Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2023/12/21 12:0 a.m.23 views

WordPress Automation By Autonami Plugin <= 2.6.1 is vulnerable to SQL Injection

Software Automation By Autonami Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.7.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50857 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID fc113d13a945 Credits Muhammad Daffa Required privilege...

7.6CVSS7.2AI score0.00534EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/11/23 12:0 a.m.23 views

WordPress TextMe SMS Plugin <= 1.9.0 is vulnerable to Broken Access Control

Software TextMe SMS Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48287 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 91f657366fb1 Credits Arvandy Required privilege...

6.9AI score0.00448EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/10/26 12:0 a.m.23 views

WordPress VK Blocks Plugin <= 1.63.0.1 is vulnerable to Cross Site Scripting (XSS)

Software VK Blocks Type Plugin Vulnerable versions = 1.63.0.1 Fixed in 1.64.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5706 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2d60e9243083 Credits Lana Codes Required...

6.4CVSS5.7AI score0.00521EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/10/23 12:0 a.m.23 views

WordPress Tab Ultimate Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Tab Ultimate Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5667 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 6b4d31988178 Credits István Márton Required privileg...

6.4CVSS5.7AI score0.00544EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/10/18 12:0 a.m.23 views

WordPress History Log by click5 Plugin < 1.0.13 is vulnerable to SQL Injection

Software History Log by click5 Type Plugin Vulnerable versions 1.0.13 Fixed in 1.0.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5082 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0a946699ae5c Credits Karolis Narvilas Required privilege...

7.2CVSS6.8AI score0.00676EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/10/17 12:0 a.m.23 views

WordPress Social Media & Share Icons Plugin <= 2.8.5 is vulnerable to Sensitive Data Exposure

Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5070 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 041c1c8cf3d2 Credits Marco...

6.5CVSS6.4AI score0.01201EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/10/03 12:0 a.m.23 views

WordPress Complete Open Graph Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Complete Open Graph Type Plugin Vulnerable versions = 3.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45010 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 98057f180915 Credits Rio Darmawan Required...

5.9CVSS5.7AI score0.00316EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/08/28 12:0 a.m.23 views

WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Maintenance Switch Type Plugin Vulnerable versions = 1.5.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-29235 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc20c4d49d47 Credits Elliot Required...

8.8CVSS6.6AI score0.00208EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/08/22 12:0 a.m.23 views

WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Type Plugin Vulnerable versions = 1.24.1 Fixed in 1.24.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25480 Patch priority Low CVSS severity Low 4.3 Developer Claim...

8.8CVSS6.6AI score0.00214EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/27 12:0 a.m.23 views

WordPress WP Database Administrator Plugin <= 1.0.3 is vulnerable to SQL Injection

Software WP Database Administrator Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-3211 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 53fe9995f076 Credits Christiaan Swiers Required privilege...

9.8CVSS7.2AI score0.0084EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/07/24 12:0 a.m.23 views

WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Google Map Shortcode Type Plugin Vulnerable versions = 3.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-38396 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ad78bcfdec4a Credits thiennv Required...

8.8CVSS6.6AI score0.00208EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.23 views

WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP-CopyProtect Protect your blog posts Type Plugin Vulnerable versions = 3.1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25025 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 483e3127703e Credit...

8.8CVSS6.6AI score0.00214EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/06/27 12:0 a.m.23 views

WordPress LearnDash LMS Plugin <= 4.6.0 is vulnerable to Broken Authentication

Software LearnDash LMS Type Plugin Vulnerable versions = 4.6.0 Fixed in 4.6.0.1 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-3105 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fcee4e28c7df Credits István Márton Required...

8.8CVSS6.5AI score0.02233EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/06/19 12:0 a.m.23 views

WordPress EventPrime Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 3.0.5 Fixed in 3.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35884 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d78f3844de4 Credits Le Ngoc Anh Required...

