Lucene search
K
PatchstackMost viewed

46677 matches found

Patchstack
Patchstack
added 2022/06/27 12:0 a.m.25 views

WordPress OAuth Single Sign On – SSO (OAuth Client) plugin <= 6.22.5 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Lana Codes in WordPress OAuth Single Sign On – SSO OAuth Client plugin versions = 6.22.5. Solution Update the WordPress OAuth Single Sign On – SSO OAuth Client plugin to the latest available version at least 6.22.6...

5.3CVSS3.5AI score0.00988EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/27 12:0 a.m.25 views

WordPress Download Manager plugin <= 3.2.43 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress Download Manager plugin versions = 3.2.43. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.44...

6.1CVSS3.2AI score0.0106EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/27 12:0 a.m.25 views

WordPress Advanced Database Cleaner plugin <= 3.1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress Advanced Database Cleaner plugin versions = 3.1.0. Solution Update the WordPress Advanced Database Cleaner plugin to the latest available version at least 3.1.1...

6.1CVSS2.2AI score0.00661EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/27 12:0 a.m.25 views

WordPress Insights from Google PageSpeed plugin <= 4.0.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Daniel Ruf in WordPress Insights from the Google PageSpeed plugin versions = 4.0.6. Solution Update the WordPress Insights from Google PageSpeed plugin to the latest available version at least 4.0.7...

8.8CVSS2.5AI score0.00512EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/20 12:0 a.m.25 views

WordPress Popup Builder plugin <= 4.1.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Pritam Dash in WordPress Popup Builder plugin versions = 4.1.10. Solution Update the WordPress Popup Builder plugin to the latest available version at least 4.1.11...

4.8CVSS1.8AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/13 12:0 a.m.25 views

WordPress wp-championship plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Daniel Ruf in the WordPress wp-championship plugin versions = 9.2. Solution Update the WordPress WP Championship plugin to the latest available version at least 9.3...

6.5CVSS2.4AI score0.00502EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/06 12:0 a.m.25 views

WordPress MyCSS plugin <= 1.1 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress MyCSS plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of May 31, 2022 and is not available for download. This closure is temporary, pendi...

4.3CVSS4AI score0.00412EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/06/01 12:0 a.m.25 views

WordPress Active Products Tables for WooCommerce plugin <= 1.0.4 - Reflected Cross-Site-Scripting (XSS) vulnerability

Reflected Cross-Site-Scripting XSS vulnerability discovered by cydave in WordPress Active Products Tables for WooCommerce plugin versions = 1.0.4. Solution Update the WordPress Active Products Tables for WooCommerce plugin to the latest available version at least 1.0.5...

6.1CVSS3.2AI score0.01829EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/05/30 12:0 a.m.25 views

WordPress Allow svg files plugin <= 1.0 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Luan Pedersini in WordPress Allow svg files plugin versions = 1.0. Solution Update the WordPress Allow svg files plugin to the latest available version at least 1.1...

7.2CVSS3.4AI score0.01403EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/05/24 12:0 a.m.25 views

WordPress Ocean Extra plugin <= 1.9.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Ocean Extra plugin versions = 1.9.4. Solution Update the WordPress Ocean Extra plugin to the latest available version at least 1.9.5...

6.1CVSS2.4AI score0.01355EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2022/05/23 12:0 a.m.25 views

WordPress Auto Delete Posts plugin <= 1.3.0 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Auto Delete Posts plugin versions = 1.3.0. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary,...

8.1CVSS3.4AI score0.00517EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/05/23 12:0 a.m.25 views

WordPress Private Files plugin <= 0.40 - Protection Disabling via Cross-Site Request Forgery (CSRF) vulnerability

Protection Disabling via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Private Files plugin versions = 0.40. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary,...

4.3CVSS4.1AI score0.00412EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.25 views

WordPress Jupiter premium theme <= 6.10.1 - Authenticated Privilege Escalation and Post deletion vulnerability

Authenticated Privilege Escalation and Post deletion vulnerability discovered by Ramuel Gall Wordfence in WordPress Jupiter premium theme versions = 6.10.1. Solution Update the WordPress Jupiter premium theme to the latest available version at least 6.10.2...

