Lucene search
K
PatchstackMost viewed

46662 matches found

Patchstack
Patchstack
•added 2021/03/26 12:0 a.m.•26 views

WordPress Patreon WordPress plugin <= 1.7.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Jetpack Scan team in WordPress Patreon WordPress plugin versions = 1.7.1. Solution Update the WordPress Patreon WordPress plugin to the latest available version at least 1.7.2...

9.6CVSS1.9AI score0.01874EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2020/09/22 12:0 a.m.•26 views

WordPress Import XML and RSS Feeds plugin <= 2.0.1 - Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability discovered by Suzhou Aurora Infinity Information Technology Co., Ltd. in WordPress Import XML and RSS Feeds plugin versions = 2.0.1. Solution Update the WordPress Import XML and RSS Feeds plugin to the latest available version at least 2.0.2...

9.1CVSS2.4AI score0.14745EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2020/09/21 12:0 a.m.•26 views

WordPress 15zine premium theme <= 3.2.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Fariq Fadillah Gusti Insani in WordPress 15zine premium theme versions = 3.2.2. Solution Update the WordPress 15zine premium theme to the latest available version at least 3.3.0...

6.1CVSS2AI score0.02602EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2020/04/14 12:0 a.m.•26 views

WordPress Accordion plugin <= 2.2.8 - Unprotected AJAX Action leading to Stored/Reflected Cross-Site Scripting (XSS) vulnerability

Unprotected AJAX Action leading to Stored/Reflected Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress Accordion plugin versions = 2.2.8. Solution Update the WordPress Accordion plugin to the latest available version at least 2.2.9...

5.4CVSS2.9AI score0.00766EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2020/03/16 12:0 a.m.•26 views

WordPress LearnPress plugin <= 3.2.6.6 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered in WordPress LearnPress plugin versions = 3.2.6.6. Solution Update the WordPress LearnPress plugin to the latest available version at least 3.2.6.7...

6.5CVSS3.9AI score0.01116EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2019/07/24 12:0 a.m.•26 views

WordPress Adaptive Images for WordPress plugin <= 0.6.66 - Local File Inclusion (LFI) vulnerability

Local File Inclusion LFI vulnerability found by Mark Gruffer in WordPress Adaptive Images for WordPress plugin versions = 0.6.66. Solution Update the WordPress Adaptive Images for WordPress plugin to the latest available version at least 0.6.67...

7.5CVSS2.7AI score0.63375EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2019/06/11 12:0 a.m.•26 views

WordPress ConvertPlus plugin <= 3.4.2 - Unauthenticated Arbitrary User Role Creation vulnerability

Unauthenticated Arbitrary User Role Creation vulnerability found by WordFence in WordPress ConvertPlus plugin versions = 3.4.2. Solution Update the WordPress ConvertPlus plugin to the latest available version at least 3.4.3...

3.2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/05/27 12:0 a.m.•26 views

WordPress Virim plugin <= 0.4 - Unauthenticated Object Injection vulnerability

Unauthenticated Object Injection vulnerability found by Magnus K. Stubman in WordPress Virim plugin versions = 0.4. Solution 27 May 2019 - This plugin was closed and is no longer available for download...

9.8CVSS4.3AI score0.02417EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2019/03/12 12:0 a.m.•26 views

WordPress WP Fastest Cache plugin <= 0.8.9.0 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability found by Sebastian Neef in WordPress WP Fastest Cache plugin versions = 0.8.9.0. Solution Update the WordPress WP Fastest Cache plugin to the latest available version at least 0.8.9.1...

6.5CVSS3.7AI score0.04348EPSS
Exploits3References2Affected Software1
Patchstack
Patchstack
•added 2019/02/14 12:0 a.m.•26 views

WordPress Booking Calendar plugin <= 8.4.5.14 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by B0UG in WordPress Booking Calendar plugin versions = 8.4.5.14. Solution Update the WordPress Booking Calendar plugin to the latest available version at least 8.4.5.15...

