Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2025/04/17 10:19 a.m.22 views

WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Gravity Forms CSS Themes with Fontawesome and Placeholders versions = 8.5...

5.9CVSS6.9AI score0.00225EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/02/20 11:42 p.m.22 views

WordPress Indeed Ultimate Learning Pro plugin <= 3.9 - Authenticated (Administrator+) SQL Injection via post_id Parameter vulnerability

Authenticated Administrator+ SQL Injection via postid Parameter vulnerability discovered by Pham Van Tam in WordPress Plugin Indeed Ultimate Learning Pro versions = 3.9...

4.9CVSS8.1AI score0.00367EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/27 12:0 a.m.22 views

WordPress JobSearch Plugin <= 2.6.7 is vulnerable to Privilege Escalation

Software JobSearch Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11925 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9f2540380ea8 Credits Tonn Required...

9.8CVSS6.5AI score0.00634EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/25 12:0 a.m.22 views

WordPress InPost Gallery Plugin <= 2.1.4.2 is vulnerable to Arbitrary Code Execution

Software InPost Gallery Type Plugin Vulnerable versions = 2.1.4.2 Fixed in 2.1.4.3 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-11002 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 33afec67c5eb Credits Arkadiusz Hydzik Required privile...

6.3CVSS7AI score0.0057EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/20 12:0 a.m.22 views

WordPress Subaccounts for WooCommerce Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Subaccounts for WooCommerce Type Plugin Vulnerable versions = 1.6.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11370 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e68bad5342df Credits vgo0...

6.1CVSS6AI score0.00586EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/19 12:0 a.m.22 views

WordPress GamiPress Plugin <= 7.1.5 is vulnerable to Broken Access Control

Software GamiPress Type Plugin Vulnerable versions = 7.1.5 Fixed in 7.1.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-11036 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 528614ec92ef Credits Arkadiusz Hydzik Required...

9.8CVSS6.8AI score0.00712EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/15 12:0 a.m.22 views

WordPress Simple Local Avatars Plugin <= 2.7.11 is vulnerable to Broken Access Control

Software Simple Local Avatars Type Plugin Vulnerable versions = 2.7.11 Fixed in 2.8.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10786 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 717b24faeea4 Credits Trương Hữu Phúc...

4.3CVSS6.5AI score0.00333EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/15 12:0 a.m.22 views

WordPress EleForms Plugin <= 2.9.9.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software EleForms Type Plugin Vulnerable versions = 2.9.9.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6628 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5925dd673838 Credits Lucio Sá Required privilege...

4.3CVSS6.6AI score0.00213EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/12 12:0 a.m.22 views

WordPress JetWidgets For Elementor Plugin <= 1.0.18 is vulnerable to Cross Site Scripting (XSS)

Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.18 Fixed in 1.0.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10323 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8136ec91932f Credits Francesco...

6.4CVSS5.7AI score0.00295EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.22 views

WordPress Computer Repair Shop Plugin <= 3.8115 is vulnerable to Arbitrary File Upload

Software Computer Repair Shop Type Plugin Vulnerable versions = 3.8115 Fixed in 3.8116 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51793 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4e734860df66 Credits stealthcopter Required privilege...

10CVSS9.6AI score0.01794EPSS
Exploits4References2Affected Software1
Patchstack
Patchstack
added 2024/11/05 12:0 a.m.22 views

WordPress mFolio Lite Plugin <= 1.2.1 is vulnerable to Broken Access Control

Software mFolio Lite Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9307 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 19ba5b646cd3 Credits Francesco Carlucci Required...

9.9CVSS9.2AI score0.00944EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.22 views

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3.4 Fixed in 1.3.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0f23dd4816a6 Credits...

6.5CVSS6.5AI score0.00254EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/18 7:43 p.m.22 views

WordPress Social Share Buttons plugin <= 1.19 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Social Share Buttons versions = 1.19...

