Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2024/11/08 12:0 a.m.23 views

WordPress codeSnips Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software codeSnips Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51808 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b3a7768e4e50 Credits SOPROBRO Required privilege Contributor Publishe...

6.5CVSS6.9AI score0.00352EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/31 12:0 a.m.23 views

WordPress Show Visitor IP Address Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Software Show Visitor IP Address Type Plugin Vulnerable versions = 0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50538 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 14c2541462c0 Credits SOPROBRO Required privilege...

6.5CVSS6.9AI score0.00361EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/30 12:0 a.m.23 views

WordPress World Prayer Time Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software World Prayer Time Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-50534 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID c482db8f0a37 Credits SOPROBRO Required...

7.1CVSS6.6AI score0.00194EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.23 views

WordPress Image Map Pro Plugin <= 6.0.20 is vulnerable to Broken Access Control

Software Image Map Pro Type Plugin Vulnerable versions = 6.0.20 Fixed in 6.0.21 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9584 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0749ab20b9c9 Credits István Márton Required privile...

5.4CVSS6.5AI score0.00304EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.23 views

WordPress WooCommerce Plugin <= 9.0.2 is vulnerable to Content Injection

Software WooCommerce Type Plugin Vulnerable versions = 9.0.2 Fixed in 9.1.0 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-9944 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b045fb73bcc4 Credits drop Required privilege Unauthenticated Published ...

6.1CVSS6.8AI score0.00632EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/25 12:0 a.m.24 views

WordPress Move Addons for Elementor Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Move Addons for Elementor Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47396 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 53f3d0fe4d46 Credits GoatSniff Required privilege...

6.5CVSS6.7AI score0.00256EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/19 12:0 a.m.23 views

WordPress MC4WP Plugin 4.9.9 - 4.9.16 is vulnerable to Cross Site Scripting (XSS)

Software MC4WP Type Plugin Vulnerable versions 4.9.9 - 4.9.16 Fixed in 4.9.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-8850 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 37434d44abfc Credits kauenavarro Required privilege...

6.1CVSS6.6AI score0.00453EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/16 12:0 a.m.23 views

WordPress BuddyForms Plugin <= 2.8.11 is vulnerable to Privilege Escalation

Software BuddyForms Type Plugin Vulnerable versions = 2.8.11 Fixed in 2.8.12 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-8246 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 7556df5d8520 Credits wesley wcraft Required privilege...

8.8CVSS6.5AI score0.00431EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/29 12:0 a.m.23 views

WordPress Funnel Kit Funnel Builder PRO Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Funnel Kit Funnel Builder PRO Type Plugin Vulnerable versions = 3.4.5 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1056 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8c1faa8fa285 Credits Francesco...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:0 a.m.23 views

WordPress Analytify Plugin <= 5.3.1 is vulnerable to Broken Access Control

Software Analytify Type Plugin Vulnerable versions = 5.3.1 Fixed in 5.4.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43265 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1206608342d9 Credits Dhabaleshwar Das Required privilege...

4.3CVSS6.6AI score0.00167EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/07 12:0 a.m.23 views

WordPress BerqWP Plugin <= 1.7.6 is vulnerable to Arbitrary File Upload

Software BerqWP Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-43160 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 1bde7f9c6c84 Credits Dave Jong Patchstack Required privilege...

10CVSS6.8AI score0.04624EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/08/06 12:0 a.m.23 views

WordPress WPBakery Page Builder Plugin <= 7.7 is vulnerable to Local File Inclusion

Software WPBakery Page Builder Type Plugin Vulnerable versions = 7.7 Fixed in 7.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5709 Patch priority Low CVSS severity Low 6.6 Developer WPBakery PSID 1374f7b043bd Credits João Pedro Soares de Alcântara Required privileg...

8.8CVSS6.9AI score0.01021EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/01 12:0 a.m.23 views

WordPress WP Fundraising Donation and Crowdfunding Platform Plugin <= 1.7.0 is vulnerable to Privilege Escalation

Software WP Fundraising Donation and Crowdfunding Platform Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-6698 Patch priority High CVSS severity High 8.8 Developer Claim ownership...

8.8CVSS6.6AI score0.00431EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/07/22 12:0 a.m.23 views

WordPress WP Mail SMTP by WPForms Plugin <= 4.0.1 is vulnerable to Sensitive Data Exposure

Software WP Mail SMTP by WPForms Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.1.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6694 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 45f83918c270 Credits Guus Verbeek...

2.7CVSS6.5AI score0.00574EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/07/17 12:0 a.m.23 views

WordPress Keydatas Plugin <= 2.5.2 is vulnerable to Arbitrary File Upload

Software Keydatas Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.6.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6220 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 1095cb679b31 Credits Foxyyy Required privilege Unauthenticated...

9.8CVSS6.9AI score0.35708EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/07/11 12:0 a.m.23 views

WordPress Feeds for YouTube Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Feeds for YouTube Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6256 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cb0b7eea4059 Credits Webbernaut Required...

6.4CVSS5.8AI score0.00424EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/07/09 10:51 a.m.23 views

WordPress Panda Video plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Panda Video versions = 1.4.0...