8.8CVSS2.7AI score0.19238EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
•added 2018/03/02 12:0 a.m.•26 views

WordPress Category Order and Taxonomy Terms Order plugin <=1.5.2.2 - Authenticated PHP Object Injection vulnerability

Authenticated PHP Object Injection vulnerability found in WordPress Category Order and Taxonomy Terms Order plugin versions =1.5.2.2. Solution Update the WordPress Category Order and Taxonomy Terms Order plugin to the latest available version at least 1.5.3...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2018/01/09 12:0 a.m.•26 views

WordPress GD Rating System plugin 2.3 - Cross-Site Scripting (XSS) vulnerability (4)

A fourth Cross-Site Scripting XSS vulnerability found by d4wner in WordPress GD Rating System plugin version 2.3. XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. Solution 1/9/2018 - we were unable to find a patched version of this plugin...

6.1CVSS2.5AI score0.01265EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2018/01/08 12:0 a.m.•26 views

WordPress Z-URL Preview plugin <= 1.6.2 - Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting XSS vulnerability found by Neorichi in WordPress Z-URL Preview plugin versions = 1.6.2. Vulnerable to Cross-Site Scripting via the class.zlinkpreview.php url parameter. Solution Update the WordPress Z-URL Preview plugin to the latest available version at least 2.0.0...

6.1CVSS2.5AI score0.01467EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2017/05/16 12:0 a.m.•26 views

WordPress <=4.7.4 - Post Meta Data Values Improper Handling in XML-RPC API

WordPress versions starting from 2.5 to 4.7.4 have the improper handling of post meta data values in the XML-RPC Remote Procedure Call API. Discovered and reported by Sam Thomas. Solution Update WordPress core to the latest possible version at least 4.7.5...

8.6CVSS2.1AI score0.01775EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2016/05/17 12:0 a.m.•26 views

WordPress Collne Welcart e-Commerce Plugin <= 1.8.2 - XSS

This vulnerability allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...

6.1CVSS4.1AI score0.01491EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2016/04/13 12:0 a.m.•26 views

WordPress E-Search Plugin <= 1.0 - Cross-Site Scripting (XSS)

Because of this vulnerability, the variable date-from appears to send unsanitized data back to the users browser. Solution Update the plugin...

6.1CVSS3.9AI score0.0465EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
•added 2015/10/02 12:0 a.m.•26 views

WordPress Font Plugin <= 7.5.0 - Absolute Path Traversal

This vulnerability allows the administrators to read arbitrary files via a full pathname in the "URL" parameter to AjaxProxy.php. Solution Update the plugin...

4CVSS4.8AI score0.05003EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2015/09/25 12:0 a.m.•26 views

WordPress Pie Register Plugin <= 2.0.18 - XSS

This vulnerability allows an attacker to inject arbitrary web script or HTML via the invitaioncode parameter in a pie-register page to the default URL. Solution Update the plugin...

4.3CVSS2.6AI score0.04405EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2015/08/02 12:0 a.m.•26 views

WordPress <= 4.3.0 - BYPASS

The vulnerability is in the XMLRPC subsystem, in wp-includes/class-wp-xmlrpc-server.php. It allows an authenticated user to bypass intended access restrictions via unspecified vectors. Solution Update WordPress...

4.3CVSS5.1AI score0.06279EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/07/10 12:0 a.m.•26 views

WordPress IBS Mappro Plugin <= 0.9 - Absolute Path Traversal

This vulnerability is in lib/download.php. It allows an attacker to read arbitrary files via a full pathname in the "file" parameter. Solution Update the plugin...

7.8CVSS5.7AI score0.03263EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2015/06/10 12:0 a.m.•26 views

WordPress RobotCPA Plugin - Local File Inclusion

BookX plugin's get parameter "l" is prone to a local file include vulnerability because of failure of validation user-supplied input. It allows an attacker to get potentially sensitive information. The affected file is "f.php". Solution Update the plugin...

3.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/06/04 12:0 a.m.•26 views

WordPress ZM Ajax Login & Register Plugin 1.0.9 - Local File Inclusion

Because of this vulnerability attacker can include a local file specified in "template" post parameter by exploiting the wpajaxnoprivloadtemplate action and without any validation. Solution Update the plugin...

