Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2022/02/28 12:0 a.m.23 views

WordPress RevivePress – Keep your Old Content Evergreen plugin < 1.3.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress RevivePress – Keep your Old Content Evergreen plugin versions 1.3.1. Solution Update the WordPress RevivePress – Keep your Old Content Evergreen plugin to the latest available version at least 1.3.1...

2.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.23 views

WordPress WP-HR Manager: The Human Resources Plugin for WordPress plugin < 3.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP-HR Manager: The Human Resources Plugin for WordPress plugin versions 3.0.3. Solution Update the WordPress WP-HR Manager: The Human Resources Plugin for WordPress plugin to the latest available versi...

3.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.23 views

WordPress Royal Elementor Addons (Header Footer Builder, Popups, Post Grid, Woocommerce Product Grid, Slider, Parallax Image, Free Elementor Widgets & Elementor Templates) plugin <= 1.3.32 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Royal Elementor Addons Header Footer Builder, Popups, Post Grid, Woocommerce Product Grid, Slider, Parallax Image, Free Elementor Widgets & Elementor Templates plugin versions = 1.3.32. Solution Update...

0.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/23 12:0 a.m.23 views

WordPress Amelia plugin <= 1.0.45 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Amelia plugin versions = 1.0.45. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.46...

6.1CVSS3.3AI score0.00788EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/22 12:0 a.m.23 views

WordPress Advanced Contact form 7 DB plugin <= 1.8.6 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Krzysztof Zając in WordPress Advanced Contact form 7 DB plugin versions = 1.8.6. Solution Update the WordPress Advanced Contact form 7 DB plugin to the latest available version at least 1.8.7...

8CVSS3.4AI score0.00721EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/10 12:0 a.m.23 views

WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Spiffy Calendar plugin versions = 4.9.0 by Ngo Van Thien. Solution Update the WordPress Spiffy Calendar plugin to the latest available version at least 4.9.1...

5.4CVSS3.9AI score0.00398EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/01/10 12:0 a.m.23 views

WordPress WooCommerce – Store Exporter plugin <= 2.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WooCommerce – Store Exporter plugin versions = 2.7. Solution Update the WordPress WooCommerce – Store Exporter plugin to the latest available version at least 2.7.1...

6.1CVSS2.5AI score0.02337EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/06 12:0 a.m.23 views

WordPress IP2Location Country Blocker plugin <= 2.26.4 - Arbitrary Country Ban vulnerability

Arbitrary Country Ban by low privilege users vulnerability discovered by Krzysztof Zając in WordPress IP2Location Country Blocker plugin versions = 2.26.4. Solution Update the WordPress IP2Location Country Blocker plugin to the latest available version at least 2.26.5...

7.1CVSS4.7AI score0.00537EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/05 12:0 a.m.23 views

WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.6.9 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Stored Cross-Site Scripting XSS vulnerabilities discovered by Yoru Oni in WordPress Contact Form & Lead Form Elementor Builder plugin versions = 1.6.9. Solution Update the WordPress Contact Form & Lead Form Elementor Builder plugin to the latest available version at least 1.7.0...

2.2AI score0.0054EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/03 12:0 a.m.23 views

WordPress Asset CleanUp plugin <= 1.3.8.4 - Reflected Cross-Site Scripting (XSS) vulnerability via AJAX Action

Reflected Cross-Site Scripting XSS vulnerability via AJAX Action discovered by JrXnm in WordPress Asset CleanUp plugin versions = 1.3.8.4. Solution Update the WordPress Asset CleanUp plugin to the latest available version at least 1.3.8.5...

6.1CVSS3.3AI score0.00956EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/29 12:0 a.m.23 views

WordPress Learning Courses plugin <= 4.9 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by dhananjaygarg192002 in WordPress Learning Courses plugin versions = 5.0. Solution Patched in version 5.0, but closed for other security reasons. This plugin has been closed as of October 8, 2021 and is not available for download. Reason:...

4.8CVSS1.7AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/27 12:0 a.m.23 views

WordPress WP Post Page Clone plugin <= 1.1 - Unauthorized Post Access vulnerability

Unauthorized Post Access vulnerability discovered by apple502j in WordPress WP Post Page Clone plugin versions = 1.1. Solution Update the WordPress WP Post Page Clone plugin to the latest available version at least 1.2...

