Lucene search
K
PatchstackMost viewed

46681 matches found

Patchstack
Patchstack
added 2024/10/24 12:0 a.m.24 views

WordPress Advanced Sermons Plugin <= 3.4 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Sermons Type Plugin Vulnerable versions = 3.4 Fixed in 3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50458 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0e069038bb43 Credits SOPROBRO Required privilege Contributor...

6.5CVSS6.5AI score0.00241EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.24 views

WordPress Button contact VR Plugin <= 4.7.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Button contact VR Type Plugin Vulnerable versions = 4.7.9.1 Fixed in 4.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50414 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8a3582798f30 Credits UKO Required privilege...

5.9CVSS6.5AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.24 views

WordPress WordPress File Upload Plugin <= 4.24.11 is vulnerable to Path Traversal

Software WordPress File Upload Type Plugin Vulnerable versions = 4.24.11 Fixed in 4.24.12 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-9047 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5fa6436aa19c Credits Arkadiusz Hydzik Required...

9.8CVSS6.5AI score0.92319EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2024/10/10 12:0 a.m.24 views

WordPress WP-Advanced-Search Plugin < 3.3.9.2 is vulnerable to SQL Injection

Software WP-Advanced-Search Type Plugin Vulnerable versions 3.3.9.2 Fixed in 3.3.9.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9796 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 872f69a2765a Credits Wojciech Jezowski Required privilege...

9.8CVSS6.9AI score0.02991EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2024/10/08 12:0 a.m.24 views

WordPress Survey Maker Plugin <= 4.9.5 is vulnerable to Cross Site Scripting (XSS)

Software Survey Maker Type Plugin Vulnerable versions = 4.9.5 Fixed in 4.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8488 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7656cef316d3 Credits Jonas Benjamin Friedli...

4.8CVSS5.7AI score0.00258EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/07 12:0 a.m.24 views

WordPress Hash Form Plugin <= 1.1.9 is vulnerable to Arbitrary File Upload

Software Hash Form Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9417 Patch priority High CVSS severity High 6.1 Developer Claim ownership PSID 599a3ecad6e0 Credits Rein Daelman trein Required privilege...

6.1CVSS6.9AI score0.00338EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.24 views

WordPress TinyPNG Plugin <= 3.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software TinyPNG Type Plugin Vulnerable versions = 3.4.3 Fixed in 3.4.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-47635 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9470f9a7ceb0 Credits Rafie Muhammad Patchstack...

5.4CVSS6.6AI score0.00164EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/11 12:0 a.m.24 views

WordPress Elementor Website Builder Plugin <= 3.23.4 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.23.4 Fixed in 3.24.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5416 Patch priority Low CVSS severity Low 6.5 Developer Elementor PSID 8f473cdb82fd Credits wesley wcraft...

5.4CVSS5.8AI score0.00372EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/22 12:0 a.m.24 views

WordPress AcyMailing SMTP Newsletter Plugin <= 9.7.2 is vulnerable to Arbitrary File Upload

Software AcyMailing SMTP Newsletter Type Plugin Vulnerable versions = 9.7.2 Fixed in 9.8.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7384 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 51ad1438d775 Credits Arkadiusz Hydzik Required...

8.8CVSS6.8AI score0.00958EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/20 12:0 a.m.24 views

WordPress GiveWP Plugin <= 3.13.0 is vulnerable to Broken Access Control

Software GiveWP Type Plugin Vulnerable versions = 3.13.0 Fixed in 3.14.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5939 Patch priority Low CVSS severity Low 5.3 Developer Liquid Web / StellarWP PSID 8ee538f964d1 Credits villu164 Required privilege...

5.3CVSS6.6AI score0.00481EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/07/29 12:0 a.m.24 views

WordPress Profile Builder Plugin < 3.11.8 is vulnerable to Broken Access Control

Software Profile Builder Type Plugin Vulnerable versions 3.11.8 Fixed in 3.11.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-6366 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 351dbb0efb2f Credits Michel Prunet Required privile...

9.1CVSS6.5AI score0.28993EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/07/11 12:0 a.m.24 views

WordPress Duplicator Plugin <= 1.5.9 is vulnerable to Full Path Disclosure (FPD)

Software Duplicator Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.10 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-6210 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d4d879d29752 Credits stealthcopter Required...

