Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2022/05/26 12:0 a.m.24 views

WordPress Promotion Slider plugin <= 3.3.4 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Promotion Slider plugin versions = 3.3.4. Solution Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download...

5.4CVSS2.3AI score0.00512EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.24 views

WordPress JupiterX premium theme <= 2.0.6 - Authenticated Path Traversal and Local File Inclusion (LFI) vulnerability

Authenticated Path Traversal and Local File Inclusion LFI vulnerability discovered by Ramuel Gall WordFence in WordPress JupiterX premium theme versions = 2.0.6. Solution Update the WordPress JupiterX premium theme to the latest available version at least 2.0.7...

8.8CVSS2.5AI score0.01624EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.24 views

WordPress HC Custom WP-Admin URL plugin <= 1.4 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress HC Custom WP-Admin URL plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of May 5, 2022 and is not available for download. This closure is temporar...

4.3CVSS2.6AI score0.00412EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/13 12:0 a.m.24 views

WordPress Files Download Delay plugin <= 1.0.6 - Subscriber+ Settings Reset vulnerability

Subscriber+ Settings Reset vulnerability discovered by Daniel Ruf in WordPress Files Download Delay plugin versions = 1.0.6. Solution Update the WordPress Files Download Delay plugin to the latest available version at least 1.0.7...

6.5CVSS3.3AI score0.00406EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/06 12:0 a.m.24 views

WordPress Remove CPT base plugin <= 5.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to CPT base deletion

Cross-Site Request Forgery CSRF vulnerability leading to CPT base deletion discovered by Ex.Mi Patchstack in WordPress Remove CPT base plugin versions = 5.8. Solution Update the WordPress Remove CPT base plugin to the latest available version at least 5.9...

5.8CVSS2.9AI score0.00361EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/05/03 12:0 a.m.24 views

WordPress Smush plugin <= 3.9.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Smush plugin versions = 3.9.8. Solution Update the WordPress Smush plugin to the latest available version at least 3.9.9...

6.1CVSS1.8AI score0.00757EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/28 12:0 a.m.24 views

WordPress Footer Text plugin <= 2.0.3 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability discovered by Rasi Afeef in WordPress Footer Text plugin versions = 2.0.3. Solution No patched version is available. No response from the vendor...

6.1CVSS2.2AI score0.00366EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/26 12:0 a.m.24 views

WordPress Vertical scroll recent post plugin <= 13.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Vertical scroll recent post plugin versions = 13.8. Solution Update the WordPress Vertical scroll recent post plugin to the latest available version at least 14.0...

6.1CVSS2AI score0.00757EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/05 12:0 a.m.24 views

WordPress Event List plugin <= 0.8.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Event List plugin versions = 0.8.6. Solution Deactivate and delete. This plugin has been closed as of January 31, 2022 and is not available for download. Reason: Security Issue...

4.8CVSS2.6AI score0.00577EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/30 12:0 a.m.24 views

WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 5.174 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall Wordfence in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin versions = 5.174. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version at leas...

6.1CVSS2.8AI score0.02959EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2022/03/29 12:0 a.m.24 views

WordPress DW Question & Answer Pro premium plugin <= 1.3.4 - Arbitrary Comment Edition via IDOR vulnerability

Arbitrary Comment Edition via IDOR vulnerability discovered by Brandon Roldan in WordPress DW Question & Answer Pro premium plugin versions = 1.3.4. Solution No patched version is available...

4.3CVSS4.7AI score0.00632EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/29 12:0 a.m.24 views

WordPress Advanced Page Visit Counter <= 6.1.5 - Blind SQL Injection (SQLi) vulnerability

Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Advanced Page Visit Counter versions = 6.1.5. Solution Update the WordPress Advanced Page Visit Counter – Most Advanced WordPress Visit Counter Plugin to the latest available version at least 6.1.6...

8.8CVSS3.1AI score0.01341EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/28 12:0 a.m.24 views

WordPress Easy Digital Downloads plugin <= 2.11.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Muhamad Hidayat in WordPress Easy Digital Downloads plugin versions = 2.11.5. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 2.11.6...

4.8CVSS1.9AI score0.00638EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/15 12:0 a.m.24 views

WordPress Post Grid plugin <= 2.1.15 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability via posttypes discovered by Krzysztof Zając in WordPress Post Grid plugin versions = 2.1.15. Solution Update the WordPress Post Grid plugin to the latest available version at least 2.1.16...

6.4CVSS2.8AI score0.00632EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/08 12:0 a.m.24 views

WordPress Easy Social Icons plugin <= 3.1.3 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by qerogram in WordPress Easy Social Icons plugin versions = 3.1.3. Solution Update the WordPress Easy Social Icons plugin to the latest available version at least 3.1.4...

7.2CVSS3.5AI score0.01265EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/08 12:0 a.m.24 views

WordPress Insights from Google PageSpeed plugin <= 4.0.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Insights from Google PageSpeed plugin versions = 4.0.3. Solution Update the WordPress Insights from Google PageSpeed plugin to the latest available version at least 4.0.4,...

