Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2022/10/20 12:0 a.m.22 views

WordPress Advanced Order Export For WooCommerce plugin <= 3.3.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to export file download discovered by Lana Codes Patchstack Alliance in WordPress Advanced Order Export For WooCommerce plugin versions = 3.3.2. Solution Update the WordPress Advanced Order Export For WooCommerce plugin to the latest available...

6.5CVSS3.2AI score0.00313EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/19 12:0 a.m.22 views

WordPress ImageMagick Engine plugin <= 1.7.6 - Auth. Remote Code Execution (RCE) vulnerability

Auth. Remote Code Execution RCE vulnerability discovered by ABDO10 in WordPress ImageMagick Engine plugin versions = 1.7.6. Solution No patched version is available. Version 1.7.6 only added a nonce token to fix the CSRF vulnerability...

4.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/10/13 12:0 a.m.22 views

WordPress Highlight Focus plugin <= 1.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mariam Tariq in the WordPress Highlight Focus plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of October 12, 2022 and is not available for download. This closure is temporary, pending a full...

4.8CVSS1.3AI score0.00532EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/12 12:0 a.m.22 views

WordPress AB Press Optimizer plugin <= 1.1.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress AB Press Optimizer plugin versions = 1.1.1. Solution No patched version is available. No reply from the vendor...

4.8CVSS2.9AI score0.00396EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/10 12:0 a.m.22 views

WordPress AWP Classifieds plugin <= 4.2.1 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress AWP Classifieds plugin versions = 4.2.1. Solution Update the WordPress AWP Classifieds plugin to the latest available version at least 4.3...

9.8CVSS3.2AI score0.05103EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/10 12:0 a.m.22 views

WordPress Newspaper premium theme <= 11.5.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ramon Dunker in WordPress Newspaper premium theme versions = 11.5.1. Solution Update the WordPress Newspaper theme to the latest available version at least 12...

6.1CVSS2.3AI score0.00969EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/03 12:0 a.m.22 views

WordPress Blog2Social plugin <= 6.9.9 - Authenticated Server-Side Request Forgery (SSRF) vulnerability

Authenticated Server-Side Request Forgery SSRF vulnerability discovered by Sakri Rafael Koskimies in WordPress Blog2Social plugin versions = 6.9.9. Solution Update the WordPress Blog2Social plugin to the latest available version at least 6.9.10...

6.5CVSS3.6AI score0.0066EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/03 12:0 a.m.22 views

WordPress Post to CSV by BestWebSoft plugin <= 1.4.0 - Authenticated CSV Injection vulnerability

Authenticated CSV Injection vulnerability discovered by Francesco Carlucci in WordPress Post to CSV by BestWebSoft plugin versions = 1.4.0. Solution Deactivate and delete. This plugin has been closed as of September 28, 2022 and is not available for download. This closure is temporary, pending a...

9.8CVSS2.5AI score0.01279EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/30 12:0 a.m.22 views

WordPress LBStopAttack plugin <= 1.1.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Settings Update discovered by Daniel Ruf in WordPress LBStopAttack plugin versions = 1.1.2. Solution Update the WordPress LBstopattack plugin to the latest available version at least 1.1.3...

6.5CVSS3.9AI score0.00346EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/28 12:0 a.m.22 views

WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguyen Van Khanh Patchstack Alliance WordPress Asset CleanUp: Page Speed Booster plugin versions = 1.3.8.4 Solution Update the WordPress Asset CleanUp: Page Speed Booster plugin to the latest available version at least...

4.8CVSS2AI score0.00442EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/28 12:0 a.m.22 views

WordPress iQ Block Country plugin <= 1.2.18 - Block BYPASS vulnerability

Block BYPASS vulnerability was discovered by Brandon Roldan Patchstack Alliance in the WordPress iQ Block Country plugin versions = 1.2.18. Solution Update the WordPress iQ Block Country plugin to the latest available version at least 1.2.19...

9.8CVSS3.5AI score0.00664EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/19 12:0 a.m.22 views

WordPress reSmush.it Image Optimizer plugin <= 0.4.5 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress reSmush.it Image Optimizer plugin versions = 0.4.5. Solution Update the WordPress reSmush.it plugin to the latest available version at least 0.4.6...

