Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2021/10/20 12:0 a.m.22 views

WordPress Forminator plugin <= 1.15.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress Forminator plugin versions = 1.15.2. Solution Update the WordPress Forminator plugin to the latest available version at least 1.15.4...

4.8CVSS1.6AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/20 12:0 a.m.22 views

WordPress Sassy Social Share plugin <= 3.3.23 - Missing Authorization Controls to PHP Object Injection vulnerability

Missing Authorization Controls to PHP Object Injection vulnerability discovered by Chloe Chamberland WordFence in WordPress Sassy Social Share plugin versions = 3.3.23. Solution Update the WordPress Sassy Social Share plugin to the latest available version at least 3.3.24...

8.8CVSS2.8AI score0.01976EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/16 12:0 a.m.22 views

WordPress Speed Booster Pack plugin <= 4.3.3 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Quan, Hoang Xuan in WordPress Speed Booster Pack plugin versions = 4.3.3. Solution Update the WordPress Speed Booster Pack plugin to the latest available version at least 4.3.3.1...

7.2CVSS2.3AI score0.01112EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/14 12:0 a.m.22 views

WordPress HAL plugin <= 2.1.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress HAL plugin versions = 2.1.1. Solution Update the WordPress HAL plugin to the latest available version at least 2.2...

5.5CVSS1.1AI score0.00922EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/10/13 12:0 a.m.22 views

WordPress Simple JWT Login plugin <= 3.2.1 - Insecure Password Creation vulnerability

Insecure Password Creation vulnerability discovered by Zian Choy in WordPress Simple JWT Login plugin versions = 3.2.1. Solution Update the WordPress Simple JWT Login plugin to the latest available version at least 3.3.0...

7.5CVSS3.2AI score0.01186EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/10/11 12:0 a.m.22 views

WordPress Print-O-Matic plugin <= 2.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Zain Ahmed in WordPress Print-O-Matic plugin versions = 2.0.2. Solution Update the WordPress Print-O-Matic plugin to the latest available version at least 2.0.3...

4.8CVSS1.9AI score0.00654EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/11 12:0 a.m.22 views

WordPress Quiz Tool Lite plugin <= 2.3.15 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Stored Cross-Site Scripting XSS vulnerabilities discovered by Shivam Rai in WordPress Quiz Tool Lite plugin versions = 2.3.15. Solution Deactivate and delete. This plugin has been closed as of September 28, 2021 and is not available for download. This closure is temporary, pending a full...

4.8CVSS1.7AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/04 12:0 a.m.22 views

WordPress Events Made Easy plugin <= 2.2.23 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Huy Nguyen in WordPress Events Made Easy plugin versions = 2.2.23. Solution Update the WordPress Events Made Easy plugin to the latest available version or at least to the version 2.2.24...

4.8CVSS1.5AI score0.00681EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/21 12:0 a.m.22 views

WordPress Game Server Status plugin <= 1.0 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered Neppah in WordPress Game Server Status plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of August 20, 2021 and is not available for download. This closure is temporary, pending a full review...

7.2CVSS3.5AI score0.013EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.22 views

WordPress Generate Child Theme plugin <= 1.5.3 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Generate Child Theme plugin versions = 1.5.3. Solution Update the WordPress Generate Child Theme plugin to the latest available version at least 1.6...

5.7CVSS2.7AI score0.00408EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.22 views

WordPress Gutenberg PDF Viewer Block plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Gutenberg PDF Viewer Block plugin versions = 1.0. Solution Update the WordPress Gutenberg PDF Viewer Block plugin to the latest available version at least 1.0.1...

5.4CVSS2.5AI score0.00629EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/15 12:0 a.m.22 views

WordPress Compact WP Audio Player plugin <= 1.9.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress Compact WP Audio Player plugin versions = 1.9.6. Solution Update the WordPress Compact WP Audio Player plugin to the latest available version at least 1.9.7...

