Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2023/11/28 12:0 a.m.22 views

WordPress JetWooBuilder Plugin <= 2.1.7.2 is vulnerable to Broken Access Control

Software JetWooBuilder Type Plugin Vulnerable versions = 2.1.7.2 Fixed in 2.1.7.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID 8b8b6528e3fb Credits Rafie Muhammad Patchstack...

9.8CVSS9.3AI score0.00445EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.22 views

WordPress JetBlocks For Elementor Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Software JetBlocks For Elementor Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48756 Patch priority Medium CVSS severity Medium 7.1 Developer Crocoblock PSID 64c07c24a704 Credits Rafie Muhammad Patchstack...

7.1CVSS6.8AI score0.00412EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.22 views

WordPress Bravo Translate Plugin <= 1.2 is vulnerable to SQL Injection

Software Bravo Translate Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49161 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 9e3d902f085a Credits Arvandy Required privilege Administrator Published 28...

9.1CVSS6.8AI score0.00605EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/11/23 12:0 a.m.22 views

WordPress BackWPup Plugin <= 4.0.1 is vulnerable to Path Traversal

Software BackWPup Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5504 Patch priority Low CVSS severity Low 8.7 Developer Claim ownership PSID 40bd5e9852bb Credits Marco Wotschka Required privilege Administrator Publishe...

8.7CVSS7.2AI score0.00926EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/11/20 12:0 a.m.22 views

WordPress wpForo Forum Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Software wpForo Forum Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47872 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID da62b115c79c Credits Jesse McNeil Required privilege...

6.5CVSS6.8AI score0.00377EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/11/15 12:0 a.m.22 views

WordPress Elementor Addon Elements Plugin <= 1.12.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.12.7 Fixed in 1.12.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4690 Patch priority Low CVSS severity Low 4.3 Developer WPVibes PSID 4fc8bb67050e Credits WordFence Require...

5.4CVSS6.6AI score0.00298EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/11/15 12:0 a.m.22 views

WordPress WooCommerce Plugin <= 8.1.1 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Type Plugin Vulnerable versions = 8.1.1 Fixed in 8.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47777 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e2ced8676b54 Credits Rafie Muhammad Patchstack Required privile...

6.5CVSS6.5AI score0.00697EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2023/11/14 12:0 a.m.22 views

WordPress EWWW Image Optimizer Plugin <= 7.2.0 is vulnerable to Sensitive Data Exposure

Software EWWW Image Optimizer Type Plugin Vulnerable versions = 7.2.0 Fixed in 7.2.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-40600 Patch priority Medium CVSS severity Medium 5.3 Developer Exactly WWW LLC PSID e83c448240a2 Credits Mika Required...

7.5CVSS6.4AI score0.02036EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2023/10/19 12:0 a.m.22 views

WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.0 is vulnerable to SQL Injection

Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5336 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 25ea3eb9ee79 Credits István Márton Require...

8.8CVSS6.8AI score0.00618EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/10/17 12:0 a.m.22 views

WordPress NextGEN Gallery Plugin < 3.39 is vulnerable to PHP Object Injection

Software NextGEN Gallery Type Plugin Vulnerable versions 3.39 Fixed in 3.39 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-3154 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 2db7a0c70c48 Credits Linwz from DEVCORE Required privilege...

7.5CVSS6.8AI score0.00701EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/10/12 12:0 a.m.22 views

WordPress Simple Tweet Plugin <= 1.4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Tweet Type Plugin Vulnerable versions = 1.4.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45767 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3b30792fe2d1 Credits Rio Darmawan Required...

5.9CVSS5.7AI score0.00409EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/09/27 12:0 a.m.22 views

WordPress WP Job Openings Plugin <= 3.4.2 is vulnerable to Sensitive Data Exposure

Software WP Job Openings Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.4.3 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-4933 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 654671e3575f Credits Dmitrii Ignatyev Require...

5.3CVSS6.9AI score0.00541EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/09/26 12:0 a.m.22 views

WordPress ActivityPub Plugin < 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software ActivityPub Type Plugin Vulnerable versions 1.0.1 Fixed in 1.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3746 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4e185588c9f2 Credits Ben Bidner Required privilege...