6.1CVSS6.3AI score0.00368EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/16 12:0 a.m.22 views

WordPress Google Language Translator Plugin < 6.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Google Language Translator Type Plugin Vulnerable versions 6.0.10 Fixed in 6.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2021-4452 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3695267a00ad Credits Ram Required...

7.1CVSS5.8AI score0.00471EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.22 views

WordPress WP Popup Builder Plugin <= 1.3.5 is vulnerable to Content Injection

Software WP Popup Builder Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-9061 Patch priority Medium CVSS severity Medium 7.9 Developer Claim ownership PSID f6bee0964d75 Credits Francesco Carlucci Required privilege...

9.8CVSS7.2AI score0.51316EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.22 views

WordPress Rescue Shortcodes Plugin <= 2.8 is vulnerable to Cross Site Scripting (XSS)

Software Rescue Shortcodes Type Plugin Vulnerable versions = 2.8 Fixed in 2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9696 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 55990669c666 Credits Peter Thaleikis Required...

6.4CVSS5.8AI score0.00242EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.22 views

WordPress TablePress Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)

Software TablePress Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9595 Patch priority Low CVSS severity Low 5.9 Developer TablePress PSID e1ecd7cf1ef2 Credits Max Boll b0lli Required privilege...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.22 views

WordPress Contact Forms, Live Support, CRM, Video Messages Plugin <= 1.10.2 is vulnerable to Sensitive Data Exposure

Software Contact Forms, Live Support, CRM, Video Messages Type Plugin Vulnerable versions = 1.10.2 Fixed in 1.11.1 OWASP Top 10 A8: Software and Data Integrity Failures Classification Sensitive Data Exposure CVE CVE-2024-49235 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSI...

7.5CVSS7.7AI score0.0044EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/09 12:0 a.m.22 views

WordPress Advanced Custom Fields PRO Plugin <= 6.3.7 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions = 6.3.7 Fixed in 6.3.8 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9529 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID aa150d72013d Credits Automattic Security Team...

6.6CVSS6.7AI score0.00435EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/09/26 12:0 a.m.22 views

WordPress 012 PS Multi Languages Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software 012 PS Multi Languages Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8723 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e9d3bd5f6a02 Credits mohamed hamadou zero...

6.4CVSS5.8AI score0.00256EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/29 12:0 a.m.22 views

WordPress Ultimate Classified Listings Plugin < 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Classified Listings Type Plugin Vulnerable versions 1.3 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5883 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 51c9f2d610f9 Credits Bob Matyas...

4.7CVSS5.7AI score0.0036EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2024/07/17 12:0 a.m.22 views

WordPress BookingPress Plugin <= 1.1.5 is vulnerable to Arbitrary File Upload

Software BookingPress Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-6467 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c0415b7cfd0a Credits Arkadiusz Hydzik Required privilege...

8.8CVSS7.2AI score0.00856EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/07/10 12:0 a.m.22 views

WordPress JSON API User Plugin <= 3.9.3 is vulnerable to Privilege Escalation

Software JSON API User Type Plugin Vulnerable versions = 3.9.3 Fixed in 3.9.4 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-6624 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c77720f52f77 Credits Thanh Nam Tran Required privile...

9.8CVSS6.5AI score0.0287EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/07/03 12:0 a.m.22 views

WordPress Himer Theme < 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Himer Type Theme Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2234 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID acb8e6a0fd0f Credits Bob Matyas Required privilege Contributor Published ...

6.3CVSS6.6AI score0.00335EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/07/03 12:0 a.m.22 views

WordPress WPQA - Builder forms Addon Plugin < 6.1.1 is vulnerable to Cross Site Scripting (XSS)

Software WPQA - Builder forms Addon Type Plugin Vulnerable versions 6.1.1 Fixed in 6.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2375 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b62f23b8b86a Credits Bob Matyas...

5.9CVSS5.8AI score0.00329EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/06/27 12:0 a.m.22 views

WordPress PDF.js Viewer Plugin <= 2.1.8.1 is vulnerable to Cross Site Scripting (XSS)

Software PDF.js Viewer Type Plugin Vulnerable versions = 2.1.8.1 Fixed in 2.2 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b8e9d442ad86 Credits Yudistira Arya...

