Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2022/04/19 12:0 a.m.22 views

WordPress MapSVG premium plugin <= 6.2.19 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Brandon James Roldan in WordPress MapSVG premium plugin versions = 6.2.19. Solution Update the WordPress MapSVG premium plugin to the latest available version at least 6.2.20...

9.8CVSS2.8AI score0.09651EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/19 12:0 a.m.22 views

WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin <= 1.5.13 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ankur Bakre in WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin versions = 1.5.13. Solution Update the WordPress Bulk Edit and Create User Profiles – WP Sheet Editor plugin to the latest available version at least...

4.8CVSS1AI score0.00565EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/04/15 12:0 a.m.22 views

WordPress Simple Ajax Chat plugin <= 20220115 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered by Ex.Mi Patchstack in WordPress Simple Ajax Chat plugin versions = 20220115. Solution Update the WordPress Simple Ajax Chat plugin to the latest available version at least 20220216...

7.5CVSS2.6AI score0.04619EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/13 12:0 a.m.22 views

WordPress Easily Generate Rest API Url plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by websafe2021 in WordPress Easily Generate Rest API Url plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of 29 March 2022 and is not available for download. This closure is temporary, pending a full...

4.8CVSS2.1AI score0.00565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/13 12:0 a.m.22 views

WordPress WP Social Buttons plugin <= 2.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Niraj Mahajan in WordPress WP Social Buttons plugin versions = 2.1. Solution Deactivate and delete. This plugin has been closed as of March 22, 2022 and is not available for download. This closure is temporary, pending a full review...

4.8CVSS2.8AI score0.00565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/28 12:0 a.m.22 views

WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.20.95 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Anti-Malware Security and Brute-Force Firewall plugin versions = 4.20.95. Solution Update the WordPress Anti-Malware Security and Brute-Force Firewall plugin to the latest available version at least 4.20.96...

6.1CVSS2.1AI score0.02665EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2022/03/21 12:0 a.m.22 views

WordPress Export All URLs plugin <= 4.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Export All URLs plugin versions = 4.1. Solution Update the WordPress Export All URLs plugin to the latest available version at least 4.2...

6.1CVSS1.8AI score0.00788EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.22 views

WordPress Download Woocommerce Category Banner Management plugin <= 2.2.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Download Woocommerce Category Banner Management plugin versions = 2.2.2. Solution Update the WordPress Download Woocommerce Category Banner Management plugin to the latest available version at least 2.2.3...

3.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.22 views

WordPress Premmerce Product Filter for WooCommerce plugin <= 3.6.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Premmerce Product Filter for WooCommerce plugin versions = 3.6.1. Solution Update the WordPress Premmerce Product Filter for WooCommerce plugin to the latest available version at least 3.6.2...

2.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.22 views

WordPress Dreamfox Media Payment gateway per Product for Woocommerce plugin < 3.1.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Dreamfox Media Payment gateway per Product for Woocommerce plugin versions 3.1.6. Solution Update the WordPress Dreamfox Media Payment gateway per Product for Woocommerce plugin to the latest available version at least 3.1.6...

3.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.22 views

WordPress WoowGallery – image gallery / content gallery / ecommerce gallery / social gallery / video gallery / album photo gallery plugin <= 1.1.8 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WoowGallery – image gallery / content gallery / ecommerce gallery / social gallery / video gallery / album photo gallery plugin versions = 1.1.8. Solution Update the WordPress WoowGallery – image gallery / content gallery /...

4.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.22 views

WordPress Checkout with Zelle on Woocommerce plugin <= 1.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Checkout with Zelle on Woocommerce plugin versions = 1.0. Solution Update the WordPress Checkout with Zelle on Woocommerce plugin to the latest available version at least 2.0...

2.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.22 views

WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps plugin <= 1.2.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps plugin versions = 1.2.1. Solution Update the WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps plugin to the latest...