6.5CVSS3.5AI score0.00553EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.22 views

WordPress WordPress Simple Shop plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress WordPress Simple Shop plugin versions = 1.2. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.4AI score0.00866EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/09/07 12:0 a.m.22 views

WordPress Weather Effect plugin <= 1.3.3 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by apple502j in WordPress Weather Effect plugin versions = 1.3.3. Solution Update the WordPress Weather Effect plugin to the latest available version at least 1.3.4...

5.4CVSS2.4AI score0.00399EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/06 12:0 a.m.22 views

WordPress User Registration plugin <= 2.0.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by AyeCode Ltd in WordPress User Registration plugin versions = 2.0.1. Solution Update the WordPress User Registration plugin to the latest available version at least 2.0.2...

5.4CVSS1.9AI score0.006EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2021/08/23 12:0 a.m.22 views

WordPress Timetable and Event Schedule by MotoPress plugin <= 2.3.18 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Stored Cross-Site Scripting XSS vulnerabilities discovered by Martin Vierula Trustwave in WordPress Timetable and Event Schedule by MotoPress plugin versions = 2.3.18. Solution Update the WordPress Timetable and Event Schedule by MotoPress plugin to the latest available version at least...

5.4CVSS2.6AI score0.0086EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/07/27 12:0 a.m.22 views

WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability

Authenticated Insecure Direct Object References IDOR vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

8.8CVSS2.8AI score0.01064EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2021/07/26 12:0 a.m.22 views

WordPress uListing plugin <= 2.0.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.3. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.4...

9.8CVSS3.1AI score0.02067EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2021/07/26 12:0 a.m.22 views

WordPress HD Quiz plugin <= 1.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress HD Quiz plugin versions = 1.8.3. Solution Update the WordPress HD Quiz plugin to the latest available version at least 1.8.4...

5.4CVSS1.5AI score0.00624EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/07/23 12:0 a.m.22 views

WordPress Timeline Calendar plugin <= 1.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Timeline Calendar plugin versions = 1.2. Solution This plugin has been closed as of June 3, 2021 and is not available for download. Reason: Security Issue...

7.2CVSS3.4AI score0.01578EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/07/23 12:0 a.m.22 views

WordPress GTranslate plugin <= 2.8.64 – Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress GTranslate plugin versions = 2.8.64. Solution Update the WordPress GTranslate plugin to the latest available version at least 2.8.65...

6.1CVSS2.4AI score0.01572EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2021/07/23 12:0 a.m.22 views

WordPress Alipay plugin <= 3.7.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali Codevigilant in WordPress Alipay plugin versions = 3.7.2. Solution Deactivate and delete. This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...

7.2CVSS3.3AI score0.01547EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/07/08 12:0 a.m.22 views

WordPress MDTF - Meta Data & Taxonomies Filter premium plugin <= 2.2.7.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Ryoma Nishioka in WordPress MDTF - Meta Data & Taxonomies Filter premium plugin versions = 2.2.7.2. Solution Update the WordPress MDTF - Meta Data & Taxonomies Filter premium plugin to the latest available version at least 2.2.8...

8.8CVSS3.7AI score0.00849EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2021/06/29 12:0 a.m.22 views

WordPress Secure Copy Content Protection and Content Locking plugin <= 2.6.6 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Secure Copy Content Protection and Content Locking plugin versions = 2.6.6. Solution Update the WordPress Secure Copy Content Protection and Content Locking plugin to the latest available version at lea...

7.2CVSS3.2AI score0.01344EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/29 12:0 a.m.22 views

WordPress Handsome Testimonials & Reviews <= 2.1.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress Handsome Testimonials & Reviews versions = 2.1.0. Solution Update the WordPress Handsome Testimonials & Reviews to the latest available version at least 2.1.1...

8.8CVSS3.3AI score0.01599EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/22 12:0 a.m.22 views

WordPress CiviCRM plugin <= 5.24.2 - Authenticated Phar Deserialization vulnerability

Authenticated Phar Deserialization vulnerability discovered by Dennis Brinkrolf SonarSource in WordPress CiviCRM plugin versions = 5.24.2. Solution Update the WordPress CiviCRM plugin to the latest available version at least 5.24.3...

8.8CVSS3.4AI score0.01478EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/06/21 12:0 a.m.22 views

WordPress DW Question & Answer plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress DW Question & Answer plugin versions = 1.5.7. Solution 21st June 2021 - no fix available...

