Lucene search
K
PatchstackMost viewed

46629 matches found

Patchstack
Patchstack
added 2022/04/28 12:0 a.m.26 views

WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Unauthenticated SQL Injection SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Alliance in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending ...

9.8CVSS2.9AI score0.01045EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/26 12:0 a.m.26 views

WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Psychological tests & quizzes plugin versions = 0.21.19. Solution No patched version...

5.4CVSS3AI score0.00538EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/19 12:0 a.m.26 views

WordPress BulletProof Security plugin <= 6.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress BulletProof Security plugin versions = 6.0. Solution Update the WordPress BulletProof Security plugin to the latest available version at least 6.1...

4.8CVSS1.9AI score0.00565EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/04/11 12:0 a.m.26 views

WordPress Import and export users and customers plugin <= 1.19.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by 0x23.so in WordPress Import and export users and customers plugin versions = 1.19.2. Solution Update the WordPress Import and export users and customers plugin to the latest available version at least 1.19.2.1...

4.8CVSS1.9AI score0.00689EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/04 12:0 a.m.26 views

WordPress Coming Soon by Supsystic plugin <= 1.7.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Coming Soon by Supsystic plugin versions = 1.7.5. Solution Update the WordPress Coming Soon by Supsystic plugin to the latest available version at least 1.7.6...

6.1CVSS2.3AI score0.00773EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/03/29 12:0 a.m.26 views

WordPress Users Ultra plugin <= 3.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Users Ultra plugin versions = 3.1.0. Solution Deactivate and delete. This plugin has been closed as of March 14, 2022 and is not available for download. This closure is temporary, pending a full review...

9.8CVSS3.2AI score0.08415EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/15 12:0 a.m.26 views

WordPress Sassy Social Share plugin <= 3.3.39 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Paul J. Martinez in WordPress Sassy Social Share plugin versions = 3.3.39. Solution Update the WordPress Sassy Social Share plugin to the latest available version at least 3.3.40...

6.1CVSS2.4AI score0.02244EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/14 12:0 a.m.26 views

WordPress Ad Inserter plugin <= 2.7.11 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Ad Inserter plugin versions = 2.7.11. Solution Update the WordPress Ad Inserter plugin to the latest available version at least 2.7.12...

6.1CVSS2.2AI score0.03557EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2022/03/07 12:0 a.m.26 views

WordPress Popup Like box plugin <= 3.6.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Popup Like box plugin versions = 3.6.0. Solution Update the WordPress Popup Like box plugin to the latest available version at least 3.6.1...

6.1CVSS2.1AI score0.00788EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/03/01 12:0 a.m.26 views

WordPress dTabs plugin <= 1.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress dTabs plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.9AI score0.00788EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.26 views

WordPress Display WP Admin Pages in the Frontend – WP Frontend Admin plugin < 1.17.0.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Display WP Admin Pages in the Frontend – WP Frontend Admin plugin versions 1.17.0.4. Solution Update the WordPress Display WP Admin Pages in the Frontend – WP Frontend Admin plugin to the latest available version at least...

2.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.26 views

WordPress Premmerce SEO for WooCommerce plugin <= 2.1.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Premmerce SEO for WooCommerce plugin versions = 2.1.4. Solution Update the WordPress Premmerce SEO for WooCommerce plugin to the latest available version at least 2.1.5...

2.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.26 views

WordPress miniOrange's Google Authenticator plugin <= 5.4.52 - Unauthenticated Arbitrary Options Deletion vulnerability

Unauthenticated Arbitrary Options Deletion vulnerability discovered by Krzysztof Zając in WordPress miniOrange's Google Authenticator plugin versions = 5.4.52. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at least 5.5...

8.1CVSS3.7AI score0.00538EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.26 views

WordPress AP Mega Menu plugin <= 3.0.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress AP Mega Menu plugin versions = 3.0.7. Solution Update the WordPress AP Mega Menu plugin to the latest available version at least 3.0.8...

6.1CVSS2.6AI score0.00853EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/17 12:0 a.m.26 views

WordPress WP Statistics plugin <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability via 'browser' discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress WP Statistics plugin versions = 13.1.5. Solution Update the WordPress WP Statistics plugin to the latest available version at least 13.1.6...

7.2CVSS2.6AI score0.01357EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/02/02 12:0 a.m.26 views

WordPress MaxGalleria plugin <= 6.2.7 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Red Team project in the WordPress MaxGalleria plugin versions = 6.2.7. Solution Update the WordPress MaxGalleria plugin to the latest available version at least 6.2.8...

4.8CVSS3.1AI score0.0054EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/01/26 12:0 a.m.26 views

WordPress LearnPress plugin <= 4.1.4.1 - Arbitrary Image Renaming vulnerability

Arbitrary Image Renaming vulnerability discovered by Ceylan Bozogullarindan in WordPress LearnPress plugin versions = 4.1.4.1. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.5...

4.3CVSS3.2AI score0.03205EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2022/01/26 12:0 a.m.26 views

WordPress WP Cloudy plugin <= 4.4.8 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by JrXnm in WordPress WP Cloudy plugin versions = 4.4.8. Solution Update the WordPress WP Cloudy plugin to the latest available version at least 4.4.9...