5.3CVSS6.6AI score0.00579EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/28 12:0 a.m.24 views

WordPress Elementor Pro Plugin <= 3.21.2 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Pro Type Plugin Vulnerable versions = 3.21.2 Fixed in 3.21.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35656 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 41d6dec3f86d Credits Michael Required privilege...

7.1CVSS6.6AI score0.00331EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/28 12:0 a.m.24 views

WordPress ARMember Premium Plugin < 6.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ARMember Premium Type Plugin Vulnerable versions 6.7.1 Fixed in 6.7.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47424 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b77f7fcbe1ab Credits Cat Required privile...

5.4CVSS6.4AI score0.00185EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/24 12:0 a.m.24 views

WordPress Hash Form Plugin <= 1.1.0 is vulnerable to Remote Code Execution (RCE)

Software Hash Form Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-5084 Patch priority High CVSS severity High 10 Developer Claim ownership PSID da300dc670df Credits Francesco Carlucci Required privilege...

9.8CVSS7.1AI score0.50934EPSS
Exploits8References3Affected Software1
Patchstack
Patchstack
added 2024/05/07 12:0 a.m.24 views

WordPress Table Maker Plugin <= 1.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Table Maker Type Plugin Vulnerable versions = 1.9.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34574 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7c1bf395ed48 Credits CatFather Required privilege Author Publishe...

5.9CVSS6.6AI score0.00338EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.24 views

WordPress Master Slider Plugin <= 3.9.5 is vulnerable to PHP Object Injection

Software Master Slider Type Plugin Vulnerable versions = 3.9.5 Fixed in 3.9.7 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32600 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID d3cbc5a0e9db Credits Rafie Muhammad Patchstack Required privile...

9.6CVSS6.8AI score0.00492EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.24 views

WordPress WooCommerce Plugin < 8.6 is vulnerable to Broken Access Control

Software WooCommerce Type Plugin Vulnerable versions 8.6 Fixed in 8.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1310 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1c0523f0c515 Credits Scott Kingsley Clark Required privilege...

4.9CVSS6.5AI score0.0068EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2024/04/10 12:0 a.m.24 views

WordPress X-T9 Theme <= 1.19.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software X-T9 Type Theme Vulnerable versions = 1.19.0 Fixed in 1.19.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f76c7713c16f Credits Dhabaleshwar Das Required...

4.3CVSS4.3AI score0.00368EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.24 views

WordPress Post Views Counter Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Views Counter Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31264 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 68843b34fde0 Credits Brandon Roldan...

4.3CVSS6.6AI score0.002EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/02/22 12:0 a.m.24 views

WordPress Elementor Addon Elements Plugin <= 1.12.12 is vulnerable to Local File Inclusion

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.12.12 Fixed in 1.13 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-1358 Patch priority Low CVSS severity Low 8.8 Developer WPVibes PSID 7c75b4731d57 Credits wesley wcraft Required privilege...

8.8CVSS6.8AI score0.01235EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/01/18 12:0 a.m.24 views

WordPress Unlimited Addons for WPBakery Page Builder Plugin <= 1.0.42 is vulnerable to Arbitrary File Upload

Software Unlimited Addons for WPBakery Page Builder Type Plugin Vulnerable versions = 1.0.42 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6925 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID 9599a24cfc17 Credits István Márton...

7.2CVSS6.8AI score0.01496EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/01/15 12:0 a.m.24 views

WordPress The Events Calendar Plugin <= 6.2.8.2 is vulnerable to Sensitive Data Exposure

Software The Events Calendar Type Plugin Vulnerable versions = 6.2.8.2 Fixed in 6.2.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6557 Patch priority Low CVSS severity Low 5.3 Developer Liquid Web / StellarWP PSID 4e6ed43ca389 Credits Nicolas...

5.3CVSS6.5AI score0.00562EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/01/04 12:0 a.m.24 views

WordPress LearnPress Plugin <= 4.2.5.7 is vulnerable to Remote Code Execution (RCE)

Software LearnPress Type Plugin Vulnerable versions = 4.2.5.7 Fixed in 4.2.5.8 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-6634 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID acb9af544a85 Credits hir0ot Required privilege...

