Lucene search
K
PatchstackMost viewed

46662 matches found

Patchstack
Patchstack
added 2011/08/10 12:0 a.m.26 views

WordPress <= 3.1.2 - Multiple Unspecified Remote vulnerabilities

Because of these vulnerabilities, the attackers can determine usernames of non-authors via canonical redirects. Solution Update WordPress...

5CVSS5AI score0.02209EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2009/08/18 12:0 a.m.26 views

WordPress <= 2.8.2 - Multiple Vulnerabilities #1

Because of these vulnerabilities, the attackers can make unauthorized edits or additions via a direct request to edit-category-form.php, edit-pages.php, edit-comments.php, edit-link-category-form.php, or edit.php. Solution Update WordPress...

6.4CVSS5AI score0.02276EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2009/06/15 12:0 a.m.26 views

WordPress Photoracer Plugin 1.0 - SQL Injection Vulnerability

SQL injection vulnerability found in viewimg.php line 16. It allows the attacker to execute arbitrary commands via the 'imgid' parameter against the database. Solution Update plugin...

7.5CVSS5.4AI score0.02737EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/09/15 12:0 a.m.26 views

WordPress <= 2.6.1 - SQL Truncation Vulnerability #2

The attackers can change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability.", because this WordPress does not properly handle MySQL warnings about insertion of username strings...

5.1CVSS3.1AI score0.05481EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2008/05/12 12:0 a.m.26 views

WordPress <= 2.2.2 - BYPASS

The attackers can bypass intended access restrictions for certain pages, because wp-includes/vars.php does not properly extract the current path from the PATHINFO. Solution Update WordPress...

7.5CVSS5AI score0.02734EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/04/23 12:0 a.m.26 views

WordPress <= 2.5 - Cookie Integrity Protection Vulnerability

The attackers can forge cookies by registering a username that results in the same concatenated string, because the cookie authentication method relies on a hash of a concatenated string containing USERNAME and EXPIRYTIME. Solution Update WordPress to version 2.5.1...

7.5CVSS3.3AI score0.05001EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2008/01/09 12:0 a.m.26 views

WordPress <= 2.0.11 - XSS

Because of this vulnerability in wp-db-backup.php, the attackers can inject arbitrary web script or HTML via the "backup" parameter in a wp-db-backup.php action to wp-admin/edit.php. Solution Update the WordPress...

4.3CVSS3.1AI score0.03967EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2007/03/22 12:0 a.m.26 views

WordPress <= 2.1.2 RC2 - XSS

Because of this vulnerability in wp-admin/vars.php, the authenticated users with theme privileges can inject arbitrary web script or HTML via the PATHINFO. Solution Update the WordPress to the latest available version at least 2.1.3...

4.3CVSS2.3AI score0.05778EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2007/03/10 12:0 a.m.26 views

WordPress <= 2.1.2 - Sensitive Directory Exposure

Because of this vulnerability, the attackers can obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message. Solution Update the WordPress to the latest available version at least 2.1.3...

5CVSS4.3AI score0.01932EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2007/03/05 12:0 a.m.26 views

WordPress <= 2.1.1 - Multiple Vulnerabilities

The attackers can execute arbitrary commands via an eval injection vulnerability in the "ix" parameter to wp-includes/feed.php. Also, there is command execution backdoor vulnerability. Solution Update the WordPress to the latest available version at least 2.1.2...

7.5CVSS6.1AI score0.27006EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2007/01/08 12:0 a.m.26 views

WordPress <= 2.0.5 - SQL Injection

Because of this vulnerability, the attackers can bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets. Solution Update the WordPress to the latest available version at least 2.0.6...

6.8CVSS6.2AI score0.07357EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:25 a.m.25 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Form Submission Data Exposure vulnerability discovered by Z3no in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...

6.5CVSS5.8AI score0.00404EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/15 5:33 p.m.25 views

NPM: Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state storage is used without PKCE

NPM: Better Auth: OAuth callback accepts mismatched state when cookie-backed state storage is used without PKCE vulnerability discovered by ? in WordPress Npm better-auth versions 1.6.2...