7.1CVSS5.6AI score0.00411EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/16 12:0 a.m.23 views

WordPress Zotpress Plugin <= 7.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Zotpress Type Plugin Vulnerable versions = 7.3.3 Fixed in 7.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32961 Patch priority Medium CVSS severity Medium 7.1 Developer Katie Seaborn PSID 1e1dc3c4b47a Credits LOURCODE Required privileg...

7.1CVSS5.6AI score0.0103EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2023/04/17 12:0 a.m.23 views

WordPress Cloud Manager Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Cloud Manager Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0421 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e0814c8cc2bc Credits Shreya Pohekar Required...

6.1CVSS5.9AI score0.0051EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/04/13 12:0 a.m.23 views

WordPress Events Made Easy Plugin <= 2.3.14 is vulnerable to SQL Injection

Software Events Made Easy Type Plugin Vulnerable versions = 2.3.14 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28660 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID b6f80ca22af2 Credits Joshua Martinelle Tenable Research Required...

8.8CVSS6.8AI score0.00872EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/04/06 12:0 a.m.23 views

WordPress Weaver Xtreme Theme <= 5.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Weaver Xtreme Type Theme Vulnerable versions = 5.0.7 Fixed in 6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1403 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b31bb20a58fc Credits Ramuel Gall Required privileg...

6.4CVSS6AI score0.00531EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/03/14 12:0 a.m.23 views

WordPress Popup Maker Plugin <= 1.17.1 is vulnerable to Sensitive Data Exposure

Software Popup Maker Type Plugin Vulnerable versions = 1.17.1 Fixed in 1.18.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2022-47597 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d6552fe3bb39 Credits rezaduty Required privilege...

7.5CVSS6.5AI score0.00612EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/03 12:0 a.m.23 views

WordPress Classic Editor and Classic Widgets Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Classic Editor and Classic Widgets Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27434 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c89f9ac26cdb Credits...

8.8CVSS6.6AI score0.00309EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/17 12:0 a.m.23 views

WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control

Software Advanced Dynamic Pricing for WooCommerce Type Plugin Vulnerable versions = 4.1.5 Fixed in 4.1.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-40203 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 061da4b2f208 Credit...

8.8CVSS6.5AI score0.00405EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/14 12:0 a.m.23 views

WordPress Profile Builder Plugin <= 3.9.0 is vulnerable to Sensitive Data Exposure

Software Profile Builder Type Plugin Vulnerable versions = 3.9.0 Fixed in 3.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0814 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 43ad15dcf7ab Credits István Márton Required...

6.5CVSS6.3AI score0.00769EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/17 12:0 a.m.23 views

WordPress Simple URLs Plugin < 115 is vulnerable to SQL Injection

Software Simple URLs Type Plugin Vulnerable versions 115 Fixed in 115 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0098 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID ce05d13c3118 Credits dc11 Required privilege Subscriber Published 17 January,...

8.8CVSS6.8AI score0.00943EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/10 12:0 a.m.23 views

WordPress Page View Count Plugin < 2.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Page View Count Type Plugin Vulnerable versions 2.6.1 Fixed in 2.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0095 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 545a0fccfa3b Credits Lana Codes Required...

5.4CVSS5.9AI score0.00573EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/01/05 12:0 a.m.23 views

WordPress Product Slider and Carousel with Category for WooCommerce Plugin < 2.8 is vulnerable to Cross Site Scripting (XSS)

Software Product Slider and Carousel with Category for WooCommerce Type Plugin Vulnerable versions 2.8 Fixed in 2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4791 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID...

5.4CVSS5.7AI score0.00471EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2022/11/23 12:0 a.m.23 views

WordPress Contest Gallery plugin <= 13.1.0.9 - Unauth. Stored Cross-Site Scripting (XSS) vulnerability

Unauth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress Contest Gallery plugin versions = 13.1.0.9. Solution Update the WordPress Contest Gallery plugin to the latest available version at least 14.0.0...

3.1AI score0.00406EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/23 12:0 a.m.23 views

WordPress ShareThis Dashboard for Google Analytics plugin <= 3.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to plugin settings reset discovered by Dave Jong Patchstack in WordPress ShareThis Dashboard for Google Analytics plugin versions = 3.1.2. Solution No patched version available...