2.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.22 views

WordPress Genealogical Tree – WordPress Family Tree plugin <= 2.1.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Genealogical Tree – WordPress Family Tree plugin versions = 2.1.4. Solution Update the WordPress Genealogical Tree – WordPress Family Tree plugin to the latest available version at least 2.1.5...

2.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.22 views

WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin <= 4.2.37 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin versions = 4.2.37. Solution Update the WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more...

3.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/25 12:0 a.m.22 views

WordPress Simple Membership plugin <= 4.0.9 - Arbitrary Transaction Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Transaction Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Muhamad Hidayat in WordPress Simple Membership plugin versions = 4.0.9. Solution Update the WordPress Simple Membership plugin to the latest available version at least 4.1.0...

6.5CVSS2.3AI score0.00523EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/23 12:0 a.m.22 views

WordPress Amelia plugin <= 1.0.45 - Arbitrary Customer Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Customer Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Muhamad Hidayat in WordPress Amelia plugin versions = 1.0.45. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.46...

4.3CVSS3.8AI score0.00429EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/17 12:0 a.m.22 views

WordPress Kunze Law plugin <= 1.9 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Kunze Law plugin versions = 1.9. Solution Update the WordPress Kunze Law plugin to the latest available version at least 2.1...

4.8CVSS2AI score0.00612EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/15 12:0 a.m.22 views

WordPress Relevanssi Premium plugin <= 2.16.4 - Unauthorized AJAX Calls vulnerability

Unauthorized AJAX Calls vulnerability discovered by Jan w Oleju in WordPress Relevanssi Premium plugin versions = 2.16.4. Solution Update the WordPress Relevanssi Premium plugin to the latest available version at least 2.16.5...

3.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/01/31 12:0 a.m.22 views

WordPress WPvivid Backup and Migration Plugin <= 0.9.68 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WPvivid Backup and Migration Plugin versions = 0.9.68. Solution Update the WordPress WPvivid Backup and Migration Plugin to the latest available version at least 0.9.69...

6.1CVSS2.5AI score0.01213EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/01/31 12:0 a.m.22 views

WordPress Better Notifications for WP plugin <= 1.8.6 - Email Address Disclosure vulnerability

Email Address Disclosure vulnerability discovered by Krzysztof Zając in WordPress Better Notifications for WP plugin versions = 1.8.6. Solution Update the WordPress Better Notifications for WP plugin to the latest available version at least 1.8.7...

4.3CVSS2.7AI score0.00423EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/31 12:0 a.m.22 views

WordPress Product Feed PRO for WooCommerce plugin <= 11.2.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Product Feed PRO for WooCommerce plugin versions = 11.2.1. Solution Update the WordPress Product Feed PRO for WooCommerce plugin to the latest available version at least 11.2.2...

2.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/01/31 12:0 a.m.22 views

WordPress WP Email Users plugin <= 1.7.6 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress WP Email Users plugin versions = 1.7.6. Solution Deactivate and delete. This plugin has been closed as of January 31, 2022 and is not available for download. This closure is temporary, pending a full review...

8.8CVSS2.8AI score0.02214EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2022/01/27 12:0 a.m.22 views

WordPress WP Google Map plugin <= 1.8.3 - Arbitrary Post Deletion and Plugin's Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Post Deletion and Plugin's Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress WP Google Map plugin versions = 1.8.3. Solution Update the WordPress WP Google Map plugin to the latest available version at least 1.8.4...

6.5CVSS3.3AI score0.00566EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/26 12:0 a.m.22 views

WordPress Security Audit plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Shweta Mahajan in WordPress Security Audit plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of November 15, 2021 and is not available for download. Reason: Security Issue...

4.8CVSS2.9AI score0.05063EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2022/01/26 12:0 a.m.22 views

WordPress WordPress GDPR & CCPA premium plugin <= 1.9.25 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ace Candelario @0xspade and Victor Paynat-Sautivet 3DS Outscale SOC in WordPress WordPress GDPR & CCPA premium plugin versions = 1.9.25. Solution Update the WordPress WordPress GDPR & CCPA premium plugin to the latest...