6.1CVSS1.7AI score0.00863EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/07 12:0 a.m.24 views

WordPress Plezi plugin <= 1.0.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Brandon James Roldan in WordPress Plezi plugin versions = 1.0.2. Solution Update the WordPress Plezi plugin to the latest available version at least 1.0.3...

6.1CVSS2.1AI score0.00852EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/07 12:0 a.m.24 views

WordPress Wow Countdowns plugin <= 3.1.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by 0xdecafbad in WordPress Wow Countdowns plugin versions = 3.1.2. Solution Deactivate and delete. This plugin has been closed as of January 18, 2022 and is not available for download. This closure is temporary, pending a full review...

7.2CVSS3.3AI score0.01306EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/02 12:0 a.m.24 views

WordPress Coupon Affiliates plugin <= 4.16.4.4 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by cydave in WordPress Coupon Affiliates plugin versions = 4.16.4.4. Solution Update the WordPress Coupon Affiliates plugin to the latest available version at least 4.16.4.5...

6.1CVSS3.3AI score0.00852EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/01 12:0 a.m.24 views

WordPress Amelia plugin <= 1.0.46 - Arbitrary Appointments Update and Sensitive Data Disclosure vulnerability

Arbitrary Appointments Update and Sensitive Data Disclosure vulnerability discovered by Huli Cymetrics in WordPress Amelia plugin versions = 1.0.46. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.47...

5.5CVSS3.1AI score0.00609EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/01 12:0 a.m.24 views

WordPress Database Peek plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Database Peek plugin versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3.1AI score0.00788EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.24 views

WordPress Divi Content Restrictor plugin <= 1.3.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Divi Content Restrictor plugin versions = 1.3.0. Solution Update the WordPress Divi Content Restrictor plugin to the latest available version at least 1.4.1...

2.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.24 views

WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin < 1.3.0.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin versions 1.3.0.1. Solution Update the WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin to the latest available version at least 1.3.0.1...

2.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.24 views

WordPress Simple Link Directory plugin <= 7.7.1 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Simple Link Directory plugin versions = 7.7.1. Solution Update the WordPress Simple Link Directory plugin to the latest available version at least 7.7.2...

9.8CVSS3.3AI score0.10825EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.24 views

WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook plugin <= 1.1.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook plugin versions = 1.1.8. Solution Update the WordPress Forms to Zapier, Integromat, IFTTT, Workato,...

4.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.24 views

WordPress Ultimate Bulk SEO Noindex Nofollow – Speed up Penalty Recovery Ultimate SEO Booster plugin <= 1.0.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Ultimate Bulk SEO Noindex Nofollow – Speed up Penalty Recovery Ultimate SEO Booster plugin versions = 1.0.6. Solution No patched version available...

4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/21 12:0 a.m.24 views

WordPress Team Circle Image Slider With Lightbox plugin <= 1.0.15 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Team Circle Image Slider With Lightbox plugin versions = 1.0.15. Solution Update the WordPress Team Circle Image Slider With Lightbox plugin to the latest available version at least 1.0.16...

6.1CVSS1.7AI score0.00788EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/21 12:0 a.m.24 views

WordPress Cookie Information plugin <= 2.0.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Cookie Information plugin versions = 2.0.7. Solution Update the WordPress Cookie Information plugin to the latest available version at least 2.0.8...

6.1CVSS2.1AI score0.01601EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/13 12:0 a.m.24 views

WordPress 3D FlipBook plugin <= 1.12.0 - Subscriber+ Stored Cross-Site Scripting (XSS) vulnerability

Subscriber+ Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress 3D FlipBook plugin versions = 1.12.0. Solution Update the WordPress 3D FlipBook plugin to the latest available version at least 1.12.1...

5.4CVSS1.9AI score0.00591EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/10 12:0 a.m.24 views

WordPress Spiffy Calendar plugin <= 4.9.0 - Edit/Delete event via IDOR vulnerability

Edit/Delete event via IDOR vulnerability discovered in WordPress Spiffy Calendar plugin versions = 4.9.0 by Ex.Mi Patchstack. Solution Update the WordPress Spiffy Calendar plugin to the latest available version at least 4.9.1...

6.3CVSS4.4AI score0.00658EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2022/02/03 12:0 a.m.24 views

WordPress Yasr – Yet Another Stars Rating plugin <= 2.9.9 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by ThuraMoeMyint Patchstack Red Team project in WordPress Yasr – Yet Another Stars Rating plugin versions = 2.9.9. Solution Update the WordPress Yasr – Yet Another Stars Rating plugin to the latest available version at least 3.0.0...

6.1CVSS2.5AI score0.00803EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/01/18 12:0 a.m.24 views

WordPress GiveWP plugin <= 2.17.2 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress GiveWP plugin versions = 2.17.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.17.3...

6.1CVSS1.9AI score0.02145EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/11 12:0 a.m.25 views

WordPress Mortgage Calculators WP plugin <= 1.55 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ceylan Bozogullarindan in WordPress Mortgage Calculators WP plugin versions = 1.55. Solution Update the WordPress Mortgage Calculators WP plugin to the latest available version at least 1.56...