8.8CVSS2.4AI score0.01202EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/01/19 12:0 a.m.26 views

WordPress AnyComment plugin <= 0.2.17 - Comment Rating Increase/Decrease via Race Condition vulnerability

Comment Rating Increase/Decrease via Race Condition vulnerability discovered by Brandon Roldan in WordPress AnyComment plugin versions = 0.2.17 Solution Update the WordPress AnyComment plugin to the latest available version at least 0.2.18...

3.5CVSS4.4AI score0.00487EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/19 12:0 a.m.26 views

WordPress WOOCS – Currency Switcher for WooCommerce plugin <= 1.3.7.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WOOCS – Currency Switcher for WooCommerce plugin versions = 1.3.7.4. Solution Update the WordPress WOOCS – Currency Switcher for WooCommerce plugin to the latest available version at least 1.3.7.5...

6.1CVSS1.9AI score0.01798EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/18 12:0 a.m.26 views

WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability at bpmessagesfavorite discovered by Vlad Vector Patchstack in WordPress Better Messages plugin versions = 1.9.9.148. Solution Update the WordPress BP Better Messages plugin to the latest available version at least 1.9.9.149...

8.8CVSS3AI score0.00315EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/01/12 12:0 a.m.26 views

WordPress WP-DownloadManager plugin <= 1.68.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by Ex.Mi Patchstack in WordPress WP-DownloadManager plugin versions = 1.68.6. Solution Update the WordPress WP-DownloadManager plugin to the latest available version at least 1.68.7...

5.4CVSS2.3AI score0.00541EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/12/24 12:0 a.m.26 views

WordPress WP Store theme <= 1.1.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress WP Store theme versions = 1.1.9. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores th...

8.8CVSS2.5AI score0.01652EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/20 12:0 a.m.26 views

WordPress AnyComment plugin <= 0.3.4 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Brandon Roldan in WordPress AnyComment plugin versions = 0.3.4. Solution Update the WordPress AnyComment plugin to the latest available version at least 0.3.5...

6.1CVSS3.3AI score0.02208EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/06 12:0 a.m.26 views

WordPress PowerPack Addons for Elementor plugin <= 2.6.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress PowerPack Addons for Elementor plugin versions = 2.6.1. Solution Update the WordPress PowerPack Addons for Elementor plugin to the latest available version at least 2.6.2...

6.1CVSS3.6AI score0.00876EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/06 12:0 a.m.26 views

WordPress Chaty plugin <= 2.8.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Chaty plugin versions = 2.8.2. Solution Update the WordPress Chaty plugin to the latest available version at least 2.8.3...

6.1CVSS1.9AI score0.01806EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/01 12:0 a.m.26 views

WordPress OMGF | Host Google Fonts Locally plugin <= 4.5.11 - Arbitrary Folder Deletion via Path Traversal vulnerability

Arbitrary Folder Deletion via Path Traversal vulnerability discovered by José Aguilera in WordPress OMGF | Host Google Fonts Locally plugin versions = 4.5.11. Solution Update the WordPress OMGF | Host Google Fonts Locally plugin to the latest available version at least 4.5.12...

4.9CVSS3AI score0.01021EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/29 12:0 a.m.26 views

WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Contact Form & Lead Form Elementor Builder plugin versions = 1.6.3. Solution Update the WordPress Contact Form & Lead Form Elementor Builder plugin to the latest available version at least 1.6...

6.1CVSS2.3AI score0.01167EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/28 12:0 a.m.26 views

WordPress StoreVilla theme <= 1.4.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress StoreVilla theme versions = 1.4.1. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...

8.8CVSS2.9AI score0.01652EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.26 views

WordPress Mediamatic – Media Library Folders plugin <= 2.7 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by JrXnm in WordPress Mediamatic – Media Library Folders plugin versions = 2.7. Solution Deactivate and delete. This plugin has been closed as of October 11, 2021 and is not available for download. This closure is temporary, pending a full review...

8.8CVSS3.8AI score0.01318EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/08 12:0 a.m.26 views

WordPress WOOCS – Currency Switcher for WooCommerce plugin <= 1.3.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress WOOCS – Currency Switcher for WooCommerce plugin versions = 1.3.7. Solution Update the WordPress WOOCS – Currency Switcher for WooCommerce plugin to the latest available version at least 1.3.7.1...

6.1CVSS1.8AI score0.00795EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/18 12:0 a.m.26 views

WordPress Stream plugin <= 3.8.1 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress Stream plugin versions = 3.8.1. Solution Update the WordPress Stream plugin to the latest available version at least 3.8.2...

8.8CVSS2.9AI score0.01504EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/13 12:0 a.m.26 views

WordPress Brizy – Page Builder plugin <= 2.3.11 - Incorrect authorization checks allowing Post modification vulnerability

Incorrect authorization checks allowing Post modification vulnerability discovered by Ramuel Gall WordFence in WordPress Brizy – Page Builder plugin versions = 2.3.11. Solution Update the WordPress Brizy – Page Builder plugin to the latest available version at least 2.3.12...

