Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
•added 2014/11/20 12:0 a.m.•24 views

WordPress <= 4.0.0 - XSS #2

Because of this vulnerability in the "Press This" function, the attackers can inject arbitrary web script or HTML via unspecified vectors. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-xss http://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-xss-3...

4.3CVSS2.5AI score0.02336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/11/20 12:0 a.m.•24 views

WordPress <= 4.0.0 - SSRF

wp-includes/http.php in WordPress allows the attackers to conduct server-side request forgery attacks by referring to a 127.0.0.0/8 resource. Solution Update WordPress...

6.4CVSS4.9AI score0.03772EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/11/13 12:0 a.m.•24 views

WordPress Paid Memberships Pro Plugin 1.7.14 - Directory Traversal

This vulnerability is in the services/getfile.php, It allows the attackers to read arbitrary files in the QUERYSTRING in a getfile action to wp-admin/admin-ajax.php. Solution Update the plugin...

5CVSS4.8AI score0.18558EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
•added 2014/11/04 12:0 a.m.•24 views

WordPress Spider Video Player Plugin <= 1.5.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...

4.3CVSS3AI score0.0164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/05/27 12:0 a.m.•24 views

WordPress Bib2html Plugin <= 0.9.3 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.2AI score0.01633EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/04/14 12:0 a.m.•24 views

WordPress Twitget Plugin 3.3.1 - Multiple Vulnerabilities

WordPress Twitget plugin is prone to multiple vulnerabilities, such as CSRF and XSS. It works when a logged-in administrator visits a specially crafted page. Then options can be updated without their consent and some of those options are output unescaped into the form cross-site scripting. Soluti...

6.8CVSS1.9AI score0.03285EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2014/01/16 12:0 a.m.•24 views

WordPress WP Forum Server Plugin <= 1.7.3 - SQL Injection

Because of this vulnerability in fs-admin/fs-admin.php, the attackers can execute arbitrary SQL commands via the "groupid" parameter in an editgroup action. Solution Update the plugin...

7.5CVSS6.4AI score0.04931EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/03/26 12:0 a.m.•24 views

WordPress WP125 Plugin <= 1.4.9 - CSRF

Because of this vulnerability in the adminmenus.php, the attackers can hijack the authentication of administrators for requests that add or edit an ad via unspecified vectors. Solution Update the plugin...

6.8CVSS5.6AI score0.0119EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/02/25 12:0 a.m.•24 views

WordPress Smart Flv Plugin - Multiple Cross Site Scripting Vulnerabilities

Smart Flv plugin is prone to multiple cross-site scripting vulnerabilities because of failure to properly clean up user-supplied input. It allows an attacker to execute arbitrary script code in the browser of an user in the context of the affected site. Other attacks are also possible. Solution...

4.3CVSS3.4AI score0.03914EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/02/19 12:0 a.m.•24 views

WordPress <= 3.5.1 - Full Path Disclosure

Because of this vulnerability, the attackers can obtain sensitive information via an invalid upload request. Solution Update the plugin...

4.3CVSS3.8AI score0.02026EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/02/19 12:0 a.m.•24 views

WordPress ZeroClipboard Plugin <= 1.0.7 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "id" parameter. Solution Update the plugin...

4.3CVSS3AI score0.06316EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
•added 2013/02/18 12:0 a.m.•24 views

WordPress Responsive Logo Slideshow Plugin - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "URL and Image" field. Solution Update the plugin...

4.3CVSS3.8AI score0.02023EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2012/10/08 12:0 a.m.•24 views

WordPress Kish Guest Posting Plugin <= 1.2 - Unrestricted File Upload

Because of this vulnerability in uploadify/scripts/uploadify.php, the attackers can execute arbitrary code by uploading a file with a double extension. After that they access it via a direct request to the file in the directory specified by the "folder" parameter. Solution Update the plugin...

6.8CVSS5.5AI score0.06536EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/08/30 12:0 a.m.•24 views

WordPress Download Monitor Plugin - Cross Site Scripting

WordPress Download Monitor plugin's "dlsearch" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...

4.3CVSS3.5AI score0.10456EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2012/08/21 12:0 a.m.•24 views

WordPress <= 3.4.1 - Multiple vulnerabilities

Multiple vulnerabilities are in the wp-admin/plugins.php. Because of that, remote authenticated users can make unintended plugin changes by leveraging the Administrator role. Solution Update WordPress...