3.1AI score0.00465EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/22 12:0 a.m.23 views

WordPress Easy Video Player plugin <= 1.2.2.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Easy Video Player plugin versions = 1.2.2.2. Solution Update the WordPress Easy Video Player plugin to the latest available version at least 1.2.2.3...

2AI score0.00507EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/17 12:0 a.m.23 views

WordPress Anthologize plugin <= 0.8.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability by Hoang Van Hiep aka sk4rl1ghT Patchstack Alliance in the WordPress Anthologize plugin versions = 0.8.0. Solution Update the WordPress Anthologize plugin to the latest available version at least 0.8.1...

4.8CVSS2.1AI score0.00392EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/16 12:0 a.m.23 views

WordPress WooCommerce Shipping - DPD baltic plugin <= 1.2.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress WooCommerce Shipping - DPD baltic plugin versions = 1.2.8. Solution Update the WordPress DPD Baltic Shipping plugin to the latest available version at least 1.2.11...

2.1AI score0.0047EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/10 12:0 a.m.23 views

WordPress WP Page Builder plugin <= 1.2.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Vaibhav Koli in the WordPress WP Page Builder plugin versions = 1.2.8. Solution Deactivate and delete. This plugin has been closed as of 9. November, 2022 and is not available for download. This closure is temporary, pending a full...

2AI score0.0047EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/10 12:0 a.m.23 views

WordPress Advanced WP Columns plugin <= 2.0.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by lucy in the WordPress Advanced WP Columns plugin versions = 2.0.6. Solution Deactivate and delete. This plugin has been closed as of November 7, 2022 and is not available for download. This closure is temporary, pending a full revi...

2.2AI score0.00567EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/07 12:0 a.m.23 views

WordPress WP User Merger plugin <= 1.5.2 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Kunal Sharma University of Kaiserslautern and Daniel Krohmer Fraunhofer IESE in the WordPress WP User Merger plugin versions = 1.5.2. Solution Update the WordPress WP User Merger plugin to the latest available version at least 1.5.3...

2.1AI score0.01053EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/11/07 12:0 a.m.23 views

WordPress WP User Merger plugin <= 1.5.2 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Kunal Sharma University of Kaiserslautern, Germany and Daniel Krohmer Fraunhofer IESE, Germany in the WordPress WP User Merger plugin versions = 1.5.2. Solution Update the WordPress WP User Merger plugin to the latest available version at least...

2.1AI score0.01053EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/11/07 12:0 a.m.23 views

WordPress Cyklodev WP Notify plugin <= 1.2.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT Patchstack Alliance in the WordPress Cyklodev WP Notify plugin versions = 1.2.1. Solution No patched version is available...

2.1AI score0.00392EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/03 12:0 a.m.23 views

WordPress Image Hover Effects Css3 <= 4.5 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Image Hover Effects Css3 versions = 4.5. Solution Deactivate and delete. This plugin has been closed as of November 1, 2022 and is not available for download. This closure is temporary, pending a full...

1.8AI score0.0047EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/30 12:0 a.m.23 views

WordPress TeraWallet – For WooCommerce plugin <= 1.3.24 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress TeraWallet – For WooCommerce plugin versions = 1.3.24. Solution Update the WordPress TeraWallet – For WooCommerce plugin to the latest available version at least 1.4.0...

4.4AI score0.00264EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/30 12:0 a.m.23 views

WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Notice Dismissal discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Coupons for WooCommerce Coupons plugin versions = 4.5. Solution Update the WordPress Advanced Coupons for WooCommerce Coupons plugin to the latest...

5.4CVSS3.3AI score0.00258EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/29 12:0 a.m.23 views

WordPress My wpdb plugin <= 2.4 - Arbitrary SQL Query via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary SQL Query via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress My wpdb plugin versions = 2.4. Solution Update the WordPress My wpdb plugin to the latest available version at least 2.5...