9.6CVSS2.5AI score0.02085EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/24 12:0 a.m.22 views

WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Plugin Activation

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Plugin Activation discovered by Ex.Mi Patchstack in WordPress Access Demo Importer plugin versions = 1.0.7. Solution Update the WordPress Access Demo Importer plugin to the latest available version at least 1.0.8...

6.5CVSS5.2AI score0.00466EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/01/21 12:0 a.m.22 views

WordPress ExportFeed: List WooCommerce Products on eBay Store plugin <= 2.0.1.0 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by 0xdecafbad in WordPress ExportFeed: List WooCommerce Products on eBay Store plugin versions = 2.0.1.0. Solution Deactivate and delete. This plugin has been closed as of November 22, 2021 and is not available for download. Reason: Security Issue...

7.2CVSS2.6AI score0.01255EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/01/18 12:0 a.m.22 views

WordPress LeadMagic plugin <= 1.2.7 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Big Tiger in WordPress LeadMagic plugin versions = 1.2.7. Solution Deactivate and delete. This plugin has been closed as of January 17, 2022 and is not available for download. This closure is temporary, pending a full review...

4.8CVSS2.5AI score0.00856EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/01/17 12:0 a.m.22 views

WordPress Popup | Custom Popup Builder plugin <= 1.3 - Unauthenticated Denial of Service (DoS) vulnerability

Unauthenticated Denial of Service DoS vulnerability discovered by Felipe de Avila in WordPress Popup | Custom Popup Builder plugin versions = 1.3. Solution Update the WordPress Popup | Custom Popup Builder plugin to the latest available version at least 1.3.1...

7.5CVSS3.1AI score0.01565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/29 12:0 a.m.22 views

WordPress Orange Form plugin <= 1.0 - SQL Injection (SQLi) via Cross-Site Request Forgery (CSRF) vulnerability

SQL Injection SQLi via Cross-Site Request Forgery CSRF vulnerability discovered by Francesco Carlucci in WordPress Orange Form plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of December 29, 2021 and is not available for download. This closure is temporary,...

8.8CVSS3.4AI score0.00609EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/27 12:0 a.m.22 views

WordPress Orders Tracking for WooCommerce plugin <= 1.1.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Orders Tracking for WooCommerce plugin versions = 1.1.9. Solution Update the WordPress Orders Tracking for WooCommerce plugin to the latest available version at least 1.1.10...

6.1CVSS2.5AI score0.00887EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/23 12:0 a.m.22 views

WordPress Advanced Custom Fields: Extended plugin <= 0.8.8.6 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by JrXnm in WordPress Advanced Custom Fields: Extended plugin versions = 0.8.8.6. Solution Update the WordPress Advanced Custom Fields: Extended plugin to the latest available version at least 0.8.8.7...

7.2CVSS3AI score0.01502EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/13 12:0 a.m.22 views

WordPress H5P CSS Editor plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress H5P CSS Editor plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.9AI score0.00757EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/12/09 12:0 a.m.22 views

WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by Julio Potier SecuPress.me in WordPress tarteaucitron.js – Cookies legislation & GDPR plugin versions = 1.5.4. Solution Update the WordPress tarteaucitron.js – Cookies legislation & GDPR plugin to the...

8.8CVSS2.6AI score0.00492EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2021/12/06 12:0 a.m.22 views

WordPress UpdraftPlus plugin <= 1.16.65 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress UpdraftPlus plugin versions = 1.16.65. Solution Update the WordPress UpdraftPlus plugin to the latest available version at least 1.16.66...

6.1CVSS2.1AI score0.01122EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/06 12:0 a.m.22 views

WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 2.10.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WooCommerce PDF Invoices & Packing Slips plugin versions = 2.10.4. Solution Update the WordPress WooCommerce PDF Invoices & Packing Slips plugin to the latest available version at least 2.10.5...

