Lucene search
K
PatchstackMost viewed

46681 matches found

Patchstack
Patchstack
added 2022/10/24 12:0 a.m.24 views

WordPress Image Zoom plugin <= 1.8.8 - Multiple Broken Access Control vulnerabilities

Multiple Broken Access Control vulnerabilities were discovered by Lana Codes Patchstack Alliance in the WordPress Image Zoom plugin versions = 1.8.8. Solution Deactivate and delete. This plugin has been closed as of September 19, 2022 and is not available for download. This closure is temporary,...

3.3AI score0.00364EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/24 12:0 a.m.24 views

WordPress Advanced Floating Content plugin <= 1.2.1 - Multiple Auth. Cross-Site Scripting (XSS) vulnerabilities

Multiple Auth. Cross-Site Scripting XSS vulnerabilities were discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress Advanced Floating Content plugin versions = 1.2.1. Solution Update the WordPress Advanced Floating Content plugin to the latest available version at least 1.2.2...

3.3AI score0.00386EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/17 12:0 a.m.24 views

WordPress Complianz premium plugin 6.3.3-6.3.5 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Sakri Rafael Koskimies saggre in the WordPress Complianz premium plugin versions 6.3.3-6.3.5. Solution Update the WordPress Complianz Premium plugin to the latest available version at least 6.3.6...

8.8CVSS4.2AI score0.01196EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/17 12:0 a.m.24 views

WordPress WooCommerce Dropshipping premium plugin <= 4.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by WPScan in WordPress WooCommerce Dropshipping premium plugin versions = 4.3. Solution Update the WordPress WooCommerce Dropshipping plugin to the latest available version at least 4.4...

9.8CVSS2.8AI score0.03686EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/12 12:0 a.m.24 views

WordPress Optinly plugin <= 1.0.11 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by ptsfence Patchstack Alliance in WordPress Optinly plugin = 1.0.11 Solution No patched version is available. No reply from the vendor...

3.9AI score0.0028EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/05 12:0 a.m.24 views

WordPress LearnPress plugin <= 4.1.7.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability via REST API discovered by Nguyen Duy Quoc Khanh in the WordPress LearnPress plugin versions = 4.1.7.1. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.7.2...

8.1CVSS3.4AI score0.01786EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/29 12:0 a.m.24 views

WordPress HREFLANG Tags Lite plugin <= 2.0.0 - Unauthenticated Plugin Data Reset vulnerability

Unauthenticated Plugin Data Reset vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress HREFLANG Tags Lite plugin versions = 2.0.0. Solution No patched version is available. No reply from the vendor...

3.2AI score0.00656EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/29 12:0 a.m.24 views

WordPress Redirection for Contact Form 7 plugin <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability

Unauthenticated Options Change vulnerability discovered by mirphak Patchstack Alliance in WordPress Redirection for Contact Form 7 plugin versions = 2.4.0. Successful exploitation requires an additional extension plugin AccessiBe. An attacker can inject a script into the footer. Solution Update t...

7.5CVSS3.1AI score0.00527EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/23 12:0 a.m.24 views

WordPress Kraken.io Image Optimizer plugin <= 2.6.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability was discovered by Rasi Afeef Patchstack Alliance in the WordPress Kraken.io Image Optimizer plugin versions = 2.6.5. Solution Update the WordPress Kraken.io Image Optimizer plugin to the latest available version at least 2.6.6...

8.8CVSS4.1AI score0.00285EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/22 12:0 a.m.24 views

WordPress 3D Tag Cloud plugin <= 3.8 - Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Multiple Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Rasi Afeef in WordPress 3D Tag Cloud plugin versions = 3.8. Solution No patched version is available. No reply from the vendor...

6.1CVSS2.7AI score0.00231EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/12 12:0 a.m.24 views

WordPress Add Shortcodes Actions And Filters plugin <= 2.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Add Shortcodes Actions And Filters plugin versions = 2.0.9. Solution No patched version is available. No reply from the vendor...