4.8CVSS1.8AI score0.05086EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2021/12/27 12:0 a.m.24 views

WordPress WP Extra File Types plugin <= 0.5 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by JrXnm in WordPress WP Extra File Types plugin versions = 0.5. Solution Update the WordPress WP Extra File Types plugin to the latest available version at least 0.5.1...

8CVSS1.8AI score0.00541EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/27 12:0 a.m.24 views

WordPress myCred plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress myCred plugin versions = 2.3.2. Solution Update the WordPress myCred plugin to the latest available version at least 2.4...

6.1CVSS2.1AI score0.00887EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/17 12:0 a.m.24 views

WordPress Smart Coupons for WooCommerce plugin <= 1.3.5 - Authenticated SQL injection (SQLi) vulnerability

Authenticated SQL injection SQLi vulnerability discovered in WordPress Smart Coupons for WooCommerce plugin versions = 1.3.5. Solution Update the WordPress Smart Coupons for WooCommerce plugin to the latest available version at least 1.3.6...

2.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/12/16 12:0 a.m.24 views

WordPress Crisp Live Chat plugin <= 0.31 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by José Aguilera in WordPress Crisp Live Chat plugin versions = 0.31. Solution Update the WordPress Crisp Live Chat plugin to the latest available version at least 0.32...

8.8CVSS1.9AI score0.00608EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/11/30 12:0 a.m.24 views

WordPress LiteSpeed Cache plugin <= 4.4.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Emil Kylander in WordPress LiteSpeed Cache plugin versions = 4.4.3. Solution Update the WordPress LiteSpeed Cache plugin to the latest available version at least 4.4.4...

4.8CVSS2.1AI score0.00654EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/28 12:0 a.m.24 views

WordPress Revolve theme <= 1.3.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Revolve theme versions = 1.3.1. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...

8.8CVSS2.7AI score0.01652EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2021/10/25 12:0 a.m.24 views

WordPress Ninja Tables plugin <= 4.1.7 - Stored Cross-Site Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Ninja Tables plugin versions = 4.1.7. Solution Update the WordPress Ninja Tables plugin to the latest available version at least 4.1.8...

4.8CVSS2AI score0.00686EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/18 12:0 a.m.24 views

WordPress LearnPress plugin <= 4.1.3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress LearnPress plugin versions = 4.1.3.1. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.3.2...

5.5CVSS1.9AI score0.05037EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/10/11 12:0 a.m.24 views

WordPress 404 to 301 plugin <= 3.0.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Logs Deletion

Cross-Site Request Forgery CSRF vulnerability leading to Logs Deletion discovered by apple502j in WordPress 404 to 301 plugin versions = 3.0.8. Solution Update the WordPress 404 to 301 plugin to the latest available version at least 3.0.9...

6.5CVSS3.2AI score0.00531EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/10/07 12:0 a.m.24 views

WordPress G Auto-Hyperlink plugin <= 1.0.1 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress G Auto-Hyperlink plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of June 18, 2021 and is not available for download. Reason: Security Issue...

7.2CVSS3.4AI score0.06561EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/05 12:0 a.m.24 views

WordPress Batch Cat plugin <= 0.3 - Arbitrary Categories Add/Set/Delete to Posts vulnerability

Arbitrary Categories Add/Set/Delete to Posts vulnerability discovered by Quentin VILLAIN 3wsec in WordPress Batch Cat plugin versions = 0.3. Solution Deactivate and delete. This plugin has been closed as of September 24, 2021 and is not available for download. This closure is temporary, pending a...

6.5CVSS3.7AI score0.00873EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/23 12:0 a.m.24 views

WordPress 3DPrint Lite plugin <= 1.9.1.4 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Spacehen in WordPress 3DPrint Lite plugin versions = 1.9.1.4. Solution Update the WordPress 3DPrint Lite plugin to the latest available version at least 1.9.1.5...

3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.24 views

WordPress Easy Twitter Feed plugin <= 1.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Michał Lipiński in WordPress Easy Twitter Feed plugin versions = 1.1. Solution Update the WordPress Easy Twitter Feed plugin to the latest available version at least 1.2...

5.4CVSS1.4AI score0.00629EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/17 12:0 a.m.24 views

WordPress eID Easy plugin <= 4.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress eID Easy plugin versions = 4.6. Solution Update the WordPress eID Easy plugin to the latest available version at least 4.7...

6.1CVSS2.3AI score0.0075EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.24 views

WordPress RSVPmaker Excel plugin <= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress RSVPmaker Excel plugin versions = 1.1. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.9AI score0.00866EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.24 views

WordPress SMS OVH plugin <= 0.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress SMS OVH plugin versions = 0.1. Solution This plugin has been closed as of August 24, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3AI score0.00757EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/08/17 12:0 a.m.24 views

WordPress PostX – Gutenberg Blocks for Post Grid plugin <= 2.4.9 - Missing Access Controls vulnerability

Missing Access Controls vulnerability discovered by apple502j in WordPress PostX – Gutenberg Blocks for Post Grid plugin versions = 2.4.9. Solution Update the WordPress PostX – Gutenberg Blocks for Post Grid plugin to the latest available version at least 2.4.10...

6.5CVSS2.7AI score0.00693EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities5000