Lucene search
K
PatchstackMost viewed

46681 matches found

Patchstack
Patchstack
added 2015/04/02 12:0 a.m.25 views

WordPress Simple Ads Manager Plugin - Information Disclosure

Simple Ads Manager plugin is prone to an information disclosure vulnerability via "simple-ads-manager/sam-ajax-admin.php". This vulnerability allows an attacker to obtain sensitive information and in this way lead to further attacks. Solution Upgrade the plugin...

5.3CVSS3.1AI score0.12783EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2015/03/05 12:0 a.m.25 views

WordPress <= 4.2.3 - SQL Injection

Because of this vulnerability, an attacker can execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash. Solution Update WordPress...

7.5CVSS4.8AI score0.10986EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/02/11 12:0 a.m.25 views

WordPress Survey and Poll Plugin 1.1 - Blind SQL Injection

Survey and Poll plugin is prone to a Blind SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

7.5CVSS2.6AI score0.04737EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/01/13 12:0 a.m.25 views

WordPress Welcart e-Commerce Plugin <= 1.3.12 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML in an adddeliverymethod action to wp-admin/admin-ajax.php via 4 parameters: "name", "intl", "nocod", or "time parameter". Solution Update the plugin...

4.3CVSS2.8AI score0.02041EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/12/07 12:0 a.m.25 views

WordPress Shareaholic Plugin <= 7.6.0 - XSS

This vulnerability is in admin.php. It allows authenticated users to inject arbitrary web script or HTML via the "locationid" parameter that is in a shareaholicaddlocation action to wp-admin/admin-ajax.php. Solution Update the plugin...

3.5CVSS2.6AI score0.03892EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2014/11/13 12:0 a.m.25 views

WordPress Symposium Plugin <= 14.10 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the 4 parameters: "composetext" in a sendMail action to ajax/mailfunctions.php, "text" in an addComment action to ajax/profilefunctions.php, "comment" in an addcomment action to ajax/loungefunctions.php, o...

4.3CVSS2.8AI score0.01664EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/10/25 12:0 a.m.25 views

WordPress Creative Contact Form Plugin - Shell Upload

This Creative Contact Form plugin is prone to a shell upload vulnerability, in which the administrator or author could upload shell script, in the other words, default settings. Solution Upgrade the plugin...

9.8CVSS1.3AI score0.91656EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2014/10/07 12:0 a.m.25 views

WordPress Pods Plugin <= 2.4 - Multiple CSRF

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks via the "toggled" parameter in the pods-components page to wp-admin/admin.php, reset pod settings and data via the "podsreset" parameter in the...

6.8CVSS3.5AI score0.01164EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.25 views

WordPress Email Marketing and Newsletters Plugin <= 1.97 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "FormID" or "AdministratorID" parameters. Solution Update the plugin...

4.3CVSS3.1AI score0.01618EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/05/27 12:0 a.m.25 views

WordPress MailPoet Newsletters Plugin <= 2.6.10 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of arbitrary users. Solution Update the plugin...

6.8CVSS4.5AI score0.0107EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/04/10 12:0 a.m.25 views

WordPress GD Star Rating Plugin <= 19.22 - SQL Injection

Because of this vulnerability,administrators to execute arbitrary SQL commands via the "s" parameter in the gd-star-rating-stats page to wp-admin/admin.php. Solution Update the plugin...

7.5CVSS6.2AI score0.01641EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/01/20 12:0 a.m.25 views

WordPress <= 3.3.2 - Information Disclosure

Because of this vulnerability, the authenticated users can obtain sensitive information by visiting a draft. Solution Update the plugin...

4CVSS2.5AI score0.01889EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/01/16 12:0 a.m.25 views

WordPress Newsletter Manager Plugin <= 1.0.2 - Multiple CSRF and XSS

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct script insertion attacks or change an email address. Solution Update the plugin...

6.8CVSS3.2AI score0.00986EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/12/06 12:0 a.m.25 views

WordPress Firefox Adsense Plugin <= 3.0 - CSRF and XSS

Because of this vulnerability in askapache-firefox-adsense.php, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks. Solution Update the plugin...

6.8CVSS3.4AI score0.01151EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
added 2013/09/11 12:0 a.m.25 views

WordPress <= 3.6.0 - Cross Site Scripting #1

Because of this vulnerability, remote authenticated users can conduct cross-site scripting attacks. Solution Update WordPress...

3.5CVSS3.1AI score0.01764EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/06/12 12:0 a.m.25 views

WordPress NextGEN Gallery - Arbitrary File Upload

NextGEN Gallery plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Update the plugin...