5.8AI score
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2024/11/25 12:0 a.m.25 views

WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.44 is vulnerable to Broken Authentication

Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.44 Fixed in 6.45 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10781 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0bd21f35fe5e...

8.1CVSS6.3AI score0.03824EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/11/25 12:0 a.m.25 views

WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.43.2 is vulnerable to Broken Authentication

Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.43.2 Fixed in 6.44 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10542 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a624846c5f89...

9.8CVSS6.6AI score0.15236EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/11/25 12:0 a.m.25 views

WordPress CM Pop-Up banners Plugin 1.7.5 is vulnerable to Cross Site Scripting (XSS)

Software CM Pop-Up banners Type Plugin Vulnerable versions 1.7.5 Fixed in 1.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f58e5244f29c Credits Peter Thaleikis...

6.1CVSS5.9AI score0.00584EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/18 12:0 a.m.25 views

WordPress Backup and Staging by WP Time Capsule Plugin <= 1.22.21 is vulnerable to Arbitrary File Upload

Software Backup and Staging by WP Time Capsule Type Plugin Vulnerable versions = 1.22.21 Fixed in 1.22.22 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8856 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 3a293a6ce154 Credits Rein Daelman...

9.8CVSS6.9AI score0.93709EPSS
Exploits7References3Affected Software1
Patchstack
Patchstack
added 2024/11/14 12:0 a.m.25 views

WordPress Automation By Autonami Plugin < 3.3.0 is vulnerable to SQL Injection

Software Automation By Autonami Type Plugin Vulnerable versions 3.3.0 Fixed in 3.3.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9186 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0bc9c96e6168 Credits y4ng0615 Required privilege Unauthenticated...

8.6CVSS6.9AI score0.02241EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/11/11 12:0 a.m.25 views

WordPress Form Maker by 10Web Plugin <= 1.15.30 is vulnerable to Cross Site Scripting (XSS)

Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.30 Fixed in 1.15.31 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10265 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0450360afe6c Credits vgo0...

6.1CVSS5.7AI score0.00363EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.25 views

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.45 is vulnerable to Cross Site Scripting (XSS)

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.45 Fixed in 1.6.46 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10325 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3bcf490aa26b...

6.4CVSS5.7AI score0.00288EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/05 12:0 a.m.25 views

WordPress JobSearch Plugin <= 2.6.7 is vulnerable to Arbitrary File Upload

Software JobSearch Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8615 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 46ee6cd9f962 Credits Tonn Required privilege Unauthenticated Publish...

10CVSS7.2AI score0.00829EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/01 12:0 a.m.25 views

WordPress BetterLinks Plugin <= 2.1.7 is vulnerable to SQL Injection

Software BetterLinks Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51672 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 159a4550c364 Credits Marek Mikita Required privilege Administrator Publish...

7.6CVSS7.2AI score0.00456EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/17 12:0 a.m.25 views

WordPress Property Lot Management System Plugin <= 4.2.38 is vulnerable to Arbitrary File Upload

Software Property Lot Management System Type Plugin Vulnerable versions = 4.2.38 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49331 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 5524e01a8194 Credits CTRL Chance Required...

9.9CVSS9.6AI score0.00478EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/09 12:0 a.m.25 views

WordPress ACF Images Search And Insert Plugin <= 1.1.4 is vulnerable to Arbitrary File Upload

Software ACF Images Search And Insert Type Plugin Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-48035 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID a12f4662ed6d Credits stealthcopter Required...

9.9CVSS6.8AI score0.00482EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/07 12:0 a.m.25 views

WordPress Themify Builder Plugin <= 7.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Themify Builder Type Plugin Vulnerable versions = 7.6.2 Fixed in 7.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9385 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ab445f01cba Credits Colin Xu Required...

6.1CVSS5.7AI score0.0036EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/07 12:0 a.m.25 views

WordPress Rank Math SEO Plugin <= 1.0.228 is vulnerable to Broken Access Control

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.228 Fixed in 1.0.229 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9161 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ca30124e345e Credits Leo Required privilege...

