Lucene search
K
PatchstackMost viewed

46681 matches found

Patchstack
Patchstack
added 2021/12/11 12:0 a.m.25 views

WordPress AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh vigov5 in WordPress AMP for WP – Accelerated Mobile Pages plugin versions = 1.0.77.31. Solution Update the WordPress AMP for WP – Accelerated Mobile Pages plugin to the latest available version at least...

4.8CVSS2.4AI score0.00535EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/12/01 12:0 a.m.25 views

WordPress CAOS | Host Google Analytics Locally plugin <= 4.1.8 - Arbitrary Folder Deletion via Path Traversal vulnerability

Arbitrary Folder Deletion via Path Traversal vulnerability discovered by José Aguilera in WordPress CAOS | Host Google Analytics Locally plugin versions = 4.1.8. Solution Update the WordPress CAOS | Host Google Analytics Locally plugin to the latest available version at least 4.1.9...

4.9CVSS2.9AI score0.01021EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/29 12:0 a.m.25 views

WordPress Rich Reviews plugin <= 1.9.5 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress Rich Reviews plugin versions = 1.9.5. Solution Update the WordPress Rich Reviews plugin to the latest available version at least 1.9.6...

7.2CVSS2.8AI score0.01497EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/28 12:0 a.m.25 views

WordPress ScrollMe theme <= 2.1.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress ScrollMe theme versions = 2.1.0. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores th...

8.8CVSS2.4AI score0.01652EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2021/11/23 12:0 a.m.25 views

WordPress HTML5 Responsive FAQ plugin <= 2.8.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress HTML5 Responsive FAQ plugin versions = 2.8.5. Solution Deactivate and delete. This plugin has been closed as of November 23, 2021 and is not available for download. Reason: Security Issue...

4.8CVSS2.5AI score0.00588EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/23 12:0 a.m.25 views

WordPress WP Guppy plugin <= 1.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered by Keyvan Hardani in WordPress WP Guppy plugin versions = 1.2. Solution Update the WordPress WP Guppy plugin to the latest available version at least 1.3...

6.5CVSS1.3AI score0.02753EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2021/11/16 12:0 a.m.25 views

WordPress Push Notifications for WordPress (Lite) plugin <= 6.0 - Cross-Site Request Forgery (CSRF) leading to Settings Update

Cross-Site Request Forgery CSRF leading to Settings Update discovered by Ten Katouno in WordPress Push Notifications for WordPress Lite plugin versions = 6.0. Solution Update the WordPress Push Notifications for WordPress Lite plugin to the latest available version at least 6.0.1...

8.8CVSS2.7AI score0.00653EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/11/10 12:0 a.m.25 views

WordPress WP Reset PRO Premium Plugin <= 5.98 - Cross-Site Request Forgery (CSRF) vulnerability leading to Database Reset

Cross-Site Request Forgery CSRF vulnerability discovered by Dave Jong Patchstack in WordPress WP Reset PRO premium plugin versions = 5.98. Solution Update the WordPress WP Reset PRO premium plugin to the latest available version at least v5.99...

8.8CVSS2.7AI score0.00685EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2021/10/11 12:0 a.m.25 views

WordPress Pie Register plugin <= 3.7.1.5 - Unauthenticated Arbitrary Login vulnerability

Unauthenticated Arbitrary Login vulnerability discovered by AyeCode Ltd in WordPress Pie Register plugin versions = 3.7.1.5. Solution Update the WordPress Pie Register plugin to the latest available version at least 3.7.1.6...

3.4AI score0.08377EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2021/10/05 12:0 a.m.25 views

WordPress Simple Download Monitor plugin <= 3.9.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.4. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.5...

6.1CVSS2.7AI score0.008EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.25 views

WordPress Essential Widgets plugin <= 1.8 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Essential Widgets plugin versions = 1.8. Solution Update the WordPress Essential Widgets plugin to the latest available version at least 1.9...

5.7CVSS3.5AI score0.00408EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.25 views

WordPress SteamCast plugin <= 2.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Michał Lipiński in WordPress SteamCast plugin versions = 2.1. Solution Update the WordPress SteamCast plugin to the latest available version at least 2.1.1...

5.4CVSS1.9AI score0.00562EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/08/09 12:0 a.m.25 views

WordPress Disable Image Right Click plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Disable Image Right Click plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of January 6, 2022 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS1.7AI score0.01785EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/09 12:0 a.m.25 views

WordPress Titan Framework plugin <= 1.12.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress Titan Framework plugin versions = 1.12.1. Solution This plugin has been closed as of March 16, 2021 and is not available for download. This closure is permanent. Reason: Author Request...