9CVSS3.6AI score0.01498EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/05/16 12:0 a.m.25 views

WordPress Herd Effects plugin <= 5.2 - Local File Inclusion (LFI) vulnerability

Local File Inclusion LFI vulnerability was discovered by 0x9B Patchstack Alliance in WordPress Herd Effects plugin versions = 5.2. Solution Update the WordPress Herd Effects plugin to the latest available version at least 5.2.1...

6.8CVSS2.5AI score0.00979EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/05/16 12:0 a.m.25 views

WordPress Ask Me premium theme < 6.8.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in AJAX Actions

Multiple Cross-Site Request Forgery CSRF vulnerabilities in AJAX Actions were discovered by WPScanTeam in WordPress Ask Me premium theme versions 6.8.2. Solution Update the WordPress Ask Me premium theme to the latest available version at least 6.8.2...

6.5CVSS3.4AI score0.00513EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/05/12 12:0 a.m.25 views

WordPress Five Minute Webshop plugin <= 1.3.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer Fraunhofer IESE, Germany and Shi Chen University of Kaiserslautern, Germany in the WordPress Five Minute Webshop plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022...

4CVSS1.8AI score0.00764EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/10 12:0 a.m.25 views

WordPress IMDB Info Box plugin <= 2.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress IMDB Info Box plugin versions = 2.0. Solution Deactivate and delete. This plugin has been closed as of April 11, 2022 and is not available for download. This closure is temporary, pending a full review...

4.8CVSS2.4AI score0.00565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/28 12:0 a.m.25 views

WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Alliance in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending a...

8.8CVSS2.9AI score0.00862EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/19 12:0 a.m.25 views

WordPress Slide Anything plugin <= 2.3.43 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Slide Anything plugin versions = 2.3.43. Solution Update the WordPress Slide Anything plugin to the latest available version at least 2.3.44...

4.8CVSS1.8AI score0.00565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/19 12:0 a.m.25 views

WordPress BMI BMR Calculator plugin <= 1.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress BMI BMR Calculator plugin versions = 1.3. Solution Deactivate and delete. This plugin has been closed as of April 7, 2022 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3.1AI score0.00813EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/18 12:0 a.m.25 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Huli Cymetrics in WordPress VikBooking Hotel Booking Engine & PMS plugin versions = 1.5.3. Solution Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version at least 1.5.4...

5.3CVSS2.4AI score0.01047EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/11 12:0 a.m.25 views

WordPress Import WP plugin <= 2.4.5 - Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by ericfrank900528 in WordPress Import WP plugin versions = 2.4.5. Solution Update the WordPress Import WP plugin to the latest available version at least 2.4.6...

7.2CVSS4.8AI score0.01467EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2022/04/11 12:0 a.m.25 views

WordPress Multiple Shipping Address WooCommerce plugin <= 1.0 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Multiple Shipping Address WooCommerce plugin versions = 1.0. Solution Update the WordPress Multiple Shipping Address WooCommerce plugin to the latest available version at least 2.0...

9.8CVSS2.7AI score0.06849EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/04 12:0 a.m.25 views

WordPress Content Egg plugin <= 5.2.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Content Egg plugin versions = 5.2.0. Solution Update the WordPress Content Egg plugin to the latest available version at least 5.3.0...

6.1CVSS2.4AI score0.00897EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/31 12:0 a.m.25 views

WordPress ThirstyAffiliates Affiliate Link Manager plugin <= 3.10.4 - Unauthorized Image Upload + CSRF vulnerabilities

Unauthorized Image Upload + CSRF vulnerabilities discovered by Muhamad Hidayat in WordPress ThirstyAffiliates Affiliate Link Manager plugin versions = 3.10.4. Solution Update the WordPress ThirstyAffiliates Affiliate Link Manager plugin to the latest available version at least 3.10.5...

4.3CVSS3.4AI score0.00335EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/28 12:0 a.m.25 views

WordPress Thank Me Later plugin <= 3.3.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Ankur Bakre in WordPress Thank Me Later plugin versions = 3.3.4. Solution Deactivate and delete. This plugin has been closed as of March 24, 2022 and is not available for download. This closure is temporary, pending a full review...

4.8CVSS2.3AI score0.00577EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/18 12:0 a.m.25 views

WordPress FV Flowplayer Video Player plugin <= 7.5.15.727 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress FV Flowplayer Video Player plugin versions = 7.5.15.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.5.18.727...