6.5CVSS6.5AI score0.02045EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.25 views

WordPress Elementor Addon Elements Plugin <= 1.13.6 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.13.6 Fixed in 1.13.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47366 Patch priority Low CVSS severity Low 6.5 Developer WPVibes PSID e5b93a793554 Credits João Pedro S Alcântara Kinorth...

6.5CVSS6.8AI score0.00241EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/25 12:0 a.m.26 views

WordPress Livemesh Addons for Elementor Plugin <= 8.5 is vulnerable to Cross Site Scripting (XSS)

Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.5 Fixed in 8.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47303 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6b692e93ddf5 Credits João Pedro S Alcântara...

6.5CVSS6.7AI score0.0022EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/25 12:0 a.m.25 views

WordPress Uncanny Groups for LearnDash Plugin <= 6.1.0.1 is vulnerable to Broken Access Control

Software Uncanny Groups for LearnDash Type Plugin Vulnerable versions = 6.1.0.1 Fixed in 6.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8350 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID d89e217025ab Credits Karl Emil Nikka...

2.7CVSS6.7AI score0.00416EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/09/05 12:0 a.m.25 views

WordPress LiteSpeed Cache Plugin < 6.5.0.1 is vulnerable to Broken Authentication

Software LiteSpeed Cache Type Plugin Vulnerable versions 6.5.0.1 Fixed in 6.5.0.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-44000 Patch priority High CVSS severity High 9.8 Developer Hai Zheng / Lite Speed Cache PSID 8f939cc0b306...

9.8CVSS7.5AI score0.83178EPSS
Exploits7References3Affected Software1
Patchstack
Patchstack
added 2024/08/29 12:0 a.m.25 views

WordPress CoBlocks Plugin < 3.1.13 is vulnerable to Cross Site Scripting (XSS)

Software CoBlocks Type Plugin Vulnerable versions 3.1.13 Fixed in 3.1.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7132 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2ec557475360 Credits Dmitrii Ignatyev Required...

4.8CVSS5.8AI score0.00379EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2024/08/22 12:0 a.m.25 views

WordPress WBW Product Table PRO Plugin <= 1.9.4 is vulnerable to SQL Injection

Software WBW Product Table PRO Type Plugin Vulnerable versions = 1.9.4 Fixed in 1.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43918 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2c9d3f09a102 Credits Dave Jong Patchstack Required privilege...

10CVSS6.8AI score0.01486EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/07/18 12:0 a.m.25 views

WordPress Elements kit Elementor addons Plugin <= 3.2.0 is vulnerable to Sensitive Data Exposure

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6455 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID b000113e05e5 Credits stealthcopter Required...

5.3CVSS6.6AI score0.00396EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/27 12:0 a.m.25 views

WordPress e2pdf Plugin <= 1.24.00 is vulnerable to Cross Site Scripting (XSS)

Software e2pdf Type Plugin Vulnerable versions = 1.24.00 Fixed in 1.25.01 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer E2Pdf.com PSID cc24959a7a9a Credits Yudistira Arya Required privilege Author Published 27...

6.8AI score0.72648EPSS
Exploits15References2Affected Software1
Patchstack
Patchstack
added 2024/06/14 12:0 a.m.25 views

WordPress Woody ad snippets Plugin <= 2.5.0 is vulnerable to Remote Code Execution (RCE)

Software Woody ad snippets Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-3105 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID dce238499b1e Credits Webbernaut Required privilege...

9.9CVSS7.2AI score0.02778EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/06/06 12:0 a.m.25 views

WordPress Album Gallery – WordPress Gallery Plugin <= 1.5.7 is vulnerable to Broken Access Control

Software Album Gallery – WordPress Gallery Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35720 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2435eb9447f2 Credits Steven Juli...

8.8CVSS6.6AI score0.00356EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/20 12:0 a.m.25 views

WordPress FluentForm Plugin <= 5.1.16 is vulnerable to Privilege Escalation

Software FluentForm Type Plugin Vulnerable versions = 5.1.16 Fixed in 5.1.17 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-2771 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d5d5aedf6c4b Credits Tobias...