3.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/06/21 12:0 a.m.22 views

WordPress Include Me plugin <= 1.2.1 - Path traversal and Local File Inclusion (LFI) vulnerability leading to Remote Code Execution (RCE)

Path traversal and Local File Inclusion LFI vulnerability leading to Remote Code Execution RCE discovered by Mesut Cetin in WordPress Include Me plugin versions = 1.2.1. Solution Update the WordPress Include Me plugin to the latest available version at least 1.2.2...

9CVSS4.3AI score0.04956EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/18 12:0 a.m.22 views

WordPress Admin Columns plugin <= 4.3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Johannes Lauinger in WordPress Admin Columns plugin versions = 4.3.1. Solution Update the WordPress Admin Columns plugin to the latest available version at least 4.3.2...

5.4CVSS2.3AI score0.00932EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2021/06/18 12:0 a.m.22 views

WordPress Admin Columns PRO premium plugin <= 5.5.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Johannes Lauinger in WordPress Admin Columns PRO premium plugin versions = 5.5.1. Solution Update the WordPress Admin Columns PRO premium plugin to the latest available version at least 5.5.2...

5.4CVSS2.3AI score0.00932EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2021/06/09 12:0 a.m.22 views

WordPress Advanced AJAX Product Filters plugin <= 1.5.4.6 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by dc11 in WordPress Advanced AJAX Product Filters plugin versions = 1.5.4.6. Solution Update the WordPress Advanced AJAX Product Filters plugin to the latest available version at least 1.5.4.7...

2.6AI score0.00449EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/07 12:0 a.m.22 views

WordPress WP Google Maps plugin <= 8.1.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Mohammed Adam in WordPress WP Google Maps plugin versions = 8.1.11. Solution Update the WordPress WP Google Maps plugin to the latest available version at least 8.1.12...

5.4CVSS1.9AI score0.02339EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2021/05/30 12:0 a.m.22 views

WordPress NinjaFirewall plugin <= 4.3.3 - Authenticated PHAR Deserialization vulnerability

Authenticated PHAR Deserialization vulnerability discovered by Chloe Chamberland in WordPress NinjaFirewall plugin versions = 4.3.3. Solution Update the WordPress NinjaFirewall plugin to the latest available version at least 4.3.4...

3.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/04/19 12:0 a.m.22 views

WordPress Popup by Supsystic plugin <= 1.10.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Popup by Supsystic plugin versions = 1.10.4. Solution Update the WordPress Popup by Supsystic plugin to the latest available version at least 1.10.5...

6.1CVSS2AI score0.18165EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2021/04/16 12:0 a.m.22 views

WordPress HT Slider Range for Amazon affiliates plugin <= 1.1.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Frank Liauw in WordPress HT Slider Range for Amazon affiliates plugin versions = 1.1.9. Solution Update the WordPress HT Slider Range for Amazon affiliates plugin to the latest available version at least 1.1.10...

2.3AI score0.01261EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/04/16 12:0 a.m.22 views

WordPress Invoicing with InvoiceXpress for WooCommerce plugin <= 3.0.2 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Frank Liauw in WordPress Invoicing with InvoiceXpress for WooCommerce plugin versions = 3.0.2. Solution Update the WordPress Invoicing with InvoiceXpress for WooCommerce plugin to the latest available version at least...

3.6AI score0.01261EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/04/07 12:0 a.m.22 views

WordPress OpenID Connect Generic Client plugin <= 3.8.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Austin Bentley in WordPress OpenID Connect Generic Client plugin versions = 3.8.1. Solution Update the WordPress OpenID Connect Generic Client plugin to the latest available version at least 3.8.2...

6.1CVSS2.3AI score0.0163EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/03/31 12:0 a.m.22 views

WordPress WordPress Goto premium theme <= 1.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress WordPress Goto premium theme versions = 1.9. Solution Update the WordPress WordPress Goto premium theme to the latest available version at least 2.0...

2.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/03/14 12:0 a.m.22 views

WordPress Mediumish premium theme <= 1.0.47 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Mediumish premium theme versions = 1.0.47. Solution No information about the patched version available...