5.4CVSS6AI score0.00403EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/09/13 12:0 a.m.22 views

WordPress File Manager Pro Plugin < 1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Pro Type Plugin Vulnerable versions 1.8 Fixed in 1.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4827 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID f857273165df Credits Dmitrii Ignatyev Required...

8.8CVSS7AI score0.06838EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.22 views

WordPress Flatsome Theme <= 3.17.5 is vulnerable to PHP Object Injection

Software Flatsome Type Theme Vulnerable versions = 3.17.5 Fixed in 3.17.6 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-40555 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 0472344ea36e Credits Rafie Muhammad Patchstack Required privilege...

9.8CVSS7.2AI score0.0049EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/08/17 12:0 a.m.22 views

WordPress tagDiv Composer Plugin < 4.2 is vulnerable to Cross Site Scripting (XSS)

Software tagDiv Composer Type Plugin Vulnerable versions 4.2 Fixed in 4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3169 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 070584615152 Credits Truoc Phan Required privileg...

6.1CVSS5.7AI score0.01595EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/07/24 12:0 a.m.22 views

WordPress LWS Affiliation Plugin <= 2.2.6 is vulnerable to Local File Inclusion

Software LWS Affiliation Type Plugin Vulnerable versions = 2.2.6 Fixed in 2.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-32297 Patch priority High CVSS severity High 9 Developer Claim ownership PSID f62752ba5867 Credits Jonas Höbenreich Required privilege...

9CVSS6.7AI score0.0063EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.22 views

WordPress WordLive Livecall Addon for Woocommerce Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software WordLive Livecall Addon for Woocommerce Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 59aa5946d146 Credits Rafie...

6.3AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.22 views

WordPress Afterpay Gateway for WooCommerce Plugin < 1.12.4 is vulnerable to SQL Injection

Software Afterpay Gateway for WooCommerce Type Plugin Vulnerable versions 1.12.4 Fixed in 1.12.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2744 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID d0e7ba2b77fa Credits Arvandy Required privilege...

7.2CVSS6.8AI score0.02632EPSS
Exploits5References4Affected Software1
Patchstack
Patchstack
added 2023/06/07 12:0 a.m.22 views

WordPress Getwid – Gutenberg Blocks Plugin <= 1.8.3 is vulnerable to Server Side Request Forgery (SSRF)

Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-1895 Patch priority Medium CVSS severity Medium 5 Developer Claim ownership PSID 688f43f1f9c1 Credits Ramuel Gall...

9.6CVSS6.8AI score0.00606EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/05/30 12:0 a.m.22 views

WordPress Quick/Bulk Order Form for WooCommerce Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Quick/Bulk Order Form for WooCommerce Type Plugin Vulnerable versions = 3.5.7 Fixed in 3.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34170 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2b935e525166 Credits...

5.9CVSS5.8AI score0.00369EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/26 12:0 a.m.22 views

WordPress QuBotChat Plugin < 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software QuBotChat Type Plugin Vulnerable versions 1.1.6 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2401 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 10e03bd32db6 Credits Bob Matyas Required privilege...

4.8CVSS6AI score0.00442EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/05/25 12:0 a.m.22 views

WordPress MStore API Plugin <= 3.9.2 is vulnerable to Broken Authentication

Software MStore API Type Plugin Vulnerable versions = 3.9.2 Fixed in 3.9.3 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2732 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9a2f0204ce39 Credits Lana Codes Required privilege...

9.8CVSS6.4AI score0.67511EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/05/11 12:0 a.m.22 views

WordPress Login Rebuilder Plugin < 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Login Rebuilder Type Plugin Vulnerable versions 2.8.1 Fixed in 2.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2223 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b98403680c8c Credits Taurus Omar Required...

4.8CVSS5.7AI score0.00552EPSS
Exploits3References4Affected Software1
Patchstack
Patchstack
added 2023/04/24 12:0 a.m.22 views

WordPress Rating Widget Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Rating Widget Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23831 Patch priority Low CVSS severity Low 6.5 Developer Rating-Widget PSID c69402dd8b41 Credits István Márton Required...