3.5CVSS3.9AI score0.01675EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/08/13 12:0 a.m.•24 views

WordPress BulletProof Security Plugin <= .47.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the HTTPACCEPTENCODING header. Solution Update the plugin...

4.3CVSS2.6AI score0.02046EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/05/14 12:0 a.m.•24 views

WordPress WassUp Plugin <= 1.8.3.0 - XSS

Because of this vulnerability in wassup.php, the attackers can inject arbitrary web script or HTML via the User-Agent HTTP header. Solution Update the plugin...

4.3CVSS2.1AI score0.0212EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/03/19 12:0 a.m.•24 views

WordPress s2Member Pro Plugin

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "s2memberproauthnetcheckoutcoupon" parameter. Solution Update the plugin...

4.3CVSS3AI score0.01959EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2011/11/21 12:0 a.m.•24 views

WordPress Adminimize Plugin 1.7.21 - Cross Site Scripting

WordPress Adminimize plugin's "page" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

4.3CVSS3AI score0.10911EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/11/21 12:0 a.m.•24 views

WordPress Lanoba Social Plugin 1.0 - Cross Site Scripting

WordPress Lanoba Social plugin's "action" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

4.3CVSS2.9AI score0.03604EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/11/17 12:0 a.m.•24 views

WordPress Flexible Custom Post Type Plugin - Cross Site Scripting

Flexible Custom Post Type plugin's "id" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

4.3CVSS1.9AI score0.10899EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/09/26 12:0 a.m.•24 views

WordPress Symposium Plugin <= 11.12.07 - XSS

Because of this vulnerability in uploadify/getprofileavatar.php, the attackers can inject arbitrary web script or HTML via the "uid" parameter. Solution Update the plugin...

4.3CVSS2.8AI score0.02368EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2009/06/22 12:0 a.m.•24 views

WordPress FireStats Plugin <= 1.6.1 - Remote File Inclusion

Because of this vulnerability in firestats-wordpress.php, the attackers can execute arbitrary PHP code via a URL in the "fsjavascript" parameter. Solution Update the plugin...

7.5CVSS6.7AI score0.02819EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2008/01/22 12:0 a.m.•24 views

WordPress WP Forum Server Plugin <= 1.7.4 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "user" parameter in a showprofile action to the default URI. Solution Update the plugin...

6.8CVSS6.7AI score0.03486EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2008/01/09 12:0 a.m.•24 views

WordPress Math Comment Spam Protection Plugin <= 2.1 - XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.2AI score0.01854EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2007/12/11 12:0 a.m.•24 views

WordPress <= 2.3.1 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "s" parameter. Solution Update WordPress...

6.8CVSS6.7AI score0.09156EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2007/11/19 12:0 a.m.•24 views

WordPress <= 2.3.1 - Cookie Authentication Vulnerability

Because of this vulnerability, the attackers can bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. Solution Update WordPress...

9.8CVSS3.6AI score0.03279EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2007/10/30 12:0 a.m.•24 views

WordPress <= 2.3 - XSS

Because of this vulnerability in wp-admin/edit-post-rows.php, the attackers can inject arbitrary web script or HTML via the "postscolumns" array parameter. Solution Update WordPress...

2.6CVSS2.9AI score0.07003EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2007/08/22 12:0 a.m.•24 views

WordPress Blix Theme <= 0.9.1 - XSS

Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the theme...

4.3CVSS2.4AI score0.01784EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2007/08/03 12:0 a.m.•24 views

WordPress <= 2.2.1 - Multiple XSS

Because of these vulnerabilities, the authenticated administrators can inject arbitrary web script or HTML. Solution Update WordPress...

2.1CVSS1.1AI score0.02081EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2007/04/09 12:0 a.m.•24 views

WordPress <= 2.0.10 - XSS

Because of this vulnerability in wp-includes/general-template.php, the attackers can inject arbitrary web script or HTML via the "year" parameter in the wptitle function. Solution Update the WordPress to the latest available version at least 2.0.11...

4.3CVSS2.3AI score0.03018EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2007/03/03 12:0 a.m.•24 views

WordPress Admin Panel Plugin <= 2.1.1 - CSRF

Because of this vulnerability, the attackers can perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. Solution Update the WordPress Admin Panel plugin to the latest version at least 2.1.2...