6.4CVSS5.7AI score0.00352EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/02 12:0 a.m.23 views

WordPress PayPlus Payment Gateway Plugin <= 6.6.8 is vulnerable to SQL Injection

Software PayPlus Payment Gateway Type Plugin Vulnerable versions = 6.6.8 Fixed in 6.6.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6205 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 47e962c92ffc Credits Project Black Required privilege...

9.8CVSS6.7AI score0.04168EPSS
Exploits4References4Affected Software1
Patchstack
Patchstack
added 2024/06/27 12:0 a.m.23 views

WordPress Interactive Content – H5P Plugin < 1.15.8 is vulnerable to Cross Site Scripting (XSS)

Software Interactive Content – H5P Type Plugin Vulnerable versions 1.15.8 Fixed in 1.15.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3111 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b51ad18a9f74 Credits Dmitrii Ignaty...

7.1CVSS5.7AI score0.00315EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2024/06/20 12:0 a.m.23 views

WordPress Laybuy Payment Extension for WooCommerce Plugin <= 5.3.9 is vulnerable to Broken Access Control

Software Laybuy Payment Extension for WooCommerce Type Plugin Vulnerable versions = 5.3.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37203 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 165650bb5335 Credits Abdi...

4.3CVSS6.3AI score0.00328EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/19 12:0 a.m.23 views

WordPress WP Hotel Booking Plugin <= 2.1.0 is vulnerable to SQL Injection

Software WP Hotel Booking Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3605 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 4c5ededd8a8e Credits Krzysztof Zając Required privilege...

10CVSS6.8AI score0.04186EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/06/06 12:0 a.m.23 views

WordPress RestroPress Plugin <= 3.1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software RestroPress Type Plugin Vulnerable versions = 3.1.2.1 Fixed in 3.1.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35719 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4f811f4d1bd1 Credits LVT-tholv2k Required privilege...

6.5CVSS6.6AI score0.00276EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/31 12:0 a.m.23 views

WordPress Flash & HTML5 Video Plugin < 2.5.27 is vulnerable to SQL Injection

Software Flash & HTML5 Video Type Plugin Vulnerable versions 2.5.27 Fixed in 2.5.27 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5522 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a6949d7fc215 Credits Mayank Deshmukh Required privilege...

6.5CVSS6.7AI score0.02639EPSS
Exploits6References4Affected Software1
Patchstack
Patchstack
added 2024/05/16 12:0 a.m.23 views

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.26 is vulnerable to Content Injection

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.26 Fixed in 1.6.27 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-2619 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e650ff9528ff Credits wesley wcraft...

5.4CVSS6.8AI score0.00377EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/05/07 12:0 a.m.23 views

WordPress One Click Demo Import Plugin <= 3.2.0 is vulnerable to PHP Object Injection

Software One Click Demo Import Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-34433 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID a0133f0acd1f Credits ngductung Patchstack Alliance Requir...

7.2CVSS6.8AI score0.00499EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/29 12:0 a.m.23 views

WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software CodeBard's Patron Button and Widgets for Patreon Type Plugin Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33928 Patch priority Medium CVSS severity Medium 7.1 Developer Codebard PSID f0b671d6d681 Credits Le Ngoc...

7.1CVSS6.6AI score0.0033EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/26 12:0 a.m.23 views

WordPress WP Chat App Plugin < 3.6.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Chat App Type Plugin Vulnerable versions 3.6.4 Fixed in 3.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2837 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b3b62a2992fa Credits Dmitrii Ignatyev Required...

5.4CVSS5.7AI score0.00522EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2024/04/25 10:15 a.m.23 views

WordPress WP Portfolio theme <= 2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme WP Portfolio versions = 2.4...

6.5CVSS6.1AI score0.00351EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.23 views

WordPress WZone Plugin <= 14.0.10 is vulnerable to SQL Injection

Software WZone Type Plugin Vulnerable versions = 14.0.10 Fixed in 14.0.31 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-33544 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 102966976300 Credits Rafie Muhammad Patchstack Required privilege...

9.3CVSS6.8AI score0.00629EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/10 1:52 p.m.23 views

WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin UsersWP versions 1.2.6...

5.4CVSS7AI score0.00197EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/08 12:0 a.m.23 views

WordPress FancyBox for WordPress Plugin 3.0.2 - 3.3.3 is vulnerable to Cross Site Scripting (XSS)

Software FancyBox for WordPress Type Plugin Vulnerable versions 3.0.2 - 3.3.3 Fixed in 3.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-0662 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b6e38c509b29 Credits Sh Required privilege...

4.8CVSS6.7AI score0.00473EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/28 12:0 a.m.23 views

WordPress Carousel Anything For WPBakery Page Builder Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Carousel Anything For WPBakery Page Builder Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30520 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a74a859c3da3 Credits resecured.io...

6.5CVSS6.6AI score0.00336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/03/13 12:0 a.m.23 views

WordPress Contact Form 7 Plugin <= 5.9 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Type Plugin Vulnerable versions = 5.9 Fixed in 5.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2242 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d34f7907f9a Credits Asaf Mozes Required...