4.8CVSS1.3AI score0.00506EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/14 12:0 a.m.22 views

WordPress Woo Billingo Plus plugin <= 4.4.5.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Codes in the WordPress Woo Billingo Plus plugin versions = 4.4.5.3. Solution Update the WordPress Woo Billingo Plus plugin to the latest available version at least 4.4.5.4...

7.1CVSS2.8AI score0.00337EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/11 12:0 a.m.22 views

WordPress RD Station plugin <= 5.2.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Rasi Afeef Patchstack Alliance in the WordPress RD Station plugin versions = 5.2.0. Solution Update the WordPress RD Station plugin to the latest available version at least 5.2.1...

8.8CVSS3.8AI score0.00271EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/08 12:0 a.m.22 views

WordPress Contact Form By Mega Forms plugin <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Contact Form By Mega Forms plugin versions = 1.2.4. Solution Update the WordPress Contact Form By Mega Forms – Drag and Drop Form Builder plugin to the latest available version at...

5.4CVSS2.9AI score0.00438EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/02 12:0 a.m.22 views

WordPress Torro Forms plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Torro Forms plugin versions = 1.0.16. Solution Deactivate and delete. No reply from the vendor...

5.4CVSS2.8AI score0.00438EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/01 12:0 a.m.22 views

WordPress Word Search Puzzles game plugin <= 2.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Word Search Puzzles game plugin versions = 2.0.1. Solution Deactivate and delete. No reply from the vendor...

4.8CVSS2.7AI score0.00437EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/29 12:0 a.m.22 views

WordPress Site Offline plugin <= 1.4.9 - Access Bypass vulnerability

Access Bypass vulnerability discovered by Daniel Ruf in WordPress Site Offline plugin versions = 1.4.9. Solution Update the WordPress Site Offline plugin to the latest available version at least 1.5.3...

4.3CVSS3.5AI score0.01299EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/25 12:0 a.m.22 views

WordPress SEO Scout plugin <= 0.9.83 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by ptsfence Patchstack Alliance in WordPress SEO Scout plugin versions = 0.9.83. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This...

5.4CVSS3.4AI score0.00249EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/23 12:0 a.m.22 views

WordPress Float to Top Button plugin <= 2.3.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Float to Top Button plugin versions = 2.3.6. Solution Deactivate and delete. This plugin has been closed as of August 15, 2022 and is not available for download. This closure is temporary,...

4.8CVSS1.9AI score0.00494EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/22 12:0 a.m.22 views

WordPress WP Server Health Stats plugin <= 1.6.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress WP Server Health Stats plugin versions = 1.6.10. Solution Update the WordPress WP Server Health Stats plugin to the latest available version at least 1.7.0...

4.8CVSS1.3AI score0.00538EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/22 12:0 a.m.22 views

WordPress Video Gallery plugin <= 1.3.4.5 - Broken Authentication

Broken Authentication leading to cache delete discovered by Muhammad Daffa Patchstck Alliance in WordPress Video Gallery plugin versions = 1.3.4.5. Solution Update the WordPress Video Gallery plugin to the latest available version at least 1.3.5...

9.8CVSS4.1AI score0.00611EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/10 12:0 a.m.22 views

WordPress Best Payments Plugin for WP plugin <= 4.2.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rafshanzani Suhada in WordPress Best Payments Plugin for WP plugin versions = 4.2.0. Solution Update the WordPress Best Payments Plugin for WP plugin to the latest available version at least 4.2.1...

7.2CVSS1.8AI score0.00568EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/08 12:0 a.m.22 views

WordPress JoomSport plugin <= 5.2.5 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Salim Al-Wahaibi in WordPress JoomSport plugin versions = 5.2.5. Solution Update the WordPress JoomSport plugin to the latest available version at least 5.2.6...

7.2CVSS2.8AI score0.01105EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/08/02 12:0 a.m.22 views

WordPress My Calendar plugin <= 3.3.16 - Unauthenticated Open Redirect vulnerability

Unauthenticated Open Redirect vulnerability discovered by Dan Kegel in WordPress My Calendar plugin versions = 3.3.16. Solution Update the WordPress My Calendar plugin to the latest available version at least 3.3.17...