6.8CVSS5.7AI score0.07315EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2005/05/20 12:0 a.m.•24 views

WordPress <=1.5 - SQL injection vulnerability

Because of this vulnerability, attackers can obtain sensitive information. Solution Update WordPress to the latest possible version...

5.3CVSS3.4AI score0.01906EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/06/01 1:21 p.m.•23 views

WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin WP Google Review Slider versions = 18.0...

6.3CVSS5.5AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/05/14 2:57 p.m.•23 views

NPM: Flowise has an MCP Security Bypass that Enables RCE

NPM: Flowise has an MCP Security Bypass that Enables RCE vulnerability discovered by ? in WordPress Npm flowise-components versions = 3.1.1...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2026/05/08 4:22 p.m.•23 views

NPM: vm2 has access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`

NPM: vm2 has access to VM2INTERNALSTATEDONOTUSEORPROGRAMWILLFAIL vulnerability discovered by ? in WordPress Npm vm2 versions 3.11.2...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2026/05/06 2:14 p.m.•23 views

WordPress Betheme theme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution vulnerability

Authenticated Author+ Arbitrary File Upload to Remote Code Execution vulnerability discovered by Wordfence in WordPress Theme Betheme versions = 28.4...

8.8CVSS5.9AI score0.00612EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/05/04 3:1 p.m.•23 views

WordPress Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel plugin <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Carousel, Slider, Gallery by WP Carousel versions = 2.7.10...

6.4CVSS5.8AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 7:32 a.m.•23 views

WordPress Brookside theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Brookside versions = 1.4...

6.1AI score0.002EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2025/12/15 1:30 p.m.•23 views

WordPress Request a Quote plugin <= 2.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Request a Quote versions = 2.5.3...

4.3CVSS7AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:35 a.m.•23 views

WordPress WP Job Portal plugin <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Long Nguyen in WordPress Plugin WP Job Portal versions = 2.4.0...

6.5CVSS6.8AI score0.00307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/08/02 1:50 p.m.•23 views

WordPress Doctreat theme <= 1.6.7 - Content Injection vulnerability

Content Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Doctreat versions = 1.6.7...

6.5CVSS7.3AI score0.00247EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2025/07/23 12:30 p.m.•23 views

WordPress Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability

WordPress Universal Video Player - Addon for WPBakery Page Builder = 3.2.1 - Cross Site Scripting XSS Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Universal Video Player - Addon for WPBakery Page Builder versions = 3.2.1...

7.1CVSS5.8AI score0.00213EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2025/05/19 12:0 a.m.•23 views

WordPress Motors Theme <= 5.6.67 is vulnerable to Privilege Escalation

Software Motors Type Theme Vulnerable versions = 5.6.67 Fixed in 5.6.68 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2025-4322 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f2c68f043bd9 Credits Foxyyy Required...

9.8CVSS6.5AI score0.18241EPSS
Exploits3References2Affected Software1
Patchstack
Patchstack
•added 2025/04/22 11:38 a.m.•23 views

WordPress HTML Forms plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin HTML Forms versions = 1.5.2...

6.5CVSS7AI score0.00173EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2024/11/25 12:0 a.m.•23 views

WordPress Video Lessons Manager Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Video Lessons Manager Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de6edf652333 Credits Peter...

6.1CVSS5.9AI score0.00584EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/11/25 12:0 a.m.•23 views

WordPress Jeg Elementor Kit Plugin <= 2.6.9 is vulnerable to Sensitive Data Exposure

Software Jeg Elementor Kit Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.10 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8899 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a83345ae77b9 Credits Ankit Patel Required...

4.3CVSS6.5AI score0.004EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/11/25 12:0 a.m.•23 views

WordPress Parsi Date Plugin <= 5.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Parsi Date Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11032 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID be0cd10da0f9 Credits vgo0 Required privileg...

6.1CVSS5.6AI score0.00449EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/11/21 12:0 a.m.•23 views

WordPress Tutor LMS Plugin <= 2.7.6 is vulnerable to SQL Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.6 Fixed in 2.7.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10400 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d0515de5a39b Credits mikemyers Required privilege Unauthenticated Publishe...

7.5CVSS7.2AI score0.82589EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/11/08 12:0 a.m.•23 views

WordPress The Novel Design Store Directory Plugin <= 4.3.0 is vulnerable to Arbitrary File Upload

Software The Novel Design Store Directory Type Plugin Vulnerable versions = 4.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51788 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 7c858add083e Credits stealthcopter Required...

10CVSS6.8AI score0.01457EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000