7.2CVSS4.5AI score0.00795EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/03/15 12:0 a.m.25 views

WordPress NS WooCommerce Watermark plugin <= 2.11.3 - Abuse of Functionality vulnerability

Abuse of Functionality vulnerability discovered by Felipe Restrepo Rodríguez in WordPress NS WooCommerce Watermark plugin versions = 2.11.3. Solution Deactivate and delete. This plugin has been closed as of March 15, 2022 and is not available for download. This closure is temporary, pending a ful...

7.5CVSS2.7AI score0.01211EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/10 12:0 a.m.25 views

WordPress UpdraftPlus plugin <= 1.22.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress UpdraftPlus plugin versions = 1.22.8. Solution Update the WordPress UpdraftPlus plugin to the latest available version at least 1.22.9...

6.1CVSS1.9AI score0.07355EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2022/03/07 12:0 a.m.25 views

WordPress Interactive Medical Drawing of Human Body plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Rubina Shaikh in WordPress Interactive Medical Drawing of Human Body plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of February 17, 2022 and is not available for download. This closure is temporary,...

4.8CVSS1.2AI score0.00588EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/01 12:0 a.m.25 views

WordPress WPC Smart Wishlist for WooCommerce plugin <= 2.9.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WPC Smart Wishlist for WooCommerce plugin versions = 2.9.3. Solution Update the WordPress WPC Smart Wishlist for WooCommerce plugin to the latest available version at least 2.9.4...

5.4CVSS2.3AI score0.00591EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.25 views

WordPress Go Fetch Jobs (for WP Job Manager) plugin <= 1.7.0.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Go Fetch Jobs for WP Job Manager plugin versions = 1.7.0.3. Solution Update the WordPress Go Fetch Jobs for WP Job Manager for WooCommerce plugin to the latest available version at least 1.7.3.2...

2.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.25 views

WordPress Iks Menu – WordPress Category Accordion Menu plugin <= 1.9.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Iks Menu – WordPress Category Accordion Menu plugin versions = 1.9.1. Solution Update the WordPress Iks Menu – WordPress Category Accordion Menu plugin to the latest available version at least 1.9.2...

3.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.25 views

WordPress Page Visit Counter plugin <= 6.0.8 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Page Visit Counter plugin versions = 6.0.8. Solution No patched version available...

2.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.25 views

WordPress WP Notification Bell plugin < 1.3.13 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Notification Bell plugin versions 1.3.13. Solution Update the WordPress WP Notification Bell plugin to the latest available version at least 1.3.13...

3.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/21 12:0 a.m.25 views

WordPress Countdown & Clock plugin <= 2.2.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Countdown & Clock plugin versions = 2.2.8. Solution Update the WordPress Countdown & Clock plugin to the latest available version at least 2.2.9...

6.1CVSS3.1AI score0.00863EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/14 12:0 a.m.25 views

WordPress File Upload Pro premium plugin <= 4.16.2 - Contributor+ Stored Cross-Site Scripting (XSS) via Shortcode vulnerability

Contributor+ Stored Cross-Site Scripting XSS via Shortcode vulnerability discovered by apple502j in WordPress File Upload Pro premium plugin versions = 4.16.2. Solution Update the WordPress File Upload Pro premium plugin to the latest available version at least 4.16.3...

5.4CVSS2.9AI score0.0077EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/14 12:0 a.m.25 views

WordPress WP Cerber Security plugin <= 8.9.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WP Cerber Security plugin versions = 8.9.5. Solution Update the WordPress WP Cerber Security plugin to the latest available version at least 8.9.6...

6.1CVSS2.1AI score0.01378EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/14 12:0 a.m.25 views

WordPress File Upload plugin <= 4.16.2 - Stored Cross-Site Scripting (XSS) via Malicious SVG vulnerability

Stored Cross-Site Scripting XSS via Malicious SVG vulnerability discovered by apple502j in WordPress File Upload plugin versions = 4.16.2. Solution Update the WordPress File Upload plugin to the latest available version at least 4.16.3...

