Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
•added 2014/08/06 12:0 a.m.•23 views

WordPress Tom M8te Plugin <= 1.5.3 - Local File Inclusion

Because of this vulnerability, the attackers can read arbitrary files via the "file" parameter to tom-download-file.php. Solution Upgrade the plugin...

5CVSS5AI score0.04718EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/07/11 12:0 a.m.•23 views

WordPress Cross References Plugin <= 1.7 - Local File Inclusion

Because of this vulnerability, the attackers can read arbitrary files via a full pathname in the "rss" parameter to proxy.php. Solution Update the plugin...

5CVSS4.7AI score0.04306EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/07/07 12:0 a.m.•23 views

WordPress MailPoet (Wysija NewsLetters) plugin - Unauthenticated File Upload

MailPoet Wysija NewsLetters plugin is prone to an unauthenticated file upload vulnerability. The plugin uses the "admininit" hook that is executed for unauthenticated users when accessing a specific URL. Solution Upgrade the plugin...

7.5CVSS3.2AI score0.59682EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•23 views

WordPress WP Plugin Manager Plugin <= 1.6.4.b - XSS

Because of this vulnerability in wp-plugins-net/index.php, the attackers can inject arbitrary web script or HTML via the "filter" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/10 12:0 a.m.•23 views

WordPress Conversion Ninja Plugin - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "id" parameter to lp/index.php. Solution Update the plugin...

4.3CVSS3.1AI score0.01636EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/03/07 12:0 a.m.•23 views

WordPress Search Everything Plugin <= 7.0.2 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "s" parameter to index.php. Solution Update the plugin...

7.5CVSS6.5AI score0.02193EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/02/11 12:0 a.m.•23 views

WordPress Buddypress Plugin 1.9.1 - Privilege Escalation

Buddypress plugin is prone tu vulnerability that allows an attacker to take control of every group change name, description, avatar and settings. Solution Upgrade the plugin...

6.5CVSS3.2AI score0.10817EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2014/01/20 12:0 a.m.•23 views

WordPress <= 3.3.2 - Cross Site Scripting

Because of this vulnerability in wp-includes/default-filters.php, the attackers can inject arbitrary web script or HTML via an editable slug field. Solution Update the plugin...

4.3CVSS2.9AI score0.0212EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/12/08 12:0 a.m.•23 views

WordPress Download Manager Free & Pro Plugin 2.5.8 - Persistent Cross Site Scripting

Download Manager Free & Pro plugin is prone to a persistent XSS vulnerability. The title input field is not sanitized and therefor vulnerable to persistent cross site scripting. Solution Upgrade the plugin...

4.3CVSS2.6AI score0.04576EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/10/24 12:0 a.m.•23 views

WordPress SAICO Theme 1.0-1.0.2 - Arbitrary File Upload

WordPress SAICO theme is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Upgrade the theme...

3.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/09/22 12:0 a.m.•23 views

WordPress Lazy SEO Plugin 1.1.9 - Shell Upload

This Lazy SEO plugin is prone to a shell upload vulnerability, in which the administrator or author could upload shell script, in the other words, default settings. Solution Update the plugin...

6.8CVSS1.4AI score0.05453EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/05/16 12:0 a.m.•23 views

WordPress WP Cleanfix Plugin - Cross Site Request Forgery

WP Cleanfix plugin is prone to a cross site request forgery vulnerability. It allows an attacker to perform certain unauthorized actions in the context of the affected application. Solution Update the plugin...

5.4CVSS3.5AI score0.02192EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/02/19 12:0 a.m.•23 views

WordPress <= 3.5.1 - Multiple SSRF

Because of these vulnerabilities, the attackers can send HTTP requests to intranet servers via unspecified vectors. Solution Update WordPress...

4.3CVSS3.5AI score0.02044EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/11/08 12:0 a.m.•23 views

WordPress AJAX Post Search Plugin <= 1.2 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "srchtxt" parameter. Solution Update the plugin...

7.5CVSS6.8AI score0.02242EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/10/25 12:0 a.m.•23 views

WordPress Sentinel Plugin <= 1.0.0 - Cross Site Scripting

Because of this vulnerability in wordpresssentinel.php, the attackers can inject arbitrary web script or HTML via unknown vectors. Solution Update the plugin...