6.1CVSS2.7AI score0.01785EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/29 12:0 a.m.25 views

WordPress Image Slider by Ays plugin <= 2.4.9 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Image Slider by Ays plugin versions = 2.4.9. Solution Update the WordPress Image Slider by Ays plugin to the latest available version at least 2.5.0...

8.8CVSS3.2AI score0.01362EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/22 12:0 a.m.25 views

WordPress Fudousan Pro (multi) premium plugin <= 5.7.0 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered by Yu Iwama in WordPress Fudousan Pro multi premium plugin versions = 5.7.0. Solution Update the WordPress Fudousan Pro multi premium plugin to the latest available version at least 5.7.2...

5.4CVSS2.1AI score0.00989EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2021/06/14 12:0 a.m.25 views

WordPress VikRentCar plugin <= 1.1.6 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Satyender Yadav in WordPress VikRentCar plugin versions = 1.1.6. Solution Update the WordPress VikRentCar plugin to the latest available version at least 1.1.7...

5.4CVSS2.4AI score0.00319EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/07 12:0 a.m.25 views

WordPress Smart Slider 3 PRO premium plugin <= 3.5.0.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Hardik Solanki in WordPress Smart Slider 3 PRO premium plugin versions = 3.5.0.8. Solution Update the WordPress Smart Slider 3 PRO premium plugin to the latest available version at least 3.5.0.9...

5.4CVSS1.4AI score0.00676EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2021/06/04 12:0 a.m.25 views

WordPress GeoDirectory Location Manager premium plugin <= v2.1.0.9 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities

Multiple Unauthenticated SQL Injection SQLi vulnerabilities discovered by Rafal Goryl in the WordPress GeoDirectory Location Manager premium plugin versions = v2.1.0.9. Solution Update the WordPress GeoDirectory Location Manager premium plugin to the latest available version at least 2.1.0.10...

9.8CVSS3.1AI score0.01832EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/04/25 12:0 a.m.25 views

WordPress W3 Total Cache plugin <= 2.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress W3 Total Cache plugin versions = 2.1.2. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.3...

4.8CVSS2.4AI score0.00622EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/04/16 12:0 a.m.25 views

WordPress Teamleader CRM Forms plugin <= 2.0.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Frank Liauw in WordPress Teamleader CRM Forms plugin versions = 2.0.0. Solution Update the WordPress Teamleader CRM Forms plugin to the latest available version at least 2.1.0...

2.8AI score0.01261EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/03/08 12:0 a.m.25 views

WordPress The Plus Addons for Elementor premium plugin <= 4.1.6 - Privilege Escalation vulnerability

Privilege Escalation vulnerability found by Ville Korhonen in WordPress The Plus Addons for Elementor premium plugin versions = 4.1.6. Solution Update the WordPress The Plus Addons for Elementor premium plugin to the latest available version at least 4.1.7...

9.8CVSS4.4AI score0.14462EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2021/02/08 12:0 a.m.25 views

WordPress NextGen Gallery plugin <= 3.4.7 - Cross-Site Request Forgery (CSRF) leading to XSS and RCE via file upload and LFI

Cross-Site Request Forgery CSRF leading to XSS and RCE via file upload and LFI found by WordFence in WordPress NextGen Gallery plugin versions = 3.4.7. Solution Update the WordPress NextGen Gallery plugin to the latest available version at least 3.5.0...

8.8CVSS3.7AI score0.01375EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2021/02/08 12:0 a.m.25 views

WordPress NextGen Gallery plugin <= 3.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to file upload

Cross-Site Request Forgery CSRF vulnerability leading to file upload found by WordFence in WordPress NextGen Gallery plugin versions = 3.4.7. Solution Update the WordPress NextGen Gallery plugin to the latest available version at least 3.5.0...

6.5CVSS3.3AI score0.00728EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2020/10/01 12:0 a.m.25 views

WordPress Activello theme <= 1.4.1 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Activello theme versions = 1.4.1. Solution Update the WordPress Activello theme to the latest available version at least 1.4.2...

3.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/09/02 12:0 a.m.25 views

WordPress Elementor Website Builder plugin <= 2.9.13 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by Th3 Hidd3n 0n3 in WordPress Elementor Website Builder plugin versions = 2.9.13. Solution Update the WordPress Elementor Website Builder plugin to the latest available version at least 2.9.140...