6.1CVSS5.7AI score0.013EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/02/27 12:0 a.m.23 views

WordPress LiteSpeed Cache Plugin <= 5.7 is vulnerable to Cross Site Scripting (XSS)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 5.7 Fixed in 5.7.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-40000 Patch priority High CVSS severity High 8.3 Developer Hai Zheng / Lite Speed Cache PSID 61e99b6b8264 Credits Rafie Muhammad Patchsta...

8.3CVSS6.7AI score0.54872EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2024/01/17 12:0 a.m.23 views

WordPress Amelia Plugin <= 1.0.98 is vulnerable to Broken Access Control

Software Amelia Type Plugin Vulnerable versions = 1.0.98 Fixed in 1.0.99 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-22298 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 1d2002f1be74 Credits Abdi Pranata Required privileg...

9.8CVSS6.5AI score0.00379EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/12/21 12:0 a.m.23 views

WordPress Automation By Autonami Plugin <= 2.6.1 is vulnerable to SQL Injection

Software Automation By Autonami Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.7.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50857 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID fc113d13a945 Credits Muhammad Daffa Required privilege...

7.6CVSS7.2AI score0.00534EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/11/23 12:0 a.m.23 views

WordPress TextMe SMS Plugin <= 1.9.0 is vulnerable to Broken Access Control

Software TextMe SMS Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48287 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 91f657366fb1 Credits Arvandy Required privilege...

6.9AI score0.00448EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/10/26 12:0 a.m.23 views

WordPress VK Blocks Plugin <= 1.63.0.1 is vulnerable to Cross Site Scripting (XSS)

Software VK Blocks Type Plugin Vulnerable versions = 1.63.0.1 Fixed in 1.64.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5706 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2d60e9243083 Credits Lana Codes Required...

6.4CVSS5.7AI score0.00521EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/10/23 12:0 a.m.23 views

WordPress Tab Ultimate Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Tab Ultimate Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5667 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 6b4d31988178 Credits István Márton Required privileg...

6.4CVSS5.7AI score0.00544EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/10/18 12:0 a.m.23 views

WordPress History Log by click5 Plugin < 1.0.13 is vulnerable to SQL Injection

Software History Log by click5 Type Plugin Vulnerable versions 1.0.13 Fixed in 1.0.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5082 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0a946699ae5c Credits Karolis Narvilas Required privilege...

7.2CVSS6.8AI score0.00676EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/10/17 12:0 a.m.23 views

WordPress Social Media & Share Icons Plugin <= 2.8.5 is vulnerable to Sensitive Data Exposure

Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5070 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 041c1c8cf3d2 Credits Marco...

6.5CVSS6.4AI score0.01201EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/10/03 12:0 a.m.23 views

WordPress Complete Open Graph Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Complete Open Graph Type Plugin Vulnerable versions = 3.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45010 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 98057f180915 Credits Rio Darmawan Required...

5.9CVSS5.7AI score0.00316EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/08/28 12:0 a.m.23 views

WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Maintenance Switch Type Plugin Vulnerable versions = 1.5.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-29235 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc20c4d49d47 Credits Elliot Required...

8.8CVSS6.6AI score0.00208EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/08/22 12:0 a.m.23 views

WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Type Plugin Vulnerable versions = 1.24.1 Fixed in 1.24.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25480 Patch priority Low CVSS severity Low 4.3 Developer Claim...

8.8CVSS6.6AI score0.00214EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/27 12:0 a.m.23 views

WordPress WP Database Administrator Plugin <= 1.0.3 is vulnerable to SQL Injection

Software WP Database Administrator Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-3211 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 53fe9995f076 Credits Christiaan Swiers Required privilege...

9.8CVSS7.2AI score0.0084EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/07/25 12:0 a.m.23 views

WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions = 3.6.25 Fixed in 3.6.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-37979 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 584a630933ad Credits Rafie Muhammad...

7.1CVSS5.7AI score0.0601EPSS
Exploits6References2Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.23 views

WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP-CopyProtect Protect your blog posts Type Plugin Vulnerable versions = 3.1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25025 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 483e3127703e Credit...

8.8CVSS6.6AI score0.00214EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/06/27 12:0 a.m.23 views

WordPress LearnDash LMS Plugin <= 4.6.0 is vulnerable to Broken Authentication

Software LearnDash LMS Type Plugin Vulnerable versions = 4.6.0 Fixed in 4.6.0.1 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-3105 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fcee4e28c7df Credits István Márton Required...

8.8CVSS6.5AI score0.02233EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/06/19 12:0 a.m.23 views

WordPress EventPrime Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 3.0.5 Fixed in 3.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35884 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d78f3844de4 Credits Le Ngoc Anh Required...

7.1CVSS5.6AI score0.00411EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/16 12:0 a.m.23 views

WordPress Zotpress Plugin <= 7.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Zotpress Type Plugin Vulnerable versions = 7.3.3 Fixed in 7.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32961 Patch priority Medium CVSS severity Medium 7.1 Developer Katie Seaborn PSID 1e1dc3c4b47a Credits LOURCODE Required privileg...

7.1CVSS5.6AI score0.0103EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities5000