5CVSS3AI score0.13405EPSS
Exploits5References2Affected Software1
Patchstack
Patchstack
•added 2015/05/06 12:0 a.m.•26 views

WordPress ClickBank Affiliate Ads plugin <= 1.20 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Kaustubh G. Padwad in WordPress ClickBank Affiliate Ads plugin versions = 1.20. Solution Update the WordPress ClickBank Affiliate Ads plugin to the latest available version at least 1.35...

4.8CVSS3.4AI score0.00677EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2015/04/28 12:0 a.m.•26 views

WordPress <= 4.1.1 - XSS

Because of this vulnerability, an attacker can execute same-origin JavaScript functions via the "target" parameter, as demonstrated by executing a certain click function, related to init.as and fireEvent.as. Solution Update WordPress...

4.3CVSS3.5AI score0.06044EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/04/01 12:0 a.m.•26 views

WordPress Simple Ads Manager Plugin <= 2.7.96 - Multiple SQL Injection

Because of these vulnerabilities, the attackers can execute arbitrary SQL commands via the "cstr" parameter in a loadposts action to sam-ajax-admin.php, "hits" parameter in a samhits action to sam-ajax.php, the "searchTerm" parameter in a loadcombodata action to sam-ajax-admin.php or the "editor"...

7.5CVSS3.8AI score0.06259EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2015/03/17 12:0 a.m.•26 views

WordPress WPML Plugin <= 3.1.8 - SQL Injection #2

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "lang" parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed. Related records:...

7.5CVSS4AI score0.07069EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/02/16 12:0 a.m.•26 views

WordPress Image Metadata Cruncher Plugin - Multiple CSRF and XSS

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the "imagemetadatacruncheralt" or "imagemetadatacrunchercaption" parameters. Solution Upgrade the plugin...

6.8CVSS4AI score0.01196EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/11/26 12:0 a.m.•26 views

WordPress Apptha Video Gallery Plugin <= 2.5 - Multiple XSS

These vulnerabilities allow authenticated users to inject arbitrary web script or HTML via the "videoadssearchQuery" parameter. Solution Update the plugin...

3.5CVSS3.1AI score0.02875EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/11/26 12:0 a.m.•26 views

WordPress Apptha Video Gallery Plugin <= 2.5 - Multiple SQL Injection

Because of these vulnerabilities, the attackers can execute arbitrary SQL commands via the "videoId" parameter in a newvideo page to wp-admin/admin.php, "vid" parameter in a myextract action to wp-admin/admin-ajax.php or "playlistId" parameter in the newplaylist page. Solution Update the plugin...

7.5CVSS6.3AI score0.05173EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/11/20 12:0 a.m.•26 views

WordPress <= 4.0.0 - Multiple Vulnerabilities #1

There are multiple vulnerabilities in WordPress wp-login.php, such as cross site scripting, denial of service attacks, hash comparison, SSRF, CSRF. Because of these vulnerabilities, attackers can reset passwords by leveraging access to an e-mail account that received a password-reset message...

4.3CVSS2.5AI score0.02375EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/11/20 12:0 a.m.•26 views

WordPress <= 4.0.0 - CSRF

Because of this vulnerability in wp-login.php, the attackers can hijack the authentication of arbitrary users for requests that reset passwords. Solution Update WordPress...

6.8CVSS4.4AI score0.01964EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/10/07 12:0 a.m.•26 views

WordPress BulletProof Security Plugin <= .51 - SQL Injection

This vulnerability is in admin/htaccess/bpsunlock.php. It allows remote authenticated users to execute arbitrary SQL commands via the "tableprefix" parameter. Solution Update the plugin...

6.5CVSS6.5AI score0.021EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2014/09/11 12:0 a.m.•26 views

WordPress WooCommerce plugin <= 2.2.2 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by Tom Adams in WordPress WooCommerce plugin versions = 2.2.2. Solution Update the WordPress WooCommerce plugin to the latest available version at least 2.2.3...

4.3CVSS1.8AI score0.02023EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2014/09/04 12:0 a.m.•26 views

WordPress EWWW Image Optimizer Plugin <= 2.0.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "error" parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php. Solution Update the plugin...