4.8CVSS2.7AI score0.00539EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/08 12:0 a.m.24 views

WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability was discovered by Brandon Roldan Patchstack Alliance in the WordPress wpForo Forum plugin versions = 2.0.5. Solution Update the WordPress wpForo Forum plugin to the latest available version at least 2.0.6...

8.8CVSS3.9AI score0.00405EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/06 12:0 a.m.24 views

WordPress WP Socializer plugin <= 7.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered in WordPress WP Socializer plugin versions = 7.2 Solution Update the WordPress Socializer plugin to the latest available version at least 7.3...

4.8CVSS2.6AI score0.00591EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/05 12:0 a.m.24 views

WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability

Authenticated Plugin Setting change vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress WP Shamsi plugin versions = 4.1.1. Solution Update the WordPress WP Shamsi plugin to the latest available version at least 4.2.0...

4.3CVSS3.4AI score0.00517EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/02 12:0 a.m.24 views

WordPress History Timeline plugin <= 1.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress History Timeline plugin versions = 1.0.5. Solution Deactivate and delete. No reply from the vendor...

5.4CVSS2.3AI score0.00427EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/30 12:0 a.m.24 views

WordPress Beaver Builder plugin <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via caption

Authenticated Stored Cross-Site Scripting XSS vulnerability via caption discovered by Zhouyuan Yang in WordPress Beaver Builder plugin versions = 2.5.5.2. Solution Update the WordPress Beaver Builder plugin to the latest available version at least 2.5.5.3...

6.4CVSS2.9AI score0.00451EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/08/25 12:0 a.m.24 views

WordPress Accommodation System plugin <= 1.0.1 - Missing Access Control vulnerability

Missing Access Control vulnerability discovered by ptsfence Patchstack Alliance in WordPress Accommodation System plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full...

9.8CVSS4.7AI score0.00694EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/12 12:0 a.m.24 views

WordPress Notification Bar for WordPress plugin <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Notification Bar for WordPress plugin versions = 1.1.8. Solution Deactivate and delete. This plugin has been closed as of August 12, 2022 and is not available for download. This...

6.1CVSS2.5AI score0.00446EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/10 12:0 a.m.24 views

WordPress Easy Digital Downloads plugin <= 3.0.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability was discovered by Robert Rowley Patchstack in the WordPress Easy Digital Downloads plugin versions = 3.0.1. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 3.0.2...

7.2CVSS3.1AI score0.0069EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/07/29 12:0 a.m.24 views

WordPress Floating Div plugin <= 3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Floating Div plugin versions = 3.0. Solution No patched version available...

4.8CVSS2.8AI score0.00448EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/07/26 12:0 a.m.24 views

WordPress WPGraphQL WooCommerce plugin <= 0.11.0 - Unauthenticated Coupon Codes Disclosure vulnerability

Unauthenticated Coupon Codes Disclosure vulnerability discovered by Rohan Pagey in WordPress WPGraphQL WooCommerce plugin versions = 0.11.0. Solution No patched version available...

2.5AI score0.00724EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2022/07/26 12:0 a.m.24 views

WordPress WP Coder plugin <= 2.5.2 - Code Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Code Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress WP Coder plugin versions = 2.5.2. Solution Update the WordPress WP Coder plugin to the latest available version at least 2.5.3...

6.5CVSS4.1AI score0.00363EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/19 12:0 a.m.24 views

WordPress Easy Student Results plugin <= 2.2.8 - Sensitive Information Disclosure via REST API vulnerability

Sensitive Information Disclosure via REST API vulnerability discovered by Raad Haddad in WordPress Easy Student Results plugin versions = 2.2.8. Solution Deactivate and delete. This plugin has been closed as of July 11, 2022 and is not available for download. This closure is temporary, pending a...

7.5CVSS1.8AI score0.02801EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/18 12:0 a.m.24 views

WordPress WP DS Blog Map plugin <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress WP DS Blog Map plugin versions = 3.1.3. Solution Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download. This...

