Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
•added 2021/08/13 12:0 a.m.•24 views

WordPress 2Way VideoCalls and Random Chat – HTML5 Webcam Videochat plugin <= 5.2.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress 2Way VideoCalls and Random Chat – HTML5 Webcam Videochat plugin versions = 5.2.7. Solution Update WordPress 2Way VideoCalls and Random Chat – HTML5 Webcam Videochat plugin to the latest available version at least 5.2...

6.1CVSS2.1AI score0.00895EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/07/30 12:0 a.m.•24 views

WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Jörgson Patchstack Red Team in WordPress Absolutely Glamorous Custom Admin plugin versions = 6.8. Solution Update the WordPress Absolutely Glamorous Custom Admin plugin to the latest available version at least 6.9, addition...

8.2CVSS1.6AI score0.00717EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2021/07/20 12:0 a.m.•24 views

WordPress HM Multiple Roles plugin <= 1.2 - Arbitrary Role Change vulnerability

Arbitrary Role Change vulnerability discovered by clemorphy in WordPress HM Multiple Roles plugin versions = 1.2. Solution Update the WordPress HM Multiple Roles plugin to the latest available version at least 1.3...

8.8CVSS2AI score0.01509EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/07/06 12:0 a.m.•24 views

WordPress WP HTML Mail plugin <= 3.0.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Konan Nagashima in WordPress WP HTML Mail plugin versions = 3.0.6. Solution Update the WordPress WP HTML Mail plugin to the latest available version at least 3.0.8...

8.8CVSS1.2AI score0.0087EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
•added 2021/07/02 12:0 a.m.•24 views

WordPress Workreap premium theme <= 2.2.1 - Unauthenticated Upload vulnerability leading to Remote Code Execution (RCE)

Unauthenticated Upload vulnerability leading to Remote Code Execution RCE discovered by Harald Eilertsen Jetpack in WordPress Workreap premium theme versions = 2.2.1. Solution Update the WordPress Workreap premium theme to the latest available version at least 2.2.2...

9.8CVSS3.4AI score0.60113EPSS
Exploits9References3Affected Software1
Patchstack
Patchstack
•added 2021/07/01 12:0 a.m.•24 views

WordPress WP Google Map plugin <= 1.7.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Pratik Khalane in WordPress WP Google Map plugin versions = 1.7.6. Solution Update the WordPress WP Google Map plugin to the latest available version at least 1.7.7...

4.8CVSS1.7AI score0.00668EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/06/28 12:0 a.m.•24 views

WordPress ProfilePress plugin 3.0 – 3.1.3 - Authenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Chloe Chamberland WordFence in WordPress ProfilePress plugin versions 3.0 – 3.1.3. 06.29.2021 - WordFence updated the vulnerable version to 3.0 - 3.1.3. Solution Update the WordPress ProfilePress plugin to the latest available versi...

9.8CVSS2.6AI score0.0412EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/05/31 12:0 a.m.•24 views

WordPress Quiz And Survey Master plugin <= 7.1.17 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by renniepak in WordPress Quiz And Survey Master plugin versions = 7.1.17. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.1.18...

6.1CVSS2.2AI score0.00827EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
•added 2021/05/05 12:0 a.m.•24 views

WordPress Hana Flv Player plugin <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Kishore Hariram in WordPress Hana Flv Player plugin versions = 3.1.3. Solution No patched version is available. The last version was released 8 years ago...

5.4CVSS0.9AI score0.0062EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/05/03 12:0 a.m.•24 views

WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 5.153.3 - Unauthenticated Time-Based Blind SQL Injection (SQLi) vulnerability

Unauthenticated Time-Based Blind SQL Injection SQLi vulnerability discovered by WordFence in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin versions = 5.153.3. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version ...

7.5CVSS3.3AI score0.04691EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/04/19 12:0 a.m.•24 views

WordPress Ultimate Maps by Supsystic plugin <= 1.2.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Ultimate Maps by Supsystic plugin versions = 1.2.4. Solution Update the WordPress Ultimate Maps by Supsystic to the latest available version at least 1.2.5...