5.4CVSS2.8AI score0.0077EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/03 12:0 a.m.25 views

WordPress Revolut Gateway for WooCommerce plugin <= 3.1.1 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Budiony Damyanov in WordPress Revolut Gateway for WooCommerce plugin versions = 3.1.1. Solution Update the WordPress Revolut Gateway for WooCommerce plugin to the latest available version at least 3.1.2...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/02/01 12:0 a.m.25 views

WordPress Cost Calculator plugin <= 1.6 - Authenticated Local File Inclusion (LFI) vulnerability

Authenticated Local File Inclusion LFI vulnerability discovered by apple502j in WordPress Cost Calculator plugin versions = 1.6. Solution Deactivate and delete. This plugin has been closed as of November 3, 2021 and is not available for download. Reason: Security Issue...

6.5CVSS2.9AI score0.03EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/24 12:0 a.m.25 views

WordPress Coming soon and Maintenance mode plugin <= 3.6.6 - Arbitrary Email Sending to Subscribed Users vulnerability

Arbitrary Email Sending to Subscribed Users vulnerability discovered by Krzysztof Zając in WordPress Coming soon and Maintenance mode plugin versions = 3.6.6. Solution Update the WordPress Coming soon and Maintenance mode plugin to the latest available version at least 3.6.7...

4.3CVSS2.9AI score0.00344EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/19 12:0 a.m.25 views

WordPress Shield Security plugin <= 13.0.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Yoru Oni in WordPress Shield Security plugin versions = 13.0.5. Solution Update the WordPress Shield Security plugin to the latest available version at least 13.0.6...

4.8CVSS2AI score0.00588EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/18 12:0 a.m.25 views

WordPress Five Star Business Profile and Schema plugin <= 2.1.5 - Page creation and settings update leading to stored XSS vulnerability

Page creation and settings update leading to stored XSS vulnerability discovered by Krzysztof Zając in WordPress Five Star Business Profile and Schema plugin versions = 2.1.5. Solution Update the WordPress Five Star Business Profile and Schema plugin to the latest available version at least 2.1.6...

5.4CVSS2.4AI score0.00591EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/18 12:0 a.m.25 views

WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.5.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Harshit aka fumenoid and Sidhhant Chouhan aka sidchn in WordPress Image Photo Gallery Final Tiles Grid plugin versions = 3.5.2. Solution Update the WordPress Image Photo Gallery Final Tiles Grid plugin to the latest available version at...

5.4CVSS1.2AI score0.00595EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/06 12:0 a.m.25 views

WordPress RVM – Responsive Vector Maps plugin <= 6.4.1 - Arbitrary File Read vulnerability

Arbitrary File Read vulnerability discovered by Krzysztof Zając in WordPress RVM – Responsive Vector Maps plugin versions = 6.4.1. Solution Update the WordPress RVM – Responsive Vector Maps plugin to the latest available version at least 6.4.2...

6.5CVSS3.3AI score0.03005EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/13 12:0 a.m.25 views

WordPress The Plus Addons for Elementor Pro premium plugin <= 5.0.6 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Nicolas Vidal from TEHTRIS in WordPress The Plus Addons for Elementor Pro premium plugin versions = 5.0.6. Solution Update the WordPress The Plus Addons for Elementor Pro premium plugin to the latest available version at least 5.0.7...

9.8CVSS2.6AI score0.01704EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/11 12:0 a.m.25 views

WordPress AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh vigov5 in WordPress AMP for WP – Accelerated Mobile Pages plugin versions = 1.0.77.31. Solution Update the WordPress AMP for WP – Accelerated Mobile Pages plugin to the latest available version at least...

4.8CVSS2.4AI score0.00535EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/12/01 12:0 a.m.25 views

WordPress CAOS | Host Google Analytics Locally plugin <= 4.1.8 - Arbitrary Folder Deletion via Path Traversal vulnerability

Arbitrary Folder Deletion via Path Traversal vulnerability discovered by José Aguilera in WordPress CAOS | Host Google Analytics Locally plugin versions = 4.1.8. Solution Update the WordPress CAOS | Host Google Analytics Locally plugin to the latest available version at least 4.1.9...

4.9CVSS2.9AI score0.01021EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/29 12:0 a.m.25 views

WordPress Rich Reviews plugin <= 1.9.5 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress Rich Reviews plugin versions = 1.9.5. Solution Update the WordPress Rich Reviews plugin to the latest available version at least 1.9.6...

7.2CVSS2.8AI score0.01497EPSS
Exploits2References3Affected Software1
Total number of security vulnerabilities5000