3.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/08/01 12:0 a.m.22 views

WordPress Social Slider Feed plugin <= 2.0.4 - Authenticated Arbitrary API Key Update vulnerability leading to Stored Cross-Site Scripting (XSS)

Authenticated Arbitrary API Key Update vulnerability leading to Stored Cross-Site Scripting XSS discovered by WPScan in WordPress Social Slider Feed plugin versions = 2.0.4. Solution Update the WordPress Social Slider Feed plugin to the latest available version at least 2.0.5...

3.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/07/29 12:0 a.m.22 views

WordPress ЮKassa для WooCommerce plugin <= 2.3.0 - Authenticated Arbitrary Settings Update vulnerability

Authenticated Arbitrary Settings Update vulnerability discovered by ptsfence Patchstack Alliance in WordPress ЮKassa для WooCommerce plugin versions = 2.3.0. Solution Update the WordPress ЮKassa для WooCommerce plugin to the latest available version at least 2.3.1...

8.8CVSS4.4AI score0.00851EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/07/25 12:0 a.m.22 views

WordPress Simple Banner plugin <= 2.11.0 – Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Simple Banner plugin versions = 2.11.0. Solution Update the WordPress Simple Banner plugin to the latest available version at least 2.12.0...

6.4CVSS1.8AI score0.00757EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/07/18 12:0 a.m.22 views

WordPress YaySMTP plugin <= 2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rafshanzani Suhada in WordPress YaySMTP plugin versions = 2.2. Solution Update the WordPress YaySMTP plugin to the latest available version at least 2.2.1...

5.4CVSS1.9AI score0.00495EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/14 12:0 a.m.22 views

WordPress WP Comments Fields plugin <= 4.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rafshanzani Suhada in WordPress WP Comments Fields plugin versions = 4.0. Solution Update the WordPress WordPress Comments Fields plugin to the latest available version at least 4.1...

4.8CVSS2.1AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/11 12:0 a.m.22 views

WordPress GiveWP plugin <= 2.21.2 - DoS via Cross-Site Request Forgery (CSRF) vulnerability

DoS via Cross-Site Request Forgery CSRF vulnerability discovered by Raad Haddad in WordPress GiveWP plugin versions = 2.21.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.3...

6.5CVSS2.8AI score0.00375EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/11 12:0 a.m.22 views

WordPress Project Source Code Download plugin <= 1.0.0 - Unauthenticated Backup Download vulnerability

Unauthenticated Backup Download vulnerability discovered by Daniel Ruf in WordPress Project Source Code Download plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of May 4, 2022 and is not available for download. Reason: Security Issue...

7.5CVSS3.3AI score0.00885EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/07/05 12:0 a.m.22 views

WordPress FreeMind WP Browser <= 1.2 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by Kenya Uematsu in WordPress FreeMind WP Browser versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of June 30, 2022 and is not available for download. This closure is...

6.1CVSS2.2AI score0.00893EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/07/04 12:0 a.m.22 views

WordPress Ivory Search plugin <= 5.4.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Ivory Search plugin versions = 5.4.6. Solution Update the WordPress Ivory Search plugin to the latest available version at least 5.4.7...

1.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/06/20 12:0 a.m.22 views

WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 2.15.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress WooCommerce PDF Invoices & Packing Slips plugin versions = 2.15.0. Solution Update the WordPress WooCommerce PDF Invoices & Packing Slips plugin to the latest available version at lea...

6.1CVSS2.5AI score0.0068EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/10 12:0 a.m.22 views

WordPress Ninja Forms plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Adel in WordPress Ninja Forms plugin versions = 3.6.9. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.10...

4.8CVSS2.1AI score0.00552EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/05/31 12:0 a.m.22 views

WordPress Rotating Posts plugin <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability

Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Rotating Posts plugin versions = 1.11. Solution Deactivate and delete. This plugin has been closed as of May 24, 2022 and is not available for download. This closure is temporary, pending a full...