4.3CVSS4AI score0.02483EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/10/25 12:0 a.m.•23 views

WordPress Sentinel Plugin <= 1.0.0 - CSRF

Because of this vulnerability in wordpresssentinel.php, the attackers can hijack the authentication of an administrator for requests that trigger snapshots. Solution Update the plugin...

6.8CVSS4.6AI score0.01222EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/10/08 12:0 a.m.•23 views

WordPress BackWPup Plugin <= 1.4.0 - Directory Traversal

because of this vulnerability, the attackers can read arbitrary files in the "wpabs parameter". Solution Update the plugin...

5CVSS4.1AI score0.0326EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/08/13 12:0 a.m.•23 views

WordPress Better WP Security Plugin <= 3.2.4 - Multiple XSS

Because of this vulnerabilities, the attackers can inject arbitrary web script or HTML via unspecified vectors related to "server variables". Solution Update the plugin...

4.3CVSS2.4AI score0.01653EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/06/14 12:0 a.m.•23 views

WordPress <= 3.4.0 - Multiple Vulnerabilities

Because of multiple vulnerabilities in this version of WordPress, remote authors or contributors can obtain sensitive information via unknown vectors. Solution Update WordPress...

5CVSS5.3AI score0.01902EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/04/21 12:0 a.m.•23 views

WordPress <= 3.3.1 - XSS #2

The attackers can conduct cross-site scripting attacks via unspecified vectors, because of wp-includes/formatting.php in attempts to enable clickable links inside attributes. Solution Update WordPress...

4.3CVSS3.9AI score0.02794EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/04/21 12:0 a.m.•23 views

WordPress <= 3.3.1 - CSRF and XSS

There are cross site scripting and cross site request forgery vulnerabilities via SWF Applets. Solution Update WordPress...

5CVSS2.8AI score0.05323EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/03/19 12:0 a.m.•23 views

WordPress Video Embed & Thumbnail Generator Plugin <= 1.9 - Remote Code Execution

Because of this vulnerability, the attackers can execute arbitrary commands via unspecified vectors. Solution Update the plugin...

7.5CVSS7.6AI score0.03448EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2011/12/23 12:0 a.m.•23 views

WordPress <= 3.1.0 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update WordPress...

4.3CVSS3AI score0.0251EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2011/10/27 12:0 a.m.•23 views

WordPress WPtouch Plugin - SQL Injection Vulnerability

WPtouch plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

7.5CVSS3.1AI score0.02754EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/09/27 12:0 a.m.•23 views

WordPress The Erudite Theme <= XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "cpage" parameter. Solution Update the theme...

4.3CVSS2.8AI score0.01521EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/09/24 12:0 a.m.•23 views

WordPress F8 Lite Theme 4.2.1 - Cross Site Scripting

WordPress F8 Lite theme's "s" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...

4.3CVSS3AI score0.03134EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/08/10 12:0 a.m.•23 views

WordPress <= 3.1.2 - Unspecified vulnerability #1

Because of this vulnerability, there are unknown impact and attack vectors related to "Various security hardening." in this WordPress version. Solution Update WordPress...

10CVSS5.6AI score0.02443EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2011/08/10 12:0 a.m.•23 views

WordPress <= 3.1.2 - Multiple vulnerabilities

Because of these vulnerabilities, the attackers can obtain sensitive data via vectors related to wp-includes/post.php. Solution Update WordPress...

5CVSS4.9AI score0.02448EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2011/01/31 12:0 a.m.•23 views

WordPress <= 3.0.4 - Multiple Security Vulnerabilities

Because of these vulnerabilities, remote authenticated users can read draft posts or private posts via a modified "attachmentid" parameter. Solution Update WordPress...

4CVSS3.8AI score0.03168EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2009/08/18 12:0 a.m.•23 views

WordPress <= 2.8.2 - Multiple Vulnerabilities #2

Because of these vulnerabilities, the attackers can gain privileges via a direct request to edit-link-category-form.php, admin-footer.php, edit-page-form.php, edit-category-form.php or edit-form-comment.php. Solution Update WordPress...

10CVSS5.6AI score0.04711EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2009/06/22 12:0 a.m.•23 views

WordPress FireStats Plugin <= 1.6.1 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via unspecified vectors. Solution Update the plugin...

7.5CVSS7AI score0.02049EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2008/11/17 12:0 a.m.•23 views

WordPress <= 2.6.3 - Cross Site Request Forgery

Because of this vulnerability, the attackers can conduct delayed and persistent cross-site request forgery attacks via crafted cookies. Solution Update WordPress...