5.4CVSS2.1AI score0.65037EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2020/07/09 12:0 a.m.25 views

WordPress Knight Lab Timeline plugin <= 3.6.3.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability vulnerable TimelineJS library version discovered in WordPress Knight Lab Timeline plugin versions = 3.6.3.0. Solution Update the WordPress Knight Lab Timeline plugin to the latest available version at least 3.7.0.0...

7.2CVSS1.6AI score0.0106EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2020/06/22 12:0 a.m.25 views

WordPress Wp-Pro-Quiz plugin <= 0.37 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by HoanHP in WordPress Wp-Pro-Quiz plugin versions = 0.37. Solution This plugin has been closed as of June 17, 2020 and is not available for download. Reason: Security Issue...

2.6AI score0.00647EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2020/02/25 12:0 a.m.25 views

WordPress Hero Maps Premium plugin <= 2.2.1 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability discovered by Hooper Labs in WordPress Hero Maps Premium plugin versions = 2.2.1. Solution Update the WordPress Hero Maps Premium plugin to the latest available version at least 2.2.3...

6.1CVSS1.4AI score0.05651EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2019/09/15 12:0 a.m.25 views

WordPress Woody Ad Snippets plugin <= 2.2.7 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability found in WordPress Woody Ad Snippets plugin versions = 2.2.7. Solution Update the WordPress Woody Ad Snippets plugin to the latest available version at least 2.2.8...

5.4CVSS2.1AI score0.01028EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/08/27 12:0 a.m.25 views

WordPress Nextgen Gallery plugin <= 3.2.8 - SQL Injection vulnerability

SQL Injection vulnerability found by Tin Duong Fortinet FortiGuard Labs in WordPress Nextgen Gallery plugin versions = 3.2.8. Solution Update the WordPress Nextgen Gallery plugin to the latest available version at least 3.2.10...

9.8CVSS3.1AI score0.43353EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/07/26 12:0 a.m.25 views

WordPress Advanced Contact form 7 DB plugin <= 1.6.1 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability found by Tin Duong in WordPress Advanced Contact form 7 DB plugin versions = 1.6.1. Solution Update the WordPress Advanced Contact form 7 DB plugin to the latest available version at least 1.7.1...

9.8CVSS2.8AI score0.03995EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/06/12 12:0 a.m.25 views

WordPress WP Statistics plugin <= 12.6.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by kuqadk3 in WordPress WP Statistics plugin versions = 12.6.5. Solution Update the WordPress WP Statistics plugin to the latest available version at least 12.6.6.1...

5.4CVSS1.9AI score0.01109EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/06/11 12:0 a.m.25 views

WordPress Hustle – Pop-Ups, Slide-ins and Email Opt-ins plugin <= 6.0.7 - Unauthenticated CSV Injection vulnerability

Unauthenticated CSV Injection vulnerability found by Mark Parfeniuk in WordPress Hustle – Pop-Ups, Slide-ins and Email Opt-ins plugin versions = 6.0.7. Solution Update the WordPress Hustle – Pop-Ups, Slide-ins and Email Opt-ins plugin to the latest available version at least 6.0.8.1...

8.8CVSS2.6AI score0.02238EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/03/12 12:0 a.m.25 views

WordPress Blog2Social plugin <= 5.0.2 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by Tim Coen in WordPress Blog2Social plugin versions = 5.0.2. Solution Update the WordPress Blog2Social plugin to the latest available version at least 5.0.3...

6.1CVSS2AI score0.01408EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2019/01/28 12:0 a.m.25 views

WordPress Yet Another Stars Rating plugin <= 1.8.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability found by Paul Dannewitz in WordPress Yet Another Stars Rating plugin versions = 1.8.6. Solution Update the WordPress Yet Another Stars Rating plugin to the latest available version at least 1.8.7...

3.2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/06/22 12:0 a.m.25 views

WordPress Comments Import & Export plugin <= 2.3.1 - CSV Injection vulnerability

CSV Injection vulnerability found by Bhushan B. Patil in WordPress Comments Import & Export plugin versions = 2.0.5. No fully patched version available...

7.8CVSS3.9AI score0.05209EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2017/12/20 12:0 a.m.25 views

WordPress Concours plugin <=1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability found by Nicolas Buzy-Debat in WordPress Concours plugin versions =1.1 Solution Dec 20, 2017 - we were unable to find a patched version of this plugin last updated eight months ago. Uninstall or use it at your own risk...

