for WooCommerce plugin <= 2.7 - Authenticated Server-Side Request Forgery (SSRF) vulnerability

Authenticated Server-Side Request Forgery SSRF vulnerability discovered by Miguel Xavier Penha Neto in WordPress Mailchimp for WooCommerce plugin versions = 2.7. Solution Update the WordPress MailChimp For WooCommerce plugin to the latest available version at least 2.7.1...

4.3CVSS3.2AI score0.00585EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/02 12:0 a.m.26 views

WordPress uContext for Clickbank plugin <= 3.9.1 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by Hayato Takizawa in WordPress uContext for Clickbank plugin versions = 3.9.1. Solution Deactivate and delete. This plugin has been closed as of July 26, 2022 and is not available for download. This...

8.8CVSS1.2AI score0.00507EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/08/01 12:0 a.m.26 views

WordPress Ask Me premium theme < 6.8.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability Edit Profile was discovered by the WPScan team in WordPress Ask Me premium theme versions 6.8.4. Solution Update the WordPress Ask Me theme to the latest available version at least 6.8.4...

4.3CVSS2.9AI score0.00345EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/07/29 12:0 a.m.26 views

WordPress ЮKassa для WooCommerce plugin <= 2.3.0 - Cross-Site Request Forgery (CSRF) leading to plugin settings update

Cross-Site Request Forgery CSRF leading to plugin settings update discovered by ptsfence Patchstack Alliance in WordPress ЮKassa для WooCommerce plugin versions = 2.3.0. Solution Update the WordPress ЮKassa для WooCommerce plugin to the latest available version at least 2.3.1...

8.8CVSS4.1AI score0.00401EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/07/27 12:0 a.m.26 views

WordPress BxSlider WP plugin <= 2.0.0 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress BxSlider WP plugin versions = 2.0.0. Solution No patched version is available...

5.4CVSS2.8AI score0.00449EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/07/25 12:0 a.m.26 views

WordPress SearchWP Live Ajax Search plugin <= 1.6.1 - Unauthenticated Arbitrary Post Title Disclosure vulnerability

Unauthenticated Arbitrary Post Title Disclosure vulnerability discovered by Angelo Delicato in WordPress SearchWP Live Ajax Search plugin versions = 1.6.1. Solution Update the WordPress SearchWP Live Ajax Search plugin to the latest available version at least 1.6.2...

5.3CVSS2.6AI score0.01464EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/21 12:0 a.m.26 views

WordPress GREYD.SUITE theme <= 1.2.6.1 - Unauthenticated File Upload vulnerability leading to Remote Code Execution (RCE)

Unauthenticated File Upload vulnerability leading to Remote Code Execution RCE discovered by Bernhard Kau in WordPress GREYD.SUITE theme versions = 1.2.6.1. Solution Update the WordPress GREYD.SUITE theme to the latest available version at least 1.2.7...

9.8CVSS4.8AI score0.01896EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2022/07/19 12:0 a.m.26 views

WordPress Testimonials plugin <= 3.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Testimonials plugin versions = 3.0.1. Solution No patched version is available. No way to contact the vendor...

5.4CVSS3AI score0.00457EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/07/11 12:0 a.m.26 views

WordPress GiveWP plugin <= 2.21.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress GiveWP plugin versions = 2.21.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.3...

4.8CVSS1AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/04 12:0 a.m.26 views

WordPress Unyson plugin <= 2.7.26 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress Unyson plugin versions = 2.7.26. Solution Update the WordPress to the latest available version at least 2.7.27...

7.2CVSS1.6AI score0.01448EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/04 12:0 a.m.26 views

WordPress Header Footer Code Manager plugin <= 1.1.23 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Header Footer Code Manager plugin versions = 1.1.23. Solution Update the WordPress Header Footer Code Manager plugin to the latest available version at least 1.1.24...

6.1CVSS1.7AI score0.01072EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/01 12:0 a.m.26 views

WordPress Yellow Yard Searchbar plugin <= 2.7.27 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Victor Pasman in WordPress Yellow Yard Searchbar plugin versions = 2.7.27. Solution No patched version available...

3AI score0.00486EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/16 12:0 a.m.26 views

WordPress Social Media Share Buttons plugin <= 3.8.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Social Media Share Buttons plugin versions = 3.8.4. Solution Update the WordPress Social Media Share Buttons plugin to the latest available version at least 3.8.5...

4.8CVSS3.4AI score0.00438EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/05/27 12:0 a.m.26 views

WordPress Easy Pricing Tables plugin <= 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Easy Pricing Tables plugin versions = 3.1.2. Solution Update the WordPress Easy Pricing Tables plugin to the latest available version at least 3.1.3...

4.8CVSS2.9AI score0.00528EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.26 views

WordPress JupiterX Core premium plugin <= 2.0.6 - Information Disclosure, Modification, and Denial of Service (DoS) vulnerabilities

Information Disclosure, Modification, and Denial of Service DoS vulnerabilities were discovered by Ramuel Gall Wordfence in the WordPress JupiterX Core premium plugin versions = 2.0.6. Solution Update the WordPress JupiterX Core premium plugin to the latest available version at least 2.0.7...

7.5CVSS3.1AI score0.00819EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/05/09 12:0 a.m.26 views

WordPress JivoChat Live Chat plugin <= 1.3.5.3 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Muhamad Hidayat in WordPress JivoChat Live Chat plugin versions = 1.3.5.3. Solution Update the WordPress JivoChat Live Chat plugin to the latest available version at least 1.3.5.4...

5.4CVSS2.5AI score0.00292EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/02 12:0 a.m.26 views

WordPress Breeze plugin <= 2.0.2 - Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability

Plugin Settings Change leading to Cross-Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Breeze plugin versions = 2.0.2. Solution Update the WordPress Breeze plugin to the latest available version at least 2.0.3...

6.5CVSS1.9AI score0.00538EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/29 12:0 a.m.26 views

WordPress WP Subscribe plugin <= 1.2.12 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress WP Subscribe plugin versions = 1.2.12. Solution Update the WordPress WP Subscribe plugin to the latest available version at least 1.2.13...

4.8CVSS2.6AI score0.00533EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities5000