6.5CVSS6AI score0.00361EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/30 12:0 a.m.22 views

WordPress Configurable Tag Cloud Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Configurable Tag Cloud Type Plugin Vulnerable versions = 5.2 Fixed in 5.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28995 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ee8fb82c39fa Credits Abdi Pranata...

8.8CVSS6.6AI score0.00303EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/28 12:0 a.m.22 views

WordPress real-estate-pro Plugin < 1.7.1 is vulnerable to Privilege Escalation

Software real-estate-pro Type Plugin Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a8f610e7b2fc Credits Omar Badran Required privilege...

8.8CVSS6.4AI score0.00905EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.22 views

WordPress WP Mail Logging Plugin <= 1.10.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Mail Logging Type Plugin Vulnerable versions = 1.10.5 Fixed in 1.11.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8badb5d1d476 Credits István Márton...

5.8AI score0.00113EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.22 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0726 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b813357081c1 Credits Marco Wotschka...

5.4CVSS6.9AI score0.00308EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.22 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0715 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bf9e7164b8aa Credits Marco Wotschka Requir...

5.4CVSS6.5AI score0.00576EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/01/24 12:0 a.m.22 views

WordPress Intuitive Custom Post Order Plugin <= 3.1.3 is vulnerable to Broken Access Control

Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4385 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 582d2859794c Credits Yuya Kotake...

4.3CVSS6.4AI score0.00486EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.22 views

WordPress Pinpoint Booking System Plugin < 2.9.9.2.9 is vulnerable to SQL Injection

Software Pinpoint Booking System Type Plugin Vulnerable versions 2.9.9.2.9 Fixed in 2.9.9.2.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0220 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7276b0492738 Credits István Márton Required privilege...

8.8CVSS6.8AI score0.00937EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.22 views

WordPress Image Hover Effects For WPBakery Page Builder Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Software Image Hover Effects For WPBakery Page Builder Type Plugin Vulnerable versions = 4.0 Fixed in 5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23681 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2843dca604e1 Credi...

6.5CVSS6AI score0.00383EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/12/29 12:0 a.m.22 views

WordPress spikes Theme < 10 is vulnerable to Arbitrary File Upload

Software spikes Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a62ccba33719 Credits Joshua Small Required privilege...

9.8CVSS9.3AI score0.02084EPSS
Exploits12References2Affected Software1
Patchstack
Patchstack
added 2022/11/23 12:0 a.m.22 views

WordPress Smart Slider 3 <= 3.5.1.9 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Vlad Vector Patchstack in the WordPress Smart Slider 3 versions = 3.5.1.9. Solution Update the WordPress Smart Slider 3 plugin to the latest available version at least 3.5.1.11...

2AI score0.00383EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/21 12:0 a.m.22 views

WordPress Directorist plugin <= 7.4.2.1 - Auth. Insecure Direct Object References (IDOR) vulnerability

Auth. Insecure Direct Object References IDOR vulnerability leading to arbitrary user password update discovered by cydave in the WordPress Directorist plugin versions = 7.4.2.1. Solution Update the WordPress Directorist plugin to the latest available version at least 7.4.2.2...

3.5AI score0.00606EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/15 12:0 a.m.22 views

WordPress Super Testimonial Pro premium plugin < 1.0.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Super Testimonial Pro premium plugin versions 1.0.8. Solution Update the WordPress Super Testimonial Pro plugin to the latest available version at least 1.0.8...

4.8CVSS3AI score0.00501EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/11/10 12:0 a.m.22 views

WordPress S2W – Import Shopify to WooCommerce plugin <= 1.1.12 - Auth. Arbitrary File Read vulnerability

Auth. Arbitrary File Read vulnerability discovered by Tomasz Staszyszyn Patchstack Alliance in WordPress S2W – Import Shopify to WooCommerce plugin versions = 1.1.12. Solution Update the WordPress S2W – Import Shopify to WooCommerce plugin to the latest available version at least 1.1.13...