6.1CVSS1.8AI score0.17638EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
•added 2021/04/16 12:0 a.m.•24 views

WordPress Shopello API plugin <= 2.9.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Frank Liauw in WordPress Shopello API plugin versions = 2.9.0. Solution This plugin has been closed as of April 12, 2021 and is not available for download. This closure is temporary, pending a full review...

2.9AI score0.01261EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
•added 2021/04/08 12:0 a.m.•24 views

WordPress Stop Spammers plugin <= 2021.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Hoseinvita in WordPress Stop Spammers plugin versions = 2021.8. Solution Update the WordPress Stop Spammers plugin to the latest available version at least 2021.9...

6.1CVSS1.9AI score0.05721EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
•added 2021/03/23 12:0 a.m.•24 views

WordPress GiveWP plugin <= 2.9.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Austin Bentley in WordPress GiveWP plugin versions = 2.9.7. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.10.0...

6.1CVSS2.1AI score0.0137EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
•added 2021/01/12 12:0 a.m.•24 views

WordPress Elementor Contact Form DB plugin <= 1.5 - Cross-Site Request Forgery (CSRF) via backend admin pages vulnerability

Cross-Site Request Forgery CSRF via backend admin pages vulnerability found in WordPress Elementor Contact Form DB plugin versions = 1.5. Solution Update the WordPress Elementor Contact Form DB plugin to the latest available version at least 1.6...

6.5CVSS4.8AI score0.009EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
•added 2020/10/21 12:0 a.m.•24 views

WordPress Simple Download Monitor plugin <= 3.8.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8 . Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...

6.1CVSS2.7AI score0.00931EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2020/09/17 12:0 a.m.•24 views

WordPress Discount Rules for WooCommerce plugin <= 2.2.0 - Multiple Authorization Bypass vulnerabilities

Multiple Authorization Bypass vulnerabilities found by WordFence in WordPress Discount Rules for WooCommerce plugin versions = 2.2.0. Solution Update the WordPress Discount Rules for WooCommerce plugin to the latest available version at least 2.2.1...

3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2020/09/16 12:0 a.m.•24 views

WordPress WP Hotel Booking plugin <= 1.10.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress WP Hotel Booking plugin versions = 1.10.1. Solution Update the WordPress WP Hotel Booking plugin to the latest available version at least 1.10.2...

2.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2020/07/29 12:0 a.m.•24 views

WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 5.1.0 - Persistent Cross-Site Scripting (XSS) vulnerability

Persistent Cross-Site Scripting XSS vulnerability found by Jinson Varghese Behanan in WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin versions = 5.1.0. Solution Update the WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin to...

5.4CVSS2.1AI score0.03757EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
•added 2020/04/20 12:0 a.m.•24 views

WordPress Advanced Access Manager plugin <= 6.6.1 - Authenticated Authorization Bypass and Privilege Escalation vulnerability

Authenticated Authorization Bypass and Privilege Escalation vulnerability discovered by WordFence in WordPress Advanced Access Manager plugin versions = 6.6.1. Solution Update the WordPress Advanced Access Manager plugin to the latest available version at least 6.6.2...

8.8CVSS4.8AI score0.01463EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2020/04/13 12:0 a.m.•24 views

WordPress Media Library Assistant plugin <= 2.81 - Unauthenticated Limited Local File Inclusion (LFI) vulnerability

Unauthenticated Limited Local File Inclusion LFI vulnerability discovered by Daniel Monzón stark0de in WordPress Media Library Assistant plugin versions = 2.81. Solution Update the WordPress Media Library Assistant plugin to the latest available version at least 2.82...

7.5CVSS4.1AI score0.04917EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
•added 2020/03/12 12:0 a.m.•24 views

WordPress Appointment Booking Calendar <= 1.3.34 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Daniel Monzon in WordPress Appointment Booking Calendar plugin versions = 1.3.34. Solution Update the WordPress Appointment Booking Calendar to the latest available version at least 1.3.35...

7.8CVSS3.1AI score0.08612EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
•added 2020/01/28 12:0 a.m.•24 views

WordPress SAML SP Single Sign On plugin <= 4.8.83 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by Zeroauth in WordPress SAML SP Single Sign On plugin versions = 4.8.83. Solution Update the WordPress SAML SP Single Sign On plugin to the latest available version at least 4.8.84...