9.8CVSS7.1AI score0.08544EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.24 views

WordPress Dan's Embedder for Google Calendar Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Dan's Embedder for Google Calendar Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51504 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e9f89f8b2081 Credits Ngô Thiên An ancorn fro...

6.5CVSS6.6AI score0.00736EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.24 views

WordPress Backup Migration Plugin <= 1.3.9 is vulnerable to Path Traversal

Software Backup Migration Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.4.0 OWASP Top 10 A5: Security Misconfiguration Classification Path Traversal CVE CVE-2023-6972 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 63ca4651f92b Credits NP3228 Required privilege...

9.8CVSS6.4AI score0.0139EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/11/23 12:0 a.m.24 views

WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to SQL Injection

Software Porto Theme - Functionality Type Plugin Vulnerable versions 2.12.1 Fixed in 2.12.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-48738 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 5a7e2b4a3331 Credits Rafie Muhammad Patchstack Required...

9.8CVSS7.2AI score0.00774EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/11/21 12:0 a.m.24 views

WordPress Userpro Plugin <= 5.1.4 is vulnerable to Privilege Escalation

Software Userpro Type Plugin Vulnerable versions = 5.1.4 Fixed in 5.1.5 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2023-6009 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7046ef9feaa8 Credits István Márton Required privilege...

8.8CVSS6.8AI score0.00923EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/10/09 12:0 a.m.24 views

WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Popular Posts Type Plugin Vulnerable versions = 6.3.2 Fixed in 6.3.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45607 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1c445e00e39 Credits Rafie Muhammad Patchstack...

6.5CVSS6.5AI score0.0034EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/08/10 12:0 a.m.24 views

WordPress Stock Ticker Plugin <= 3.23.2 is vulnerable to Cross Site Scripting (XSS)

Software Stock Ticker Type Plugin Vulnerable versions = 3.23.2 Fixed in 3.23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45365 Patch priority Medium CVSS severity Medium 7.1 Developer Aleksandar Urošević PSID b2f877d49771 Credits Aman Rawat...

7.1CVSS5.6AI score0.49315EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/20 12:0 a.m.24 views

WordPress JupiterX Core Plugin <= 4.6.6 is vulnerable to Arbitrary File Download

Software JupiterX Core Type Plugin Vulnerable versions = 4.6.6 Fixed in 4.6.9 OWASP Top 10 A3: Injection Classification Arbitrary File Download CVE CVE-2023-3813 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 89a622a39c6e Credits István Márton Required privilege...

7.5CVSS6.8AI score0.00987EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.24 views

WordPress Simple Cart Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Cart Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d50ef7e26bc5 Credits Rafie Muhammad Patchstack Required...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/04 12:0 a.m.24 views

WordPress User Registration Plugin <= 3.0.2 is vulnerable to Arbitrary File Upload

Software User Registration Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.2.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-3342 Patch priority High CVSS severity High 9.9 Developer Masteriyo PSID 9e6954072452 Credits István Márton Required privilege Subscribe...

9.9CVSS6.8AI score0.01454EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/06/27 12:0 a.m.24 views

WordPress Kanban Boards for WordPress Plugin < 2.5.21 is vulnerable to Cross Site Scripting (XSS)

Software Kanban Boards for WordPress Type Plugin Vulnerable versions 2.5.21 Fixed in 2.5.21 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0873 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 29201871ee56 Credits Shreya Pohek...

4.8CVSS5.8AI score0.00548EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/05/31 12:0 a.m.24 views

WordPress ReviewX Plugin <= 1.6.13 is vulnerable to Privilege Escalation

Software ReviewX Type Plugin Vulnerable versions = 1.6.13 Fixed in 1.6.14 OWASP Top 10 A6: Security Misconfiguration Classification Privilege Escalation CVE CVE-2023-2833 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 0ccf8a6d79e5 Credits Lana Codes Required privilege...

8.8CVSS6.4AI score0.1748EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2023/04/20 12:0 a.m.24 views

WordPress ChatBot Plugin <= 4.4.6 is vulnerable to PHP Object Injection

Software ChatBot Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1650 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 84bd0e4874e7 Credits Erwan LR Required privilege Unauthenticated...

9.8CVSS7.2AI score0.34351EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/27 12:0 a.m.24 views

WordPress WP Table Manager Plugin <= 3.5.2 is vulnerable to Broken Access Control

Software WP Table Manager Type Plugin Vulnerable versions = 3.5.2 Fixed in 3.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-47601 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID dd961e3e7567 Credits Cat Required privilege...