8.8CVSS4.7AI score0.00425EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/20 12:0 a.m.23 views

WordPress Simple SEO plugin <= 1.8.12 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Sitemap Creation/Deletion discovered by Mika Patchstack Alliance in WordPress Simple SEO plugin versions = 1.8.12. Solution Update the WordPress Simple SEO plugin to the latest available version at least 1.8.13...

5.4CVSS3.6AI score0.00239EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/20 12:0 a.m.23 views

WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability Leading to Arbitrary Plugin Installation/Activation discovered by Dave Jong Patchstack in WordPress Avada theme versions = 7.8.1. Solution Update the WordPress Avada theme to the latest available version at least 7.8.2...

8.8CVSS4AI score0.00457EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/10/18 12:0 a.m.23 views

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability via wp-mail.php discovered by Toshitsugu Yoneyama Mitsui Bussan Secure Directions, Inc. via JPCERT in WordPress core versions = 6.0.2 Solution Update the WordPress to the latest available version at least 6.0.3...

2.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/10/18 12:0 a.m.23 views

WordPress WP Attachments plugin <= 5.0.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mariah Almotlag in the WordPress WP Attachments plugin versions = 5.0.4. Solution Update the WordPress WP Attachments plugin to the latest available version at least 5.0.5...

4.8CVSS3.3AI score0.00532EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/10 12:0 a.m.23 views

WordPress Automatic User Roles Switcher premium plugin <= 1.1.1 - Auth. Privilege Escalation vulnerability

Auth. Privilege Escalation vulnerability discovered by WPScan in WordPress Automatic User Roles Switcher premium plugin versions = 1.1.1. Solution Update the WordPress Automatic User Roles Switcher plugin to the latest available version at least 1.1.2...

6.5CVSS4AI score0.00332EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/09/30 12:0 a.m.23 views

WordPress WZone – Lite Version plugin <= 3.1 Lite - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress WZone – Lite Version plugin versions = 3.1 Lite. Solution No patched version is available. No reply from the vendor since Jul 29, 2022...

3.3AI score0.00234EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/29 12:0 a.m.23 views

WordPress Accordions plugin <= 2.0.3 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities discovered by Vlad Vector Patchstack in WordPress Accordions plugin versions = 2.0.3. Solution Update the WordPress Accordions plugin to the latest available version at least 2.1.0...

4.8CVSS3.1AI score0.00404EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/26 12:0 a.m.23 views

WordPress Drag and Drop Multiple File Upload plugin <= 1.3.6.4 - File Upload Size Limit Bypass vulnerability

File Upload Size Limit Bypass vulnerability discovered by Sanjay Das in WordPress Drag and Drop Multiple File Upload plugin versions = 1.3.6.4. Solution Update the WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin to the latest available version at least 1.3.6.5...

4.3CVSS1.5AI score0.00543EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/26 12:0 a.m.23 views

WordPress Tutor LMS plugin <= 2.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by lucy in WordPress Tutor LMS plugin versions = 2.0.9. Solution Update the WordPress Tutor LMS plugin to the latest available version at least 2.0.10...

4.8CVSS2AI score0.00573EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/21 12:0 a.m.23 views

WordPress FavIcon Switcher plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability was discovered by Lana Codes Patchstack Alliance in the WordPress FavIcon Switcher plugin versions = 1.2.11. Solution Deactivate and delete. This plugin has been closed as of September 19, 2022 and is not available for download. This closure is...

5.4CVSS3.3AI score0.00255EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/16 12:0 a.m.23 views

WordPress SearchWP Live Ajax Search plugin <= 1.6.2 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability was discovered by Muhammad Zeeshan Xib3rR4dAr in the WordPress SearchWP Live Ajax Search plugin versions = 1.6.2. Solution Update the WordPress SearchWP Live Ajax Search plugin to the latest available version at least 1.6.3...

2AI score
Exploits0Affected Software1
Total number of security vulnerabilities5000