6.1CVSS1.2AI score0.00938EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2017/01/03 12:0 a.m.25 views

WordPress WooCommerce Plugin <= 2.6.8 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability. It allows remote authenticated administrators to inject arbitrary code by manipulating tax-rate table values in CSV format. Solution Update the plugin...

4.8CVSS4.4AI score0.00904EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/06/23 12:0 a.m.25 views

WordPress <= 4.5.2 - XSS #2

WordPress 4.5.2 and previous versions are prone to a cross-site scripting vulnerability in the columntitle function in wp-admin/includes/class-wp-media-list-table.php. It allows an attacker to inject arbitrary web script or HTML via a crafted attachment name. Related:...

6.1CVSS3.4AI score0.02051EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/06/23 12:0 a.m.25 views

WordPress <= 4.5.2 - BYPASS #2

This vulnerability allows an attacker to bypass intended password-change restrictions by leveraging knowledge of a cookie. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-5-2-bypass http://db.threatpress.com/vulnerability/wordpress/wordpress-4-5-2-bypass-2...

7.5CVSS0.9AI score0.0279EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/04/13 12:0 a.m.25 views

WordPress Pondol Form to Mail Plugin <= 1.1 - Cross Site Scripting (XSS)

Because of this vulnerability, the variable itemid appears to send unsanitized data back to the users browser. Vulnerable file is pondol-formmail/pages/admin-mail-info.php. Solution Update the plugin...

6.1CVSS3.4AI score0.03462EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2016/04/12 12:0 a.m.25 views

WordPress Anti Plagiarism Plugin <= 3.60 - Cross-Site Scripting (XSS)

This plugin is prone to a cross site scripting vulnerability, because the variable "m" appears to send unsanitized data back to the users browser. Solution Update the plugin...

6.1CVSS3.8AI score0.04195EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2016/04/12 12:0 a.m.25 views

WordPress Parsi Font Plugin <= 4.2.5 - Cross Site Scripting (XSS)

This plugin is prone to a reflected cross site scripting vulnerability. Vulnerable file is /parsi-font/css.php. Solution Update the plugin...

6.1CVSS2.4AI score0.04448EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2016/04/12 12:0 a.m.25 views

WordPress <= 4.4.1 - XSS

WordPress before 4.4.1 is prone to a cross-site scripting XSS vulnerability. This vulnerability allows remote attackers to inject arbitrary script or HTML in the network settings page. Solution Update WordPress to 4.5...

6.1CVSS3.3AI score0.02515EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2016/03/25 12:0 a.m.25 views

WordPress <= 4.2.1 - XSS

This vulnerability in wp-includes/wp-db.php allows an attacker to inject arbitrary web script or HTML via a long comment which is improperly stored because there are some limitations on the MySQL TEXT data type. Solution Update WordPress...

6.1CVSS1.8AI score0.01784EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/02/04 12:0 a.m.25 views

WordPress <= 4.4.1 - Open Redirect

This vulnerability in the wpvalidateredirect function in wp-includes/pluggable.php allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL which triggers incorrect hostname parsing. Solution Update WordPress...

7.4CVSS5AI score0.04696EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/08/04 12:0 a.m.25 views

WordPress <= 4.2.3 - Multiple Vulnerabilities

WordPress 4.2.3 is prone to a cross site scripting and SQL injection vulnerabilities that exist because the sanitizewidgetinstance function in wp-includes/class-wp-customize-widgets.php does not use a constant-time comparison for widgets. In this way an attacker can execute a timing side-channel...

5CVSS1.9AI score0.08354EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/05/28 12:0 a.m.25 views

WordPress Users Ultra Plugin <= 1.5.15 - Multiple SQL Injection

Multiple SQL injection vulnerabilities allow the attackers to execute arbitrary SQL commands via 2 parameters: "datatarget" or "datavote" in a ratingvote wpajaxnoprivratingvote action to wp-admin/admin-ajax.php. Solution Update the plugin...

7.5CVSS7.3AI score0.02364EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2015/05/27 12:0 a.m.25 views

WordPress Free Counter Plugin 1.1 - Stored XSS

This vulnerability works by using wpajaxnoprivcheckstat action. Any user can perform a stored XSS attack. Solution Upgrade the plugin...

4.3CVSS2.5AI score0.04579EPSS
Exploits5References1Affected Software1
Total number of security vulnerabilities5000