4CVSS4.9AI score0.01331EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2007/12/14 12:0 a.m.•23 views

WordPress PictPress Plugin <= 0.91 - Multiple Directory Traversal

Because of these vulnerabilities in resize.php, the attackers can read arbitrary files in the "size" or "path" parameter. Solution Update the plugin...

5CVSS3.8AI score0.07525EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2007/09/30 12:0 a.m.•23 views

WordPress Feed Reader Plugin <= 3.10 - XSS

Because of this vulnerability in the internal browser, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.6AI score0.02205EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2007/09/26 12:0 a.m.•23 views

WordPress <= 2.0.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "useremail" parameter. Solution Update WordPress...

4.3CVSS2.8AI score0.04381EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2007/06/20 12:0 a.m.•23 views

WordPress Automattic Stats Plugin <= 1.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the HTTP Referer field. Solution Update the plugin...

4.3CVSS2.4AI score0.01787EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2007/06/08 12:0 a.m.•23 views

WordPress <= 2.2 - SQL Injection

Because of this vulnerability in xmlrpc.php, the authenticated users can execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall. Solution Update WordPress...

6.5CVSS5.7AI score0.07315EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2007/05/03 12:0 a.m.•23 views

WordPress WP Table Plugin <= 1.43 - Remote File Inclusion

Because of this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "wpPATH" parameter. Solution Update the WordPress WP Table plugin to the latest available version at least 1.44...

6.8CVSS6.2AI score0.45355EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2007/01/29 12:0 a.m.•23 views

WordPress <= 1.4.5 - Multiple Vulnerabilities

Becase of these vulnerabilities, the attackers can determine the existence of arbitrary files and possibly read portions of certain files. Solution Update the WordPress to the latest available version at least 1.4.6...

5CVSS4.3AI score0.02521EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2006/11/21 12:0 a.m.•23 views

WordPress <= 2.0.4 - Denial of Service Attacks

The authenticated users can cause a denial of service attacks, because this WordPress version does not properly store a profile containing a string representation of a serialized object. Solution Update WordPress...

6.5CVSS4.3AI score0.0226EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2006/07/06 12:0 a.m.•23 views

WordPress <= 2.0.3 - Full Path Disclosure

Because of this vulnerabilitity, attackers can obtain the installation path via a direct request to various files for the example, wp-includes directories, wp-content, and wp-admin. Solution Update the WordPress to the latest available version at least 2.0.4...

5CVSS4.1AI score0.02807EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2005/05/20 12:0 a.m.•23 views

WordPress <=1.5 - SQL injection vulnerability

Because of this vulnerability in wp-trackback.php, attackers can execute arbitrary SQL commands via the "tbid" parameter. Solution Update this plugin...

7.5CVSS6.5AI score0.02299EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/05/27 2:27 p.m.•22 views

WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Steven Julian in WordPress Plugin SVG Support versions = 2.5.14...

4.3CVSS5.8AI score0.002EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/05/12 10:7 a.m.•22 views

WordPress Eight Day Week Print Workflow plugin <= 1.2.6 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Loganatha Vishnubalaji in WordPress Plugin Eight Day Week Print Workflow versions = 1.2.6...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/05/12 10:3 a.m.•22 views

WordPress AIWU plugin <= 1.4.21 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin AIWU versions = 1.4.21...

7.5CVSS5.9AI score0.00413EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/04/23 2:33 p.m.•22 views

WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kapee versions 1.7.1...

5AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2025/12/11 5:59 a.m.•22 views

WordPress WP CarDealer plugin <= 1.2.16 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Foxyyy in WordPress Plugin WP CarDealer versions = 1.2.16...

9.8CVSS6.7AI score0.003EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/05 7:50 a.m.•22 views

WordPress Time Sheets plugin <= 2.1.3 - Use of Known Vulnerable Component vulnerability

Use of Known Vulnerable Component vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Time Sheets versions = 2.1.3...

6.1CVSS6.2AI score0.0138EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2025/06/03 11:0 a.m.•22 views

WordPress Nasa Core plugin < 6.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Nasa Core versions 6.4.1...

6.5CVSS5.9AI score0.00174EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2025/05/27 7:6 p.m.•22 views

WordPress MasterStudy LMS Pro plugin <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin MasterStudy LMS Pro versions = 4.7.0...

8.8CVSS8.3AI score0.00959EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000