4.8CVSS3.2AI score0.01188EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2021/12/01 12:0 a.m.22 views

WordPress Variation Swatches for WooCommerce plugin <= 2.1.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland WordFence in WordPress Variation Swatches for WooCommerce plugin versions = 2.1.1. Solution Update the WordPress Variation Swatches for WooCommerce plugin to the latest available version at least 2.1.2...

6.4CVSS2.7AI score0.00531EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/12/01 12:0 a.m.22 views

WordPress Booster for WooCommerce plugin <= 5.4.8 - Reflected Cross-Site Scripting (XSS) vulnerability in Product XML Feeds Module

Reflected Cross-Site Scripting XSS vulnerability in Product XML Feeds Module discovered by Jeremie Amsellem in WordPress Booster for WooCommerce plugin versions = 5.4.8. Solution Update the WordPress Booster for WooCommerce plugin to the latest available version at least 5.4.9...

6.1CVSS2.3AI score0.00757EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/28 12:0 a.m.22 views

WordPress Ripple theme <= 1.2.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Ripple theme versions = 1.2.0. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...

8.8CVSS2.1AI score0.01652EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/28 12:0 a.m.22 views

WordPress Uncode Lite theme <= 1.3.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Uncode Lite theme versions = 1.3.3. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...

8.8CVSS2.8AI score0.01652EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2021/11/28 12:0 a.m.22 views

WordPress Doko theme <= 1.0.27 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Doko theme versions = 1.0.27. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...

8.8CVSS2.6AI score0.01652EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/23 12:0 a.m.22 views

WordPress Gwolle Guestbook plugin <= 4.1.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Gwolle Guestbook plugin versions = 4.1.2. Solution Update the WordPress Gwolle Guestbook plugin to the latest available version at least 4.2.0...

6.1CVSS2.3AI score0.008EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/16 12:0 a.m.22 views

WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress SportsPress – Sports Club & League Manager plugin versions = 2.7.8. Solution Update the WordPress SportsPress – Sports Club & League Manager plugin to the latest available version at least 2.7.9...

6.1CVSS1.7AI score0.008EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/13 12:0 a.m.22 views

WordPress WPO365 plugin <= 15.3 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by AppCheck in WordPress WPO365 plugin versions = 15.3. Solution Update the WordPress WPO365 plugin to the latest available version at least 15.4...

9.3CVSS2AI score0.00937EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/09 12:0 a.m.22 views

WordPress Get Custom Field Values plugin <= 4.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Francesco Carlucci in WordPress Get Custom Field Values plugin versions = 4.0. Solution Update the WordPress Get Custom Field Values plugin to the latest available version at least 4.0.1...

5.4CVSS1.8AI score0.00684EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/29 12:0 a.m.22 views

WordPress Download Monitor plugin <= 4.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguy Minh Tuan in WordPress Download Monitor plugin versions = 4.4.6. Solution Update the WordPress Download Monitor plugin to the latest available version at least 4.4.7...

5.4CVSS3.1AI score0.00573EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/10/25 12:0 a.m.22 views

WordPress MAZ Loader plugin <= 1.4.0 - Arbitrary Loader Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Loader Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress MAZ Loader plugin versions = 1.4.0. Solution Update the WordPress MAZ Loader plugin to the latest available version at least 1.4.1...

4.3CVSS4.1AI score0.00435EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/25 12:0 a.m.22 views

WordPress eCommerce Product Catalog plugin <= 3.0.38 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress eCommerce Product Catalog plugin versions = 3.0.38. Solution Update the WordPress eCommerce Product Catalog plugin to the latest available version at least 3.0.39...

2.2AI score0.01555EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/10/21 12:0 a.m.22 views

WordPress Advanced Forms plugin <= 1.6.8 - Arbitrary User Email Address Update via IDOR vulnerability

Arbitrary User Email Address Update via IDOR vulnerability discovered by Suppawit Punhakit in WordPress Advanced Forms plugin versions = 1.6.8. Solution Update the WordPress Advanced Forms plugin to the latest available version at least 1.6.9...

8.8CVSS3.8AI score0.01798EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities5000