4.3CVSS3.8AI score0.00412EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/05/30 12:0 a.m.22 views

WordPress WPlite plugin <= 1.3.1 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress WPlite plugin versions = 1.3.1. Solution Deactivate and delete. This plugin has been closed as of May 23, 2022 and is not available for download. This closure is temporary, pending a...

6.5CVSS4.1AI score0.00393EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2022/05/30 12:0 a.m.22 views

WordPress Print, PDF, Email by PrintFriendly plugin <= 5.2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhamad Hidayat Solution Update the WordPress Print, PDF, Email by PrintFriendly plugin to the latest available version at least 5.2.3...

4.8CVSS1.6AI score0.00552EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/05/26 12:0 a.m.22 views

WordPress Custom Share Buttons with Floating Sidebar plugin <= 4.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Custom Share Buttons with Floating Sidebar plugin versions = 4.1. Solution Update the WordPress Custom Share Buttons with Floating Sidebar plugin to the latest available version at least 4.2...

4.8CVSS2AI score0.00552EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/05/23 12:0 a.m.22 views

WordPress WP Admin Style plugin <= 0.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Kishore Hariram in WordPress WP Admin Style plugin versions = 0.1.2. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary, pending a ful...

4.8CVSS1AI score0.00565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/16 12:0 a.m.22 views

WordPress WP Born Babies plugin <= 1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Wejdan Alomari in WordPress WP Born Babies plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of April 27, 2022 and is not available for download. This closure is temporary, pending a full...

5.4CVSS2.1AI score0.00571EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/16 12:0 a.m.22 views

WordPress Popup Box plugin <= 2.1.2 - Authenticated Local File Inclusion (LFI) vulnerability

Authenticated Local File Inclusion LFI vulnerability discovered by 0xB9 Patchstack Alliance in WordPress Popup Box plugin versions = 2.1.2. Solution Update the WordPress Popup Box plugin to the latest available version at least 2.2...

7.2CVSS3AI score0.01EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/05/11 12:0 a.m.22 views

WordPress WooCommerce Green Wallet Gateway plugin <= 1.0.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by goodguyandy in WordPress WooCommerce Green Wallet Gateway plugin versions = 1.0.1. Solution Update the WordPress WooCommerce Green Wallet Gateway plugin to the latest available version at least 1.0.2...

6.1CVSS2.6AI score0.00757EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/26 12:0 a.m.22 views

WordPress Donate Extra plugin <= 2.02 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Donate Extra plugin versions = 2.02. Solution Deactivate and delete. This plugin has been closed as of April 7, 2022 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3.3AI score0.00757EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/19 12:0 a.m.22 views

WordPress MapSVG premium plugin <= 6.2.19 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Brandon James Roldan in WordPress MapSVG premium plugin versions = 6.2.19. Solution Update the WordPress MapSVG premium plugin to the latest available version at least 6.2.20...

9.8CVSS2.8AI score0.09651EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/19 12:0 a.m.22 views

WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin <= 1.5.13 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ankur Bakre in WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin versions = 1.5.13. Solution Update the WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin to the latest available version at least...

4.8CVSS1AI score0.00565EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/04/15 12:0 a.m.22 views

WordPress Simple Ajax Chat plugin <= 20220115 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered by Ex.Mi Patchstack in WordPress Simple Ajax Chat plugin versions = 20220115. Solution Update the WordPress Simple Ajax Chat plugin to the latest available version at least 20220216...

7.5CVSS2.6AI score0.04619EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/13 12:0 a.m.22 views

WordPress Easily Generate Rest API Url plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by websafe2021 in WordPress Easily Generate Rest API Url plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of 29 March 2022 and is not available for download. This closure is temporary, pending a full...

4.8CVSS2.1AI score0.00565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/13 12:0 a.m.22 views

WordPress WP Social Buttons plugin <= 2.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Niraj Mahajan in WordPress WP Social Buttons plugin versions = 2.1. Solution Deactivate and delete. This plugin has been closed as of March 22, 2022 and is not available for download. This closure is temporary, pending a full review...

4.8CVSS2.8AI score0.00565EPSS
Exploits2References3Affected Software1
Total number of security vulnerabilities5000