10CVSS3.8AI score0.19231EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/06/12 12:0 a.m.25 views

WordPress <= 3.6.0 - Arbitrary Code Execution

Unsafe PHP unserialization in wp-includes/functions.php could cause arbitrary code execution. Solution Update the plugin...

7.5CVSS4.4AI score0.08749EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2013/05/07 12:0 a.m.25 views

WordPress Related Posts Plugin <= 2.6.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of users for requests that change settings via unspecified vectors. Solution Update the plugin...

6.8CVSS4.9AI score0.0107EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/04/22 12:0 a.m.25 views

WordPress qTranslate Plugin <= 2.5.34 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. Solution Update the plugin...

6.8CVSS5.3AI score0.0097EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/04/01 12:0 a.m.25 views

WordPress BackupBuddy Plugin <= 2.2.4 - Sensitive Data Exposure #3

This vulnerability is in the importbuddy.php. It allows the attackers to obtain sensitive information, or overwrite or delete files. Solution Update the plugin...

7.5CVSS4.5AI score0.02563EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/04/01 12:0 a.m.25 views

WordPress BackupBuddy Plugin <= 2.2.4 - Sensitive Data Exposure #1

This vulnerability is in the importbuddy.php. It allows the attackers to bypass authentication via a crafted integer in the "step" parameter. Solution Update the plugin...

7.5CVSS6.3AI score0.02563EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/02/19 12:0 a.m.25 views

WordPress <= 3.5.1 - Privilege Escalation

Because of this vulnerability, the authenticated users can bypass intended restrictions on publishing and authorship reassignment via unspecified vectors. Solution Update the plugin...

4CVSS5.2AI score0.01765EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2012/12/06 12:0 a.m.25 views

WordPress <= 1.5.4 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "id" parameter. Solution Update the plugin...

4.3CVSS3AI score0.03135EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/06/14 12:0 a.m.25 views

WordPress Count Per Day Plugin <= 3.1 - Multiple XSS

Because of these vulnerabilities in userperspan.php, the attackers can inject arbitrary web script or HTML via 3 parameters: "page", "datemax" or "datemin". Solution Update the plugin...

4.3CVSS2.8AI score0.02415EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/09/29 12:0 a.m.25 views

WordPress Pixiv Custom Theme 2.1.5 - Cross Site Scripting

WordPress Pixiv Custom theme's "cpage" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

4.3CVSS2.5AI score0.03789EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2010/12/08 12:0 a.m.25 views

WordPress Processing Embed Plugin 0.5 - Cross-Site Scripting Vulnerability

This Processing Embed plugin's "pluginurl" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

4.3CVSS2.8AI score0.03509EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2009/05/26 12:0 a.m.25 views

WordPress Lytebox Plugin 1.3 - Local File Inclusion

WP-Lytebox fails to properly sanitize user-supplied input, therefore it allows an attacker to include a file. An attacker can view files and execute scripts. Solution Upgrade to version 1.3.1 or later...

7.5CVSS3.8AI score0.09083EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/04/27 12:0 a.m.25 views

WordPress Spreadsheet Plugin <= 0.6 - SQL Injection

Because of this vulnerability in ssload.php, the attackers can execute arbitrary SQL commands via the "ssid"parameter. Solution Update the plugin...

7.5CVSS6.6AI score0.03161EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/02/28 12:0 a.m.25 views

WordPress Sniplets Plugin <= 1.2.2 - Eval Injection

Because of this vulnerability in modules/execute.php, the attackers can execute arbitrary PHP code via the "text" parameter. Solution Update the plugin...

7.5CVSS6.1AI score0.44222EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2007/08/22 12:0 a.m.25 views

WordPress Pool Theme <= 1.0.7 - XSS

Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the theme...

4.3CVSS2.6AI score0.03825EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2007/01/08 12:0 a.m.25 views

WordPress <= 2.0.5 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...

6.8CVSS1.8AI score0.02896EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2006/03/03 12:0 a.m.25 views

WordPress <= 2.0.1 - Multiple XSS

Because of these vulnerabilities, attackers can inject arbitrary web script or HTML via the name, website, and comment parameters. Solution Update the WordPress to the latest available version at least 2.0.2...

4.3CVSS2.7AI score0.0302EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/05/05 11:28 a.m.24 views

WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...

7.2CVSS5.8AI score0.00251EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/04 10:45 a.m.24 views

WordPress WP FOFT Loader plugin <= 2.1.39 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by Williwollo CybrX in WordPress Plugin WP FOFT Loader versions = 2.1.39...

8.8CVSS5.3AI score0.00651EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/09/16 10:52 p.m.24 views

WordPress Blocksy Companion plugin <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via blocksy_newsletter_subscribe Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via blocksynewslettersubscribe Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Blocksy Companion versions = 2.1.10...