6.1CVSS1.6AI score0.01376EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2019/12/02 12:0 a.m.•24 views

WordPress Mesmerize theme <=1.6.89 - Authenticated Options Update vulnerability

Authenticated Options Update vulnerability found by NinTechNet in WordPress Mesmerize theme versions =1.6.89. Solution Update the WordPress Mesmerize theme to the latest available version at least 1.6.90...

3.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/10/31 12:0 a.m.•24 views

WordPress YITH Custom Thank You Page for Woocommerce plugin <=1.1.7 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH Custom Thank You Page for Woocommerce plugin versions =1.1.7. Solution Update the WordPress YITH Custom Thank You Page for Woocommerce plugin to the latest available version at leas...

4.3CVSS2.9AI score0.00948EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/05/25 12:0 a.m.•24 views

WordPress Form Maker by 10Web plugin <= 1.13.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Daniele Scanu in WordPress Form Maker by 10Web plugin versions = 1.13.20. Solution Update the WordPress Form Maker by 10Web plugin to the latest available version at least 1.13.3...

9.8CVSS3.1AI score0.06214EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2018/06/25 12:0 a.m.•24 views

WordPress iThemes Security plugin <= 7.0.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Çlirim Emini in WordPress iThemes Security plugin versions = 7.0.2. Solution Update the WordPress iThemes Security plugin to the latest available version at least 7.0.3...

7.2CVSS3.5AI score0.30118EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
•added 2018/06/03 12:0 a.m.•24 views

WordPress Woo Checkout for Digital Goods plugin <= 2.1 - Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability found by ThreatPress Research Team in WordPress Woo Checkout for Digital Goods plugin versions = 2.1. Solution Update the WordPress Woo Checkout for Digital Goods plugin to the latest available version at least 2.2...

6.5CVSS2.7AI score0.00537EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
•added 2017/09/06 12:0 a.m.•24 views

WordPress Participants Database plugin <=1.7.5.9 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Benjamin Lim in WordPress Participants Database plugin version 1.7.5.9 and earlier versions. Data of the text input field of the plugin passed without escaping HTML special characters thus allows an attacker to insert javascript. Solution Update the...

6.1CVSS1AI score0.02302EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
•added 2017/07/25 12:0 a.m.•24 views

WordPress Popup Maker plugin <=1.6.4 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability in WordPress Popup Maker plugin 1.6.4 and earlier versions allows an attacker to inject arbitrary web script or HTML. Solution Update WordPress Popup Maker plugin to the latest available version at least 1.6.5...

6.1CVSS1.6AI score0.01634EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2017/06/03 12:0 a.m.•24 views

WordPress WP-Testimonials plugin <=3.4.1 - SQL Injection vulnerability

WordPress WP-Testimonials plugin is prone to SQL injection vulnerability. The vulnerability allows an authenticated user to execute arbitrary SQL commands via the "testid" parameter to wp-admin/admin.php Solution WordPress WP-Testimonials plugin removed from WordPress plugin directory. We suggest...

8.8CVSS2.7AI score0.0239EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
•added 2016/07/20 12:0 a.m.•24 views

WordPress Heat Trackr Plugin <= 1.0 - Reflected XSS

This plugin is prone to a cross site scripting vulnerability via /heat-trackr/heat-trackrabtestadd.php file. Solution Update the plugin...

6.1CVSS1.8AI score0.03415EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2016/04/13 12:0 a.m.•24 views

WordPress Pondol Form to Mail Plugin <= 1.1 - Cross Site Scripting (XSS)

Because of this vulnerability, the variable itemid appears to send unsanitized data back to the users browser. Vulnerable file is pondol-formmail/pages/admin-mail-info.php. Solution Update the plugin...

6.1CVSS3.4AI score0.03462EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
•added 2016/04/12 12:0 a.m.•24 views

WordPress Ajax Random Post Plugin <= 2.00 - Cross Site Scripting (XSS)

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

6.1CVSS1.9AI score0.03223EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2016/01/29 12:0 a.m.•24 views

WordPress Formidable Forms Plugin <= 1.06.03 - Remote Code Execution

This plugin is prone to remote code execution because of ofcuploadimage.php file parameters $GET 'name' and $HTTPRAWPOSTDATA. Solution Update the plugin...