4.8CVSS0.7AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/07 12:0 a.m.24 views

WordPress Microsoft Advertising Universal Event Tracking (UET) plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Chowdhury Faizal Ahammed in WordPress Microsoft Advertising Universal Event Tracking UET plugin versions = 1.0.3. Solution Update the WordPress Microsoft Advertising Universal Event Tracking UET plugin to the latest availab...

4.8CVSS2.2AI score0.01052EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/30 12:0 a.m.24 views

WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability

Unauthenticated Arbitrary Option Update vulnerability discovered by m0ze Patchstack in WordPress Shortcode Addons plugin versions = 3.0.2. Solution Update the WordPress Shortcode Addons plugin to the latest available version at least 3.0.3...

9.8CVSS3.4AI score0.02654EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/06/27 12:0 a.m.24 views

WordPress Simple Post Notes plugin <= 1.7.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sachin Kumar eSec Forte Technologies Pvt Ltd in WordPress Simple Post Notes plugin versions = 1.7.5. Solution Update the WordPress Simple Post Notes plugin to the latest available version at least 1.7.6...

4.8CVSS1.7AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/27 12:0 a.m.24 views

WordPress Discount Rules for WooCommerce plugin <= 2.4.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress Discount Rules for WooCommerce plugin versions = 2.4.1. Solution Update the WordPress Discount Rules for WooCommerce plugin to the latest available version at least 2.4.2...

6.1CVSS2.5AI score0.00661EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/21 12:0 a.m.24 views

WordPress Best Contact Management Software plugin <= 3.7.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Benachi in WordPress Best Contact Management Software plugin versions = 3.7.3. Solution Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for download. This closure is temporary,...

4.8CVSS2.3AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/20 12:0 a.m.24 views

WordPress Very Simple Breadcrumb plugin <= 1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rahul Selvakumar in WordPress Very Simple Breadcrumb plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for download. This closure is temporary, pendi...

4.8CVSS2AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/14 12:0 a.m.24 views

WordPress Team Manager plugin <= 1.6.9 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Team Manager plugin versions = 1.6.9. Solution Deactivate and delete. No reply from the vendor...

5.4CVSS3.4AI score0.00585EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2022/06/06 12:0 a.m.24 views

WordPress Nested Pages plugin <= 3.1.20 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sachin Bahl eSec Forte Technologies Pvt Ltd in WordPress Nested Pages plugin versions = 3.1.20. Solution Update the WordPress Nested Pages plugin to the latest available version at least 3.1.21...

4.8CVSS1.7AI score0.00625EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/06 12:0 a.m.24 views

WordPress Product Configurator for WooCommerce plugin <= 1.2.31 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by cydave in WordPress Product Configurator for WooCommerce plugin versions = 1.2.31. Solution Update the WordPress Product Configurator for WooCommerce plugin to the latest available version at least 1.2.32...

9.1CVSS3.6AI score0.01662EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/06/03 12:0 a.m.24 views

WordPress Image Gallery – Grid Gallery plugin <= 1.1.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Image Gallery – Grid Gallery plugin versions = 1.1.5. Solution Update the WordPress Image Gallery – Grid Gallery plugin to the latest available version at least 1.1.6...

4.8CVSS2AI score0.00552EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/05/26 12:0 a.m.24 views

WordPress Promotion Slider plugin <= 3.3.4 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Promotion Slider plugin versions = 3.3.4. Solution Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download...

5.4CVSS2.3AI score0.00512EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.24 views

WordPress JupiterX premium theme <= 2.0.6 - Authenticated Path Traversal and Local File Inclusion (LFI) vulnerability

Authenticated Path Traversal and Local File Inclusion LFI vulnerability discovered by Ramuel Gall WordFence in WordPress JupiterX premium theme versions = 2.0.6. Solution Update the WordPress JupiterX premium theme to the latest available version at least 2.0.7...

8.8CVSS2.5AI score0.01624EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.24 views

WordPress MailerLite – Signup forms plugin <= 1.5.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Utkarsh Agrawal in WordPress MailerLite – Signup forms plugin versions = 1.5.3. Solution Update the WordPress MailerLite – Signup forms plugin to the latest available version at least 1.5.4...