4.3CVSS2.5AI score0.00783EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/21 12:0 a.m.23 views

WordPress Easy Forms for Mailchimp plugin <= 6.8.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Easy Forms for Mailchimp plugin versions = 6.8.5. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.8.6...

6.1CVSS1.7AI score0.01109EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/21 12:0 a.m.23 views

WordPress Asgaros Forum plugin <= 1.15.14 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Trang LKB in WordPress Asgaros Forum plugin versions = 1.15.14. Solution Update the WordPress Asgaros Forum plugin to the latest available version at least 1.15.15...

7.2CVSS2.9AI score0.01502EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/21 12:0 a.m.23 views

WordPress Simple Download Monitor plugin <= 3.9.8 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by apple502j in the WordPress Simple Download Monitor plugin versions = 3.9.8. Solution Update the WordPress Simple Download Monitor to the latest available version at least 3.9.9...

8.8CVSS3.3AI score0.0063EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/13 12:0 a.m.23 views

WordPress .htaccess Redirect plugin <= 0.3.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress .htaccess Redirect plugin versions = 0.3.1. Solution Deactivate and delete. This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3AI score0.00757EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/12/08 12:0 a.m.23 views

WordPress RegistrationMagic plugin <= 5.0.1.7 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Marco Wotschka and Chloe Chamberland in WordPress RegistrationMagic plugin versions = 5.0.1.7. Solution Update the WordPress RegistrationMagic plugin to the latest available version at least 5.0.1.8...

9.8CVSS2.7AI score0.07EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/12/05 12:0 a.m.23 views

WordPress Modal Window plugin <= 5.2.1 - Remote File Inclusion (RFI) leading to Remote Code Execution (RCE) via CSRF vulnerability

Remote File Inclusion RFI leading to Remote Code Execution RCE via CSRF vulnerability discovered by Krzysztof Zając in WordPress Modal Window plugin versions = 5.2.1. Solution Update the WordPress Modal Window plugin to the latest available version at least 5.2.2...

8.8CVSS6.2AI score0.00773EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.23 views

WordPress All-in-One Video Gallery plugin <= 2.4.9 - Local File Inclusion (LFI) vulnerability

Local File Inclusion LFI vulnerability discovered by Mohamed Magdy AbuMuslim in WordPress All-in-One Video Gallery plugin versions = 2.4.9. Solution Update the WordPress All-in-One Video Gallery plugin to the latest available version at least 2.5.0...

7.2CVSS2.7AI score0.05898EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.23 views

WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 3.9.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Auto Featured Image Auto Post Thumbnail plugin versions = 3.9.2. Solution Update the WordPress Auto Featured Image Auto Post Thumbnail plugin to the latest available version at least 3.9.3...

6.1CVSS1.9AI score0.008EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.23 views

WordPress WP Admin Logo Changer plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Plugin Settings Update

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Update discovered by apple502j in WordPress WP Admin Logo Changer plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of October 4, 2021 and is not available for download. This closure is...

6.5CVSS1.8AI score0.00531EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/29 12:0 a.m.23 views

WordPress Download Monitor plugin <= 4.4.6 - Authenticated Arbitrary File Download vulnerability

Authenticated Arbitrary File Download vulnerability discovered by Ex.Mi Patchstack in WordPress Download Monitor plugin versions = 4.4.6. Solution Update the WordPress Download Monitor plugin to the latest available version at least 4.4.7...

6.8CVSS3.7AI score0.01391EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/10/27 12:0 a.m.23 views

WordPress WPS Hide Login plugin <= 1.9 - Protection Bypass with Referer-Header vulnerability

Protection Bypass with Referer-Header vulnerability discovered by Daniel Ruf in WordPress WPS Hide Login plugin versions = 1.9. Solution Update the WordPress WPS Hide Login plugin to the latest available version at least 1.9.1...

2.3AI score0.71532EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2021/10/18 12:0 a.m.23 views

WordPress Shared Files plugin <= 1.6.60 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress Shared Files plugin versions = 1.6.60. Solution Update the WordPress Shared Files plugin to the latest available version at least 1.6.61...

4.8CVSS1.6AI score0.00647EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/15 12:0 a.m.23 views

WordPress MPL-Publisher – Self-publish your book & ebook plugin <= 1.30.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress MPL-Publisher – Self-publish your book & ebook plugin versions = 1.30.2. Solution Update the WordPress MPL-Publisher – Self-publish your book & ebook plugin to the latest available versi...