6.4CVSS5.5AI score0.00231EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/16 12:13 p.m.24 views

WordPress Videopack plugin <= 4.10.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 63n0 in WordPress Plugin Videopack versions = 4.10.3...

6.5CVSS6AI score0.00165EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/23 12:0 a.m.24 views

WordPress MagOne Theme <= 8.5 is vulnerable to Cross Site Scripting (XSS)

Software MagOne Type Theme Vulnerable versions = 8.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-39488 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 150089f804cf Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...

6.8AI score0.00222EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/01 6:5 p.m.24 views

WordPress User Registration & Membership Pro plugin < 5.1.3 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by wesley wcraft in WordPress Plugin User Registration & Membership Pro versions 5.1.3...

8.1CVSS8.2AI score0.07248EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
added 2024/11/23 12:0 a.m.24 views

WordPress WP Mailster Plugin <= 1.8.16.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Mailster Type Plugin Vulnerable versions = 1.8.16.0 Fixed in 1.8.17.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-53737 Patch priority Low CVSS severity Low 6.5 Developer WP Mailster PSID 83aa8c3ff329 Credits Lam Que Chi Required privilege Contribut...

6.5AI score0.00291EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/21 12:0 a.m.24 views

WordPress WordPress Announcement & Notification Banner Plugin – Bulletin Plugin <= 3.11.7 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Announcement & Notification Banner Plugin – Bulletin Type Plugin Vulnerable versions = 3.11.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10682 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownersh...

6.1CVSS5.7AI score0.00588EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/09 12:0 a.m.24 views

WordPress Charitable Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Charitable Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10876 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2a28f1e125bc Credits Peter Thaleikis...

6.1CVSS5.6AI score0.0036EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.24 views

WordPress Postify: Post Layout For Elementor Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Postify: Post Layout For Elementor Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51893 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9a15834c2f21 Credits Gab Required privileg...

6.5CVSS6.5AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/07 12:0 a.m.24 views

WordPress Safe SVG Plugin < 2.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Safe SVG Type Plugin Vulnerable versions 2.2.6 Fixed in 2.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-8378 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6a85e49dfeba Credits Alexander Concha Required privilege Author...

4.8CVSS6.9AI score0.00303EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/11/05 12:0 a.m.24 views

WordPress MapPress Maps for WordPress Plugin <= 2.94.1 is vulnerable to Cross Site Scripting (XSS)

Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.94.1 Fixed in 2.94.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10715 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e896b2089ac1 Credits Akbar...

6.4CVSS5.8AI score0.00256EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/28 12:0 a.m.24 views

WordPress Wp Social Plugin <= 3.0.7 is vulnerable to Broken Authentication

Software Wp Social Type Plugin Vulnerable versions = 3.0.7 Fixed in 3.0.8 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2024-9501 Patch priority High CVSS severity High 9.8 Developer Wpmet PSID 239b8bacd5e7 Credits wesley wcraft Required privilege...

9.8CVSS6.6AI score0.00782EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.24 views

WordPress Advanced Sermons Plugin <= 3.4 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Sermons Type Plugin Vulnerable versions = 3.4 Fixed in 3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50458 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0e069038bb43 Credits SOPROBRO Required privilege Contributor...

6.5CVSS6.5AI score0.00241EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.24 views

WordPress Button contact VR Plugin <= 4.7.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Button contact VR Type Plugin Vulnerable versions = 4.7.9.1 Fixed in 4.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50414 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8a3582798f30 Credits UKO Required privilege...

5.9CVSS6.5AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.24 views

WordPress WordPress File Upload Plugin <= 4.24.11 is vulnerable to Path Traversal

Software WordPress File Upload Type Plugin Vulnerable versions = 4.24.11 Fixed in 4.24.12 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-9047 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5fa6436aa19c Credits Arkadiusz Hydzik Required...

9.8CVSS6.5AI score0.92319EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2024/10/10 12:0 a.m.24 views

WordPress WP-Advanced-Search Plugin < 3.3.9.2 is vulnerable to SQL Injection

Software WP-Advanced-Search Type Plugin Vulnerable versions 3.3.9.2 Fixed in 3.3.9.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9796 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 872f69a2765a Credits Wojciech Jezowski Required privilege...

9.8CVSS6.9AI score0.02991EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2024/10/08 12:0 a.m.24 views

WordPress Survey Maker Plugin <= 4.9.5 is vulnerable to Cross Site Scripting (XSS)

Software Survey Maker Type Plugin Vulnerable versions = 4.9.5 Fixed in 4.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8488 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7656cef316d3 Credits Jonas Benjamin Friedli...

4.8CVSS5.7AI score0.00258EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000