4.3CVSS3AI score0.02064EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2014/08/13 12:0 a.m.•26 views

WordPress <=3.9.1 - Multiple Vulnerabilities #1

wp-includes/pluggable.php does not use delimiters during concatenation of action values and uid values in CSRF tokens, that allows the attackers to bypass a CSRF protection mechanism via a brute-force attack. Related records:...

6.8CVSS5.1AI score0.01834EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•26 views

WordPress Yahoo! Updates Plugin <= 1.0 - Multiple XSS

Because of these multiple vulnerabilities in yupdatesapplication.php, the attackers can inject arbitrary web script or HTML via the 3 parameters: "secret", appid" or "key". Solution Update the plugin...

4.3CVSS2.6AI score0.01618EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/02/22 12:0 a.m.•26 views

WordPress AdRotate Plugin 3.9.4 - SQL Injection

This WordPress AdRotate plugin's clicktracker.php "track param" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin to 3.9.5...

7.5CVSS4.2AI score0.05412EPSS
Exploits7References1Affected Software1
Patchstack
Patchstack
•added 2014/02/07 12:0 a.m.•26 views

WordPress VideoWhisper Live Streaming Integration Plugin <= 4.29.4 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS3.2AI score0.04546EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2014/01/20 12:0 a.m.•26 views

WordPress <= 3.0.5

Because of this vulnerability, remote authenticated users can perform publish actions by leveraging the Contributor role. Solution Update WordPress...

4CVSS3.7AI score0.01775EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/12/30 12:0 a.m.•26 views

WordPress Advanced Dewplayer Plugin - Script Directory Traversal

Advanced Dewplayer plugin is prone to a directory traversal vulnerability because of failure of cleaning up user-supplied input. An attacker can obtain sensitive information that could aid in further attacks. Solution Upgrade the plugin...

5CVSS2.4AI score0.19641EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2013/09/11 12:0 a.m.•26 views

WordPress <= 3.6.0 - Cross Site Scripting #2

Because of this vulnerability, remote authenticated users can conduct cross-site scripting attacks via a crafted file, that is related to the getallowedmimetypes function in wp-includes/functions.php. Solution Update WordPress...

4.3CVSS3.9AI score0.02361EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/06/19 12:0 a.m.•26 views

WordPress BackWPup Plugin <= 3.0.12 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "tab" parameter to wp-admin/admin.php. Solution Update the plugin...

4.3CVSS2.9AI score0.02058EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2013/05/07 12:0 a.m.•26 views

WordPress ShareThis Plugin <= 7.0.5 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that modify this plugin's settings. Solution Update the plugin...

6.8CVSS5AI score0.01178EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/02/19 12:0 a.m.•26 views

WordPress <= 3.5.1 - Denial of Service Attacks

This WordPress version is prone to denial of service attacks via a crafted value of a certain wp-postpass cookie. Solution Update WordPress...

4.3CVSS5AI score0.03373EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2012/09/26 12:0 a.m.•26 views

WordPress Welcart Plugin <= 1.2.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that complete a purchase. Solution Update the plugin...

6.8CVSS4.4AI score0.0107EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/08/09 12:0 a.m.•26 views

WordPress Quick Post Widget Plugin <= 1.9.1 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS1.9AI score0.02041EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2012/06/14 12:0 a.m.•26 views

WordPress <= 3.4.0 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of unspecified victims via unknown vectors. Solution Update WordPress...

6.8CVSS6.1AI score0.01241EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/04/21 12:0 a.m.•26 views

WordPress <= 3.3.1 - BYPASS

This vulnerability allows the authenticated site administrators to bypass intended access restrictions via unspecified vectors. Solution Update WordPress...

5.5CVSS5.1AI score0.02614EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2011/11/23 12:0 a.m.•26 views

WordPress ClickDesk Live Support Plugin 2.0 - Cross Site Scripting

WordPressClickDesk Live Support plugin's "cdwidget" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker...

4.3CVSS2AI score0.10428EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/09/29 12:0 a.m.•26 views

WordPress Elegant Grunge Theme 1.0.3 - Cross Site Scripting

WordPress Elegant Grunge theme's "s" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

4.3CVSS2.6AI score0.03429EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000