4.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2015/10/28 12:0 a.m.•24 views

WordPress <= 4.3.0 - XSS

This vulnerability is in the user list table in WordPress. It allows an authenticated user to inject HTML or arbitrary web script via a crafted e-mail address. Solution Update the plugin...

5.4CVSS0.8AI score0.02148EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/10/11 12:0 a.m.•24 views

WordPress Payment Form for PayPal Pro Plugin <= 1.0.1 - XSS

This WordPress plugin is prone to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary script or HTML. Solution Update the plugin...

6.1CVSS3.5AI score0.01776EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2015/07/08 12:0 a.m.•24 views

WordPress StageShow Plugin <= 5.0.8 - Open redirect

This vulnerability is in stageshowredirect.php in the "Redirect" function. It allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks in the "url" parameter. Solution Update the plugin...

6.4CVSS4.8AI score0.06283EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2015/07/08 12:0 a.m.•24 views

WordPress Easy2Map Plugin 1.24 - SQL Injection

This WordPress Easy2Map plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

7.5CVSS4AI score0.05247EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
•added 2015/05/08 12:0 a.m.•24 views

WordPress RevSlider - File Upload and Execute

This vulnerability allows an attacker to upload arbitrary PHP code and execute remote code. Solution Update the plugin...

7.5CVSS5AI score0.75256EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2015/04/01 12:0 a.m.•24 views

WordPress Simple Ads Manager Plugin <= 2.5.95 - Unrestricted File Upload

This vulnerability exists in sam-ajax-admin.php and allows an attacker to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the "path" parameter. Solution Update the plugin...

7.5CVSS4.8AI score0.14451EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2015/03/17 12:0 a.m.•24 views

WordPress WPML Plugin <= 3.1.8 - XSS

This vulnerability allows an attacker to inject arbitrary web script or HTML via the "target" parameter in a reminderpopup action to the default URI. Solution Update the plugin...

4.3CVSS2.4AI score0.07034EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/01/16 12:0 a.m.•24 views

WordPress Photo Gallery Plugin <= 1.2.7 - SQL Injection

Because of this vulnerability, attackers to execute arbitrary SQL commands via the "orderby parameter" in a GalleryBox action to wp-admin/admin-ajax.php. Solution Update the plugin...

7.5CVSS7AI score0.02131EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/12/17 12:0 a.m.•24 views

WordPress gSlideshow Plugin 0.1 - CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...

6.8CVSS4.8AI score0.01001EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/12/17 12:0 a.m.•24 views

WordPress SimpleFlickr Plugin <= 3.0.3 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...

6.8CVSS3.5AI score0.01015EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/11/26 12:0 a.m.•24 views

WordPress WhyDoWork AdSense Plugin <= 1.2 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests. Solution Update the plugin...

6.8CVSS5.5AI score0.02693EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/11/22 12:0 a.m.•24 views

WordPress CM Download Manager Plugin 2.0.0 - Code Injection

Code injection vulnerability was found in the software and confirmed as an anonymous user. It allows an attacker to gain full control of the application and use all operating system functions. Solution Update to version 2.0.4...

10CVSS4.8AI score0.14804EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2014/11/20 12:0 a.m.•24 views

WordPress <= 4.0.0 - XSS #2

Because of this vulnerability in the "Press This" function, the attackers can inject arbitrary web script or HTML via unspecified vectors. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-xss http://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-xss-3...

4.3CVSS2.5AI score0.02336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/11/20 12:0 a.m.•24 views

WordPress <= 4.0.0 - SSRF

wp-includes/http.php in WordPress allows the attackers to conduct server-side request forgery attacks by referring to a 127.0.0.0/8 resource. Solution Update WordPress...

6.4CVSS4.9AI score0.03772EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/11/13 12:0 a.m.•24 views

WordPress Paid Memberships Pro Plugin 1.7.14 - Directory Traversal

This vulnerability is in the services/getfile.php, It allows the attackers to read arbitrary files in the QUERYSTRING in a getfile action to wp-admin/admin-ajax.php. Solution Update the plugin...

5CVSS4.8AI score0.18558EPSS
Exploits5References1Affected Software1
Total number of security vulnerabilities5000