6.1CVSS2.2AI score0.06442EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/03/10 12:0 a.m.22 views

WordPress Database Backups plugin <= 1.2.2.6 - Cross-Site Request Forgery (CSRF) vulnerability leading to backup download

Cross-Site Request Forgery CSRF vulnerability leading to backup download discovered by 0xB9 in WordPress Database Backups plugin versions = 1.2.2.6. Solution 2021-03-18 - we were unable to find a patched version of this plugin. WordPress.org plugin repository notice: "This plugin has been closed ...

8.1CVSS3.4AI score0.03218EPSS
Exploits5References2Affected Software1
Patchstack
Patchstack
added 2021/01/18 12:0 a.m.22 views

WordPress 301 Redirects – Easy Redirect Manager plugin <= 2.50 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Nguyen Van Khanh in WordPress 301 Redirects – Easy Redirect Manager plugin versions = 2.50. Solution Update the WordPress 301 Redirects – Easy Redirect Manager plugin to the latest available version at least 2.5.1...

7.2CVSS3AI score0.01238EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2020/08/31 12:0 a.m.22 views

WordPress Recall Products plugin <= 0.8 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by ZERO APTITUDE in WordPress Recall Products plugin versions = 0.8. Solution 2020-09-16 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of July 28, 2020 and is not availabl...

8.8CVSS3.4AI score0.01928EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2020/06/12 12:0 a.m.22 views

WordPress wpDiscuz plugin <= 5.3.5 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found in WordPress wpDiscuz plugin versions = 5.3.5. Solution Update the WordPress wpDiscuz plugin to the latest available version at least 5.3.6...

9.8CVSS3.1AI score0.12706EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2020/05/27 12:0 a.m.22 views

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.3.2 - Unauthenticated File Upload vulnerability leading to Remote Code Execution (RCE)

Unauthenticated File Upload vulnerability leading to Remote Code Execution RCE discovered by Austin Martin in WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin versions = 1.3.3.2. Solution Update the WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin to th...

9.8CVSS3.4AI score0.78751EPSS
Exploits7References3Affected Software1
Patchstack
Patchstack
added 2020/05/11 12:0 a.m.22 views

WordPress Page Builder by SiteOrigin plugin <= 2.10.15 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Reflected Cross-Site Scripting XSS discovered by WordFence in WordPress Page Builder by SiteOrigin plugin versions = 2.10.15. Solution Update the WordPress Page Builder by SiteOrigin plugin to the latest available version at least 2.10.16...

8.8CVSS2.4AI score0.00809EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/05/07 12:0 a.m.22 views

WordPress iframe plugin <= 4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Guilherme Rubert in WordPress iframe plugin versions = 4.4. Solution Update the WordPress iframe plugin to the latest available version at least 4.5...

6.1CVSS2.1AI score0.02006EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2020/04/29 12:0 a.m.22 views

WordPress LearnPress plugin <= 3.2.6.7 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered in WordPress LearnPress plugin versions = 3.2.6.7. Solution Update the WordPress LearnPress plugin to the latest available version at least 3.2.6.8...

8.1CVSS3.9AI score0.03209EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2020/04/22 12:0 a.m.22 views

WordPress Catch Breadcrumb plugin <= 1.5.6 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Catch Breadcrumb plugin versions = 1.5.6. Solution Update the WordPress Catch Breadcrumb plugin to the latest available version at least 1.5.7...

6.1CVSS2.2AI score0.03611EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/04/07 12:0 a.m.22 views

WordPress WP Lead Plus X plugin <= 0.98 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress WP Lead Plus X plugin versions = 0.98. Solution Update the WordPress WP Lead Plus X plugin to the latest available version at least 0.99...

5.4CVSS1.6AI score0.00784EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/04/02 12:0 a.m.22 views

WordPress WP-Advanced-Search plugin <= 3.3.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Florian Hauser in WordPress WP-Advanced-Search plugin versions = 3.3.3. Solution Update the WordPress WP-Advanced-Search plugin to the latest available version at least 3.3.7...

2.8AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities5000