5.5CVSS1.9AI score0.01003EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/10/13 12:0 a.m.23 views

WordPress Brizy – Page Builder plugin <= 2.3.11 - Authenticated File Upload and Path Traversal vulnerability

Authenticated File Upload and Path Traversal vulnerability discovered by Ramuel Gall WordFence in WordPress Brizy – Page Builder plugin versions = 2.3.11. Solution Update the WordPress Brizy – Page Builder plugin to the latest available version at least 2.3.12...

8.8CVSS2.3AI score0.01682EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/10/11 12:0 a.m.23 views

WordPress WPSchoolPress plugin <= 2.1.16 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Stored Cross-Site Scripting XSS vulnerabilities were discovered by Davide Taraschi in the WordPress WPSchoolPress plugin versions = 2.1.16. Solution Update the WordPress WPSchoolPress plugin to the latest available version at least 2.1.17...

4.8CVSS2AI score0.02358EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2021/09/22 12:0 a.m.23 views

WordPress Ninja Forms Contact Form plugin <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure vulnerability

Unprotected REST-API to Sensitive Information Disclosure vulnerability discovered by Chloe Chamberland WordFence in WordPress Ninja Forms Contact Form plugin versions = 3.5.7. Solution Update the WordPress Ninja Forms Contact Form plugin to the latest available version at least 3.5.8...

6.5CVSS2.7AI score0.01122EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/22 12:0 a.m.23 views

WordPress Cookie Bar plugin <= 1.8.8 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by pang0lin in WordPress Cookie Bar plugin versions = 1.8.8. Solution Update the WordPress Cookie Bar plugin to the latest available version at least 1.8.9...

4.8CVSS2AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/21 12:0 a.m.23 views

WordPress WP HTML Author Bio plugin <= 1.2.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Veshraj Ghimire in WordPress WP HTML Author Bio plugin versions = 1.2.0. Solution Deactivate and delete. This plugin has been closed as of July 19, 2021 and is not available for download. Reason: Security Issue...

5.4CVSS0.5AI score0.01771EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2021/09/21 12:0 a.m.23 views

WordPress Frontend Uploader plugin <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Veshraj Ghimire in WordPress Frontend Uploader plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of July 22, 2021 and is not available for download. Reason: Security Issue...

6.1CVSS2.1AI score0.26379EPSS
Exploits6References3Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.23 views

WordPress MainWP Child Reports plugin <= 2.0.7 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress MainWP Child Reports plugin versions = 2.0.7. Solution Update the WordPress MainWP Child Reports plugin to the latest available version at least 2.0.8...

7.2CVSS2.3AI score0.01327EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/13 12:0 a.m.23 views

WordPress Coming soon and Maintenance mode plugin <= 3.5.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Coming soon and Maintenance mode plugin versions = 3.5.2. Solution Update the WordPress Coming soon and Maintenance mode plugin to the latest available version at least 3.5.3...

5.4CVSS2.4AI score0.006EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.23 views

WordPress Woocommerce Payment Gateway per Category plugin <= 2.0.10 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Woocommerce Payment Gateway per Category plugin versions = 2.0.10. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.2AI score0.00908EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.23 views

WordPress On Page SEO + Whatsapp Chat Button plugin <= 1.0.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress On Page SEO + Whatsapp Chat Button plugin versions = 1.0.1. Solution Update the WordPress On Page SEO + Whatsapp Chat Button plugin to the latest available version at least 1.0.2...

6.1CVSS1.7AI score0.00866EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/08/23 12:0 a.m.23 views

WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.1 - Unauthorized Event TimeSlot Deletion vulnerability

Unauthorized Event TimeSlot Deletion vulnerability discovered by dc11 in WordPress Timetable and Event Schedule by MotoPress plugin versions = 2.4.1. Solution Update the WordPress Timetable and Event Schedule by MotoPress plugin to the latest available version at least 2.4.2...

4.3CVSS3.4AI score0.01568EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/23 12:0 a.m.23 views

WordPress WP Video Lightbox plugin <= 1.9.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Vishnupriya Ilango Fortinet Fortiguard Labs in WordPress WP Video Lightbox plugin versions = 1.9.2. Solution Update the WordPress WP Video Lightbox plugin to the latest available version at least 1.9.3...