6.5AI score0.00393EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/01/04 12:0 a.m.24 views

WordPress Show-Hide / Collapse-Expand Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Show-Hide / Collapse-Expand Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4829 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID a608bae568e8 Credits István...

5.4CVSS5.7AI score0.0049EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2022/11/21 12:0 a.m.24 views

WordPress Betheme premium theme <= 26.6.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in the WordPress Betheme premium theme versions = 26.6.1. Solution No reply from the vendor...

2.2AI score0.00383EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/17 12:0 a.m.24 views

WordPress Ezoic plugin <= 2.8.8 - Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability

Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability discovered by José Aguilera Patchstack Alliance in the WordPress Ezoic plugin versions = 2.8.8. Solution Update the WordPress Ezoic plugin to the latest available version at least 2.8.9...

6.1CVSS3.5AI score0.00406EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/09 12:0 a.m.24 views

WordPress Quick Restaurant Reservations plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by thiennv Patchstack Alliance in WordPress Quick Restaurant Reservations plugin versions = 1.5.4. Solution Update the WordPress Quick Restaurant Reservations plugin to the latest available version at least 1.5.5...

4.6AI score0.00295EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.24 views

WordPress WP-Polls plugin <= 2.75.6 - IP Validation Bypass vulnerability

IP Validation Bypass vulnerability discovered by Daniel Ruf in WordPress WP-Polls plugin versions = 2.75.6. Solution Update the WordPress WP-Polls plugin to the latest available version at least 2.76.0...

5.3CVSS2.2AI score0.0063EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.24 views

WordPress Event Monster plugin <= 1.1.20 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Visitors Deletion discovered by Thura Moe Myint in the WordPress Event Monster plugin versions = 1.1.20. Solution Update the WordPress Event Management Tickets Booking plugin to the latest available version at least 1.2.0...

4.3CVSS3.6AI score0.00274EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.24 views

WordPress Booster Elite for WooCommerce premium plugin < 1.1.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Checkout Files Deletion discovered by WPScan in WordPress Booster for WooCommerce premium plugin versions 1.1.7. Solution Update the WordPress Booster Elite for WooCommerce plugin to the latest available version at least 1.1.7...

8.1CVSS3.2AI score0.00371EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/30 12:0 a.m.24 views

WordPress Appointment Hour Booking plugin <= 1.3.71 - Missing Authorization vulnerability

Missing Authorization vulnerability leading to Feedback Submission discovered by Lana Codes Patchstack Alliance in the WordPress Appointment Hour Booking plugin versions = 1.3.71. Solution Update the WordPress Appointment Hour Booking plugin to the latest available version at least 1.3.72...

8.8CVSS3AI score0.00494EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/29 12:0 a.m.24 views

WordPress Forms by CaptainForm <= 2.5.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Account Disconnect discovered by Rasi Afeef Patchstack Alliance in WordPress Forms by CaptainForm versions = 2.5.3. Solution No patched version is available. No reply from the vendor...

3.5AI score0.00271EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/28 12:0 a.m.24 views

WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress Creative Mail plugin versions = 1.5.4. Solution Update the WordPress Creative Mail plugin to the latest available version at least 1.6.0...

8.8CVSS4.3AI score0.00264EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/28 12:0 a.m.24 views

WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Dave Jong Patchstack in the WordPress Api2Cart Bridge Connector plugin versions = 1.1.0. Solution Update the WordPress Api2Cart Bridge Connector plugin to the latest available version at least 1.2.0...

9.8CVSS3.6AI score0.00893EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/27 12:0 a.m.24 views

WordPress 3D Tag Cloud plugin <= 3.8 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes Patchstack Alliance in the WordPress 3D Tag Cloud plugin versions = 3.8. Solution Deactivate and delete. This plugin has been closed as of September 22, 2022 and is not available for downloa...

2.1AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/27 12:0 a.m.24 views

WordPress Gallery with thumbnail slider plugin <= 6.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Gallery with thumbnail slider plugin versions = 6.0. Solution Update the WordPress Gallery with thumbnail slider plugin to the latest available version at least 6.1...

3AI score0.00383EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000