6.1CVSS1.8AI score0.00815EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.24 views

WordPress HC Custom WP-Admin URL plugin <= 1.4 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress HC Custom WP-Admin URL plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of May 5, 2022 and is not available for download. This closure is temporar...

4.3CVSS2.6AI score0.00412EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/13 12:0 a.m.24 views

WordPress Files Download Delay plugin <= 1.0.6 - Subscriber+ Settings Reset vulnerability

Subscriber+ Settings Reset vulnerability discovered by Daniel Ruf in WordPress Files Download Delay plugin versions = 1.0.6. Solution Update the WordPress Files Download Delay plugin to the latest available version at least 1.0.7...

6.5CVSS3.3AI score0.00406EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/09 12:0 a.m.24 views

WordPress Call&Book Mobile Bar plugin <= 1.2.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Call&Book Mobile Bar plugin versions = 1.2.2. Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is not available for download. Thi...

4.8CVSS1.3AI score0.00565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/06 12:0 a.m.24 views

WordPress Remove CPT base plugin <= 5.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to CPT base deletion

Cross-Site Request Forgery CSRF vulnerability leading to CPT base deletion discovered by Ex.Mi Patchstack in WordPress Remove CPT base plugin versions = 5.8. Solution Update the WordPress Remove CPT base plugin to the latest available version at least 5.9...

5.8CVSS2.9AI score0.00361EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/05/03 12:0 a.m.24 views

WordPress Smush plugin <= 3.9.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Smush plugin versions = 3.9.8. Solution Update the WordPress Smush plugin to the latest available version at least 3.9.9...

6.1CVSS1.8AI score0.00757EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/28 12:0 a.m.24 views

WordPress Footer Text plugin <= 2.0.3 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability discovered by Rasi Afeef in WordPress Footer Text plugin versions = 2.0.3. Solution No patched version is available. No response from the vendor...

6.1CVSS2.2AI score0.00366EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/26 12:0 a.m.24 views

WordPress Vertical scroll recent post plugin <= 13.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Vertical scroll recent post plugin versions = 13.8. Solution Update the WordPress Vertical scroll recent post plugin to the latest available version at least 14.0...

6.1CVSS2AI score0.00757EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/25 12:0 a.m.24 views

WordPress Call Now Button plugin <= 1.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by 7coo and JrXnm in WordPress Call Now Button plugin versions = 1.1.1. Solution Update the WordPress Call Now Button plugin to the latest available version at least 1.1.2...

6.1CVSS2.1AI score0.00757EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/05 12:0 a.m.24 views

WordPress Event List plugin <= 0.8.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Event List plugin versions = 0.8.6. Solution Deactivate and delete. This plugin has been closed as of January 31, 2022 and is not available for download. Reason: Security Issue...

4.8CVSS2.6AI score0.00577EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/30 12:0 a.m.24 views

WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 5.174 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall Wordfence in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin versions = 5.174. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version at leas...

6.1CVSS2.8AI score0.02959EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2022/03/29 12:0 a.m.24 views

WordPress DW Question & Answer Pro premium plugin <= 1.3.4 - Arbitrary Comment Edition via IDOR vulnerability

Arbitrary Comment Edition via IDOR vulnerability discovered by Brandon Roldan in WordPress DW Question & Answer Pro premium plugin versions = 1.3.4. Solution No patched version is available...

4.3CVSS4.7AI score0.00632EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/29 12:0 a.m.24 views

WordPress Advanced Page Visit Counter <= 6.1.5 - Blind SQL Injection (SQLi) vulnerability

Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Advanced Page Visit Counter versions = 6.1.5. Solution Update the WordPress Advanced Page Visit Counter – Most Advanced WordPress Visit Counter Plugin to the latest available version at least 6.1.6...

8.8CVSS3.1AI score0.01341EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/28 12:0 a.m.24 views

WordPress Easy Digital Downloads plugin <= 2.11.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Muhamad Hidayat in WordPress Easy Digital Downloads plugin versions = 2.11.5. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 2.11.6...

4.8CVSS1.9AI score0.00638EPSS
Exploits2References3Affected Software1
Total number of security vulnerabilities5000