5.4CVSS1.4AI score0.00618EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/08/13 12:0 a.m.23 views

WordPress Smart Email Alerts plugin <= 1.0.10 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Smart Email Alerts plugin versions = 1.0.10. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3AI score0.00938EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/08/02 12:0 a.m.23 views

WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.4.6 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered by Swapnil Bodekar in WordPress SMS Alert Order Notifications – WooCommerce plugin versions = 3.4.6. Solution Update the WordPress SMS Alert Order Notifications – WooCommerce plugin to the latest available version at least 3.4.7...

6.1CVSS2.3AI score0.00827EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/07/29 12:0 a.m.23 views

WordPress WordPress Download Manager plugin <= 3.1.24 - Authenticated File Upload vulnerability

Authenticated File Upload vulnerability discovered by Ramuel Gall WordFence in WordPress WordPress Download Manager plugin versions = 3.1.24. Solution Update the WordPress WordPress Download Manager plugin to the latest available version at least 3.1.25...

8.8CVSS3.2AI score0.0058EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2021/07/02 12:0 a.m.23 views

WordPress Workreap premium theme <= 2.2.1 - Multiple Cross-Site Scripting (CSRF) + Insecure Direct Object References (IDOR) vulnerabilities

Multiple Cross-Site Scripting CSRF + Insecure Direct Object References IDOR vulnerabilities discovered by Harald Eilertsen Jetpack in WordPress Workreap premium theme versions = 2.2.1. Solution Update the WordPress Workreap premium theme to the latest available version at least 2.2.2...

8.1CVSS1.1AI score0.00646EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/28 12:0 a.m.23 views

WordPress W3 Total Cache plugin <= 2.1.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by renniepak in WordPress W3 Total Cache plugin versions = 2.1.4. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.5...

6.1CVSS2.1AI score0.01996EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/07 12:0 a.m.23 views

WordPress Jannah premium theme <= 5.4.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Truoc Phan in WordPress Jannah premium theme versions = 5.4.3. Solution Update the WordPress Jannah premium theme to the latest available version at least 5.4.4...

6.1CVSS1.7AI score0.01975EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/02 12:0 a.m.23 views

WordPress GetPaid plugin <= 2.3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Jörg Steinsträter in WordPress GetPaid plugin versions = 2.3.3. Solution Update the WordPress GetPaid plugin to the latest available version at least 2.3.4...

5.4CVSS1.8AI score0.00624EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/04/18 12:0 a.m.23 views

WordPress Related Posts for WordPress plugin <= 2.0.4 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Related Posts for WordPress plugin versions = 2.0.4. Solution Update the WordPress Related Posts for WordPress plugin to the latest available version at least 2.0.5...

4.8CVSS1.9AI score0.00687EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/03/17 12:0 a.m.23 views

WordPress BuddyPress plugin <= 7.2.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered in WordPress BuddyPress plugin versions = 7.2.0. Solution Update the WordPress BuddyPress plugin to the latest available version at least 7.2.1...

9CVSS3.9AI score0.13882EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/03/15 12:0 a.m.23 views

WordPress Social Slider Feed plugin <= 1.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by purine chu in WordPress Social Slider Feed plugin versions = 1.8.4. Solution Update the WordPress Social Slider Feed plugin to the latest available version at least 1.8.5...

5.4CVSS2.4AI score0.00679EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2020/12/15 12:0 a.m.23 views

WordPress Redux Framework plugin <= 4.1.20 - CSRF Nonce Validation Bypass vulnerability

CSRF Nonce Validation Bypass vulnerability discovered by Lenon Leite in WordPress Redux Framework plugin versions = 4.1.20. Solution Update the WordPress Redux Framework plugin to the latest available version at least 4.1.21...

2.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/12/09 12:0 a.m.23 views

WordPress DiveBook plugin <= 1.1.4 - Improper Authorisation Check vulnerability

Improper Authorisation Check vulnerability found by Hooper Labs in WordPress DiveBook plugin versions = 1.1.4. Solution 2020-12-09 - we were unable to find a patched version of this plugin Last updated: 10 years ago...

5.3CVSS2.9AI score0.01139EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2020/12/01 12:0 a.m.23 views

WordPress eventON premium plugin <= 3.0.5 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Mustafa GUNDOGDU b3kc4t in WordPress eventON premium plugin versions = 3.0.5. Solution 2020-12-01 - we were unable to find a patched version of this plugin...

6.1CVSS2.4AI score0.11696EPSS
Exploits2References2Affected Software1
Total number of security vulnerabilities5000