6.6AI score0.72648EPSS
Exploits15References2Affected Software1
Patchstack
Patchstack
added 2024/06/25 12:0 a.m.22 views

WordPress Quiz Maker Plugin <= 6.5.8.3 is vulnerable to SQL Injection

Software Quiz Maker Type Plugin Vulnerable versions = 6.5.8.3 Fixed in 6.5.8.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6028 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 91d50e136383 Credits Arkadiusz Hydzik Required privilege Unauthenticat...

9.8CVSS7.2AI score0.11755EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/20 12:0 a.m.22 views

WordPress Enfold Theme <= 5.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Enfold Type Theme Vulnerable versions = 5.6.9 Fixed in 5.6.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37199 Patch priority Low CVSS severity Low 7.1 Developer Kriesi PSID 231fe6fad434 Credits tom Required privilege Unauthenticated Published 20 June...

7.1CVSS6.6AI score0.00288EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/05 12:0 a.m.22 views

WordPress BuddyForms Plugin <= 2.8.9 is vulnerable to Bypass Vulnerability

Software BuddyForms Type Plugin Vulnerable versions = 2.8.9 Fixed in 2.8.10 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-5149 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5566e284be9a Credits István Márton Required privilege...

6.5CVSS6.5AI score0.00388EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/05 12:0 a.m.22 views

WordPress Blocksy Theme <= 2.0.50 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Type Theme Vulnerable versions = 2.0.50 Fixed in 2.0.51 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5439 Patch priority Low CVSS severity Low 6.5 Developer Creative Themes PSID 4b0639fc9299 Credits Ngô Thiên An ancorn Required...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/05/13 12:0 a.m.22 views

WordPress Skyline WP Theme <= 1.0.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Skyline WP Type Theme Vulnerable versions = 1.0.10 Fixed in 1.0.11 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34810 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e68045327895 Credits Dhabaleshwar Das Requir...

6.1AI score0.00117EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/10 12:0 a.m.22 views

WordPress Divi Theme <= 4.25.0 is vulnerable to Cross Site Scripting (XSS)

Software Divi Type Theme Vulnerable versions = 4.25.0 Fixed in 4.25.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4490 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1cc1a7dd8fd8 Credits Webbernaut Required privilege...

6.4CVSS6.1AI score0.00505EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/30 12:0 a.m.22 views

WordPress MasterStudy LMS Plugin <= 3.3.8 is vulnerable to Broken Access Control

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3942 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID e8c9ed38d014 Credits Lucio Sá Required privilege...

6.3CVSS6.6AI score0.00384EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.22 views

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.8 is vulnerable to Broken Access Control

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.8 Fixed in 1.4.1.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-3734 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a6af6a35e8e2 Credit...

6.5CVSS6.5AI score0.01032EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/24 2:27 a.m.22 views

WordPress FileOrganizer plugin <= 1.0.6 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Nikolas in WordPress Plugin FileOrganizer versions = 1.0.6...

5.4CVSS5.7AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.22 views

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32808 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b60c26e035a2 Credits Kyle Sanchez...

8.8CVSS6.5AI score0.00448EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.22 views

WordPress MasterStudy LMS Plugin <= 3.3.3 is vulnerable to Local File Inclusion

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3136 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 0e613f9f337e Credits Hiroho Shimada Required privilege...

9.8CVSS6.8AI score0.05018EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/01 12:0 a.m.22 views

WordPress Forminator Plugin <= 1.29.0 is vulnerable to Cross Site Scripting (XSS)

Software Forminator Type Plugin Vulnerable versions = 1.29.0 Fixed in 1.29.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1794 Patch priority Medium CVSS severity Medium 7.1 Developer WPMU DEV PSID adc117fb9f27 Credits wesley wcraft Required...