4.9CVSS4.1AI score0.00676EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/09 12:0 a.m.22 views

WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Dave Jong Patchstack in WordPress WPML Multilingual CMS premium plugin versions = 4.5.13 Solution Update the WordPress Multilingual CMS plugin to the latest available version at least 4.5.14...

8.8CVSS3.5AI score0.00298EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/09 12:0 a.m.22 views

WordPress Asgaros Forum plugin <= 2.1.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Dhakal Ananda Patchstack Alliance in the WordPress Asgaros Forum plugin versions = 2.1.0. Solution No patched version is available. No reply from the vendor...

4.4AI score0.00264EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/07 12:0 a.m.22 views

WordPress Checkout Field Editor for WooCommerce plugin <= 1.7.2 - Auth PHP Object Injection vulnerability

Auth PHP Object Injection vulnerability discovered by Nguyen Duy Quoc Khanh in WordPress Checkout Field Editor for WooCommerce plugin versions = 1.7.2. Solution Update the WordPress Checkout Field Editor Checkout Manager for WooCommerce plugin to the latest available version at least 1.8.0...

3AI score0.01141EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/02 12:0 a.m.22 views

WordPress Download Plugin plugin <= 1.6.2 - Auth. Broken Access Control vulnerability

Auth. Broken Access Control vulnerability discovered by apple502j in WordPress Download Plugin plugin versions = 1.6.2. Solution Update the WordPress Download Plugin plugin to the latest available version at least 2.0.0...

4.3AI score0.00633EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/11/01 12:0 a.m.22 views

WordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Download vulnerability

Unauth. Arbitrary File Download vulnerability discovered by Dave Jong Patchstack in the WordPress WatchTowerHQ plugin versions = 3.6.15. Solution Update the WordPress WatchTowerHQ plugin to the latest available version at least 3.6.16...

7.5CVSS3.4AI score0.007EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.22 views

WordPress Restaurant Menu plugin <= 2.3.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence in WordPress Restaurant Menu plugin versions = 2.3.1. Solution Update the WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin to the latest available version at least 2.3.2...

8.8CVSS3.4AI score0.00482EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.22 views

WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Autoblogging Removal discovered by Muhammad Daffa Patchstack Alliance in the WordPress Content Egg plugin versions = 5.4.0. Solution Update the WordPress Content Egg plugin to the latest available version at least 5.5.0...

8.8CVSS4.3AI score0.00284EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/28 12:0 a.m.22 views

WordPress Slideshow SE plugin <= 2.5.5 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress Slideshow SE plugin versions = 2.5.5. Solution Deactivate and delete. This plugin has been closed as of October 7, 2022 and is not available for download. This closure is temporary, pendi...

3.2AI score0.00405EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/28 12:0 a.m.22 views

WordPress Slideshow SE plugin <= 2.5.5 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress Slideshow SE plugin versions = 2.5.5. Solution Deactivate and delete. This plugin has been closed as of October 7, 2022 and is not available for download. This closure is temporary, pendi...

3.2AI score0.0038EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/28 12:0 a.m.22 views

WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by Dave Jong Patchstack in the WordPress Api2Cart Bridge Connector plugin versions = 1.1.0. Solution Update the WordPress Api2Cart Bridge Connector plugin to the latest available version at least 1.2.0...

10CVSS4.9AI score0.0106EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/27 12:0 a.m.22 views

WordPress Bricks Builder premium theme <= 1.5.3 - Auth. Arbitrary Post/Page Edition vulnerability

Auth. Arbitrary Post/Page Edition vulnerability discovered by RG in WordPress Bricks Builder premium theme versions = 1.5.3. Solution Update the WordPress Bricks Builder theme to the latest available version at least 1.5.4...

6.5CVSS3.3AI score0.00618EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/10/24 12:0 a.m.22 views

WordPress IP Blacklist Cloud plugin <= 5.00 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mika Patchstack in WordPress IP Blacklist Cloud plugin versions = 5.00. Solution Deactivate and delete. This plugin has been closed as of September 28, 2022 and is not available for download. This closure is temporary, pending a fu...

2.3AI score0.00392EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000