9.8CVSS6.4AI score0.02333EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/05/06 12:0 a.m.25 views

WordPress Yoast SEO Plugin <= 22.5 is vulnerable to Cross Site Scripting (XSS)

Software Yoast SEO Type Plugin Vulnerable versions = 22.5 Fixed in 22.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4041 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1ed891028ded Credits Bassem Essam Required...

6.1CVSS5.6AI score0.00832EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/04/29 4:6 p.m.25 views

WordPress CodeBard's Patron Button and Widgets for Patreon plugin <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin CodeBard's Patron Button and Widgets for Patreon versions = 2.2.0...

7.1CVSS6.1AI score0.0033EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/29 2:39 p.m.25 views

WordPress Realtyna Organic IDX plugin + WPL Real Estate plugin <= 4.14.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Realtyna Organic IDX plugin versions = 4.14.4...

7.1CVSS6.1AI score0.00334EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/26 12:0 a.m.25 views

WordPress Print Invoice & Delivery Notes for WooCommerce Plugin <= 4.8.1 is vulnerable to Broken Access Control

Software Print Invoice & Delivery Notes for WooCommerce Type Plugin Vulnerable versions = 4.8.1 Fixed in 4.9.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 78b1e6c0b7b8 Credits...

4.3CVSS4.5AI score0.00346EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.25 views

WordPress Max Addons Pro for Bricks Plugin <= 1.6.1 is vulnerable to Settings Change

Software Max Addons Pro for Bricks Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32951 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 446d765fd496 Credits Dave Jong Patchstac...

6.5CVSS6.5AI score0.00438EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.25 views

WordPress Email Subscribers & Newsletters Plugin <= 5.7.14 is vulnerable to SQL Injection

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.14 Fixed in 5.7.15 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2876 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9b57a92f98bb Credits Arkadiusz Hydzik Required...

9.8CVSS6.8AI score0.80596EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.25 views

WordPress WPBakery Page Builder Plugin <= 7.5 is vulnerable to Cross Site Scripting (XSS)

Software WPBakery Page Builder Type Plugin Vulnerable versions = 7.5 Fixed in 7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1840 Patch priority Low CVSS severity Low 6.5 Developer WPBakery PSID 519a2ab9e5cd Credits Nikolas Required privilege...

6.4CVSS6.1AI score0.0032EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/28 12:0 a.m.25 views

WordPress WP SMS Plugin <= 6.6.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP SMS Type Plugin Vulnerable versions = 6.6.2 Fixed in 6.6.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30454 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d4f7f075b7f4 Credits Peng Zhou Required privilege...

8.8CVSS6.6AI score0.00241EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/02/13 12:0 a.m.25 views

WordPress Smart Manager Plugin < 8.28.0 is vulnerable to SQL Injection

Software Smart Manager Type Plugin Vulnerable versions 8.28.0 Fixed in 8.28.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0566 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID c1d0448fde12 Credits Ivan Spiridonov Required privilege Administrator...

7.2CVSS6.8AI score0.03301EPSS
Exploits5References4Affected Software1
Patchstack
Patchstack
added 2024/02/07 12:0 a.m.25 views

WordPress Elementor Website Builder Plugin <= 3.18.3 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.18.3 Fixed in 3.19.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0506 Patch priority Low CVSS severity Low 6.5 Developer Elementor PSID cf3633af9a1c Credits wesley wcraft...

6.4CVSS5.7AI score0.00467EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/12/14 12:0 a.m.25 views

WordPress Enable Media Replace Plugin <= 4.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Enable Media Replace Type Plugin Vulnerable versions = 4.1.4 Fixed in 4.1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-6737 Patch priority Medium CVSS severity Medium 7.1 Developer ShortPixel PSID 6b527c26ad78 Credits Nex Team Required privilege...

6.1CVSS6.5AI score0.00493EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.25 views

WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Button Generator – easily Button Builder Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-49155 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f69c6cdb268...

8.8CVSS6.6AI score0.00294EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/11/07 12:0 a.m.25 views

WordPress Amazonify Plugin <= 0.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Amazonify Type Plugin Vulnerable versions = 0.8.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5818 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a36688b74e5b Credits Ala Arfaoui Required privile...

4.3CVSS6.5AI score0.00234EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000