7.2CVSS5.6AI score0.00528EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/26 12:0 a.m.22 views

WordPress Elementor Website Builder Plugin <= 3.20.2 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.20.2 Fixed in 3.20.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2117 Patch priority Low CVSS severity Low 6.4 Developer Elementor PSID 13b41799a0e4 Credits Webbernaut Require...

6.4CVSS5.7AI score0.00462EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/14 12:0 a.m.22 views

WordPress EventPrime Plugin <= 3.4.1 is vulnerable to Broken Access Control

Software EventPrime Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1126 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f1030a0eaeb5 Credits Lucio Sá Required privilege...

5.3CVSS6.5AI score0.00444EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2024/02/27 12:0 a.m.22 views

WordPress JobSearch Plugin < 2.3.4 is vulnerable to Remote Code Execution (RCE)

Software JobSearch Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6585 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 637575b94b70 Credits Furkan Gedik Required privilege Published 27...

7.5CVSS7.2AI score0.00602EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/01/30 12:0 a.m.22 views

WordPress WP GDPR Compliance Plugin <= 2.0.22 is vulnerable to Broken Access Control

Software WP GDPR Compliance Type Plugin Vulnerable versions = 2.0.22 Fixed in 2.0.23 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6700 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6a981b3b2d5a Credits Lucio Sá Required...

8.8CVSS6.4AI score0.0147EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2024/01/19 12:0 a.m.22 views

WordPress GiveWP Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Software GiveWP Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51415 Patch priority Low CVSS severity Low 6.5 Developer Liquid Web / StellarWP PSID 65d3f45445d5 Credits LVT-tholv2k Required privilege Contribut...

6.5CVSS6.5AI score0.00332EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/01/10 12:0 a.m.22 views

WordPress Post SMTP Plugin <= 2.8.7 is vulnerable to Broken Authentication

Software Post SMTP Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2023-6875 Patch priority High CVSS severity High 9.8 Developer WPExperts PSID abf9b2b72d3f Credits Ulyses Saicha Required privilege Unauthenticat...

9.8CVSS6.3AI score0.90339EPSS
Exploits6References3Affected Software1
Patchstack
Patchstack
added 2024/01/03 12:0 a.m.22 views

WordPress LearnPress Plugin <= 4.2.5.7 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.2.5.7 Fixed in 4.2.5.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6567 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9380e4991dc4 Credits hir0ot Required privilege Unauthenticated Publish...

9.8CVSS6.7AI score0.51394EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/12/29 12:0 a.m.22 views

WordPress Auto Amazon Links Plugin <= 5.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Auto Amazon Links Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52175 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f072a5fa406e Credits Nguyen Anh Tien Required privilege...

6.5CVSS6.5AI score0.00337EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/12/13 12:0 a.m.22 views

WordPress CAOS | Host Google Analytics Locally Plugin <= 4.7.14 is vulnerable to Broken Access Control

Software CAOS | Host Google Analytics Locally Type Plugin Vulnerable versions = 4.7.14 Fixed in 4.7.15 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6637 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 62929a294e3e Credits...

6.5CVSS6.5AI score0.00542EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/12/05 12:0 a.m.22 views

WordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE)

Software Astra Pro Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-49830 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 4758946ebae8 Credits Rafie Muhammad Patchstack Required...

9.9CVSS7.2AI score0.00661EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.22 views

WordPress JetWooBuilder Plugin <= 2.1.7.2 is vulnerable to Broken Access Control

Software JetWooBuilder Type Plugin Vulnerable versions = 2.1.7.2 Fixed in 2.1.7.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID 8b8b6528e3fb Credits Rafie Muhammad Patchstack...

9.8CVSS9.3AI score0.00445EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.22 views

WordPress JetBlocks For Elementor Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Software JetBlocks For Elementor Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48756 Patch priority Medium CVSS severity Medium 7.1 Developer Crocoblock PSID 64c07c24a704 Credits Rafie Muhammad Patchstack...

7.1CVSS6.8AI score0.00412EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000