7.1CVSS3.5AI score0.00726EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/10/07 12:0 a.m.26 views

WordPress Post Content XMLRPC plugin <= 1.0 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress Post Content XMLRPC plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of June 21, 2021 and is not available for download. Reason: Security Issue...

7.2CVSS2.9AI score0.01497EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/05 12:0 a.m.26 views

WordPress Simple Download Monitor plugin <= 3.9.5.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.5.1. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.6...

9CVSS2.4AI score0.01241EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/23 12:0 a.m.26 views

WordPress Ark-commenteditor plugin <= 2.15.6 - Iframe Injection via Comment vulnerability

Iframe Injection via Comment vulnerability discovered by Rasi Afeef in WordPress Ark-commenteditor plugin versions = 2.15.6. Solution Deactivate and delete. This plugin has been closed as of September 23, 2021 and is not available for download. Reason: Security Issue...

4.9AI score0.00608EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.26 views

WordPress LearnPress plugin <= 4.1.3 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Stored Cross-Site Scripting XSS vulnerabilities were discovered by Shivam Rai in the WordPress LearnPress plugin versions = 4.1.3. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.3.1...

4.8CVSS1.7AI score0.00661EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/22 12:0 a.m.26 views

WordPress MicroCopy plugin <= 1.1.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress MicroCopy plugin versions = 1.1.0. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...

7.2CVSS3.2AI score0.01467EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/07/27 12:0 a.m.26 views

WordPress uListing plugin <= 2.0.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

9.8CVSS3.9AI score0.02109EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/07/21 12:0 a.m.26 views

WordPress SendGrid plugin <= 1.11.8 - Authenticated Authorization Bypass vulnerability

Authenticated Authorization Bypass vulnerability discovered by Prashant Baldha in WordPress SendGrid plugin versions = 1.11.8. Solution This plugin has been closed as of July 13, 2021 and is not available for download. This closure is permanent...

4.3CVSS3.4AI score0.00698EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/07/15 12:0 a.m.26 views

WordPress Form Maker plugin <= 1.13.59 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez in WordPress Form Maker plugin versions = 1.13.59. Solution Update the WordPress Form Maker plugin to the latest available version at least 1.13.60...

5.4CVSS2AI score0.01091EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/21 12:0 a.m.26 views

WordPress Prismatic plugin <= 2.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Prismatic plugin versions = 2.7. Solution Update the WordPress Prismatic plugin to the latest available version at least 2.8...

6.1CVSS2.1AI score0.01793EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/17 12:0 a.m.26 views

WordPress YOP Poll plugin <= 6.2.7 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Toby Jackson in WordPress YOP Poll plugin versions = 6.2.7. Solution Update the WordPress YOP Poll plugin to the latest available version at least 6.2.8...

6.1CVSS1.7AI score0.01599EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/04/23 12:0 a.m.26 views

WordPress Redirect 404 to parent plugin <= 1.3.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Redirect 404 to parent plugin versions = 1.3.0. Solution Update the WordPress Redirect 404 to parent plugin to the latest available version at least 1.3.1...

6.1CVSS2.1AI score0.13942EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2021/04/22 12:0 a.m.26 views

WordPress WP Maintenance Mode & Site Under Construction plugin <= 1.8.1 - Arbitrary Plugin Installation and Activation vulnerability

Arbitrary Plugin Installation and Activation vulnerability discovered by Bugbang in WordPress WP Maintenance Mode & Site Under Construction plugin versions = 1.8.1. Solution Update the WordPress WP Maintenance Mode & Site Under Construction plugin to the latest available version at least 1.8.2...

8.8CVSS4.2AI score0.01311EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/03/26 12:0 a.m.26 views

WordPress Patreon WordPress plugin <= 1.7.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Jetpack Scan team in WordPress Patreon WordPress plugin versions = 1.7.1. Solution Update the WordPress Patreon WordPress plugin to the latest available version at least 1.7.2...

9.6CVSS1.9AI score0.01874EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2020/10/29 12:0 a.m.26 views

WordPress <= 5.5.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Erwan LR in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...

4.3CVSS3.6AI score0.01068EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/09/22 12:0 a.m.26 views

WordPress Import XML and RSS Feeds plugin <= 2.0.1 - Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability discovered by Suzhou Aurora Infinity Information Technology Co., Ltd. in WordPress Import XML and RSS Feeds plugin versions = 2.0.1. Solution Update the WordPress Import XML and RSS Feeds plugin to the latest available version at least 2.0.2...

9.1CVSS2.4AI score0.14745EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2020/09/21 12:0 a.m.26 views

WordPress 15zine premium theme <= 3.2.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Fariq Fadillah Gusti Insani in WordPress 15zine premium theme versions = 3.2.2. Solution Update the WordPress 15zine premium theme to the latest available version at least 3.3.0...

6.1CVSS2AI score0.02602EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/07/05 12:0 a.m.26 views

WordPress Careerfy premium theme <= 4.0.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities discovered by m0ze in WordPress Careerfy premium theme versions = 4.0.0. Solution Update the WordPress Careerfy premium theme to the latest available version at least 4.1.0...

2.1AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities5000