Lucene search
K
PatchstackMost viewed

46702 matches found

Patchstack
Patchstack
•added 2015/05/22 12:0 a.m.•22 views

WordPress Landing Pages Plugin <= 1.8.4 - SQL Injection

Thisvulnerability allows an authenticated user to execute arbitrary SQL commands in an edit delete-variation action via the "post" parameter to wp-admin/post.php. Solution Upgrade the plugin...

6.5CVSS4.1AI score0.03779EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
•added 2015/05/15 12:0 a.m.•22 views

WordPress Crayon Syntax Highlighter Plugin <= 2.6.10 - Local File Disclosure

This plugin is prone to a local file disclosure vulnerability. It allows attackers to see the content of any file. Solution Update plugin...

2.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/05/15 12:0 a.m.•22 views

WordPress Cardoza Poll Plugin <= 34.05 - Cross Site Request Forgery

This plugin is prone to a multiple external function remote poll manipulation. Solution Update the plugin...

9.8CVSS2.5AI score0.04973EPSS
Exploits3References4Affected Software1
Patchstack
Patchstack
•added 2015/03/05 12:0 a.m.•22 views

WordPress Ninja Forms Plugin <= 2.8.9 - Unspecified Vulnerability

Because of this vulnerability in Ninja Forms plugin, remote attack vectors are related to admin users. Solution Update the plugin...

7.5CVSS4.8AI score0.02017EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/03/03 12:0 a.m.•22 views

WordPress Photocrati Theme 4.x.x - SQL Injection and XSS

Because of SQL injection and XSS vulnerabilities, an attacker can execute a remote injection in URL site and get an important information. Solution Upgrade the theme...

7.5CVSS2.6AI score0.04737EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2015/02/26 12:0 a.m.•22 views

WordPress EasyCart Plugin <= 3.0.20 - Privilege Escalation

Because of this vulnerability, attackers can do privilege escalation and remote code execution. Solution Update the plugin...

8.8CVSS6AI score0.18932EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
•added 2015/01/13 12:0 a.m.•22 views

WordPress Symposium Plugin 14.11 - Shell Upload

Symposium plugin is prone to a shell upload vulnerability. It allows an attacker to execute arbitrary PHP code by making a direct request to the uploaded .php file. Solution Update the plugin...

7.5CVSS3.8AI score0.59968EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/01/08 12:0 a.m.•22 views

WordPress Shopping Cart Plugin 3.0.4 - Unrestricted File Upload

Shopping Cart plugin is prone to an unrestricted file upload vulnerability. Because of incorrect if statement inside "banneruploaderscript.php", any registered user can upload any file. Solution Upgrade the plugin...

6.5CVSS2.5AI score0.51617EPSS
Exploits7References1Affected Software1
Patchstack
Patchstack
•added 2015/01/05 12:0 a.m.•22 views

WordPress Our Team Showcase Plugin <= 1.2 - Multiple CSRF and XSS

Because of these cross-site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way, they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...

6.8CVSS5.1AI score0.01001EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/01/02 12:0 a.m.•22 views

WordPress Simple Sticky Footer Plugin <= 1.3.2 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...

6.8CVSS3.9AI score0.0117EPSS
Exploits1Affected Software1
Patchstack
Patchstack
•added 2015/01/02 12:0 a.m.•22 views

WordPress Simple Visitor Stat Plugin <= 4.5.2 BYPASS

Because of these vulnerabilities, the attackers can inject arbitrary HTML or web script via the HTTP User-Agent or HTTP Referer header. Solution No fix have been released...

4.3CVSS2.2AI score0.01633EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/12/05 12:0 a.m.•22 views

WordPress jRSS Widget Plugin <= 1.2 - SSRF

This vulnerability is in the proxy.php. It allows the attackers to trigger outbound requests and enumerate open ports via the "URL" parameter. Solution Update the plugin...

5.8CVSS5.5AI score0.01889EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/12/02 12:0 a.m.•22 views

WordPress HTML5 MP3 Player with Playlist Free Plugin <= 2.6 - Full Path Disclosure

Because of this vulnerability, the attackers can obtain the installation path via a request to html5plus/playlist.php. Solution Upgrade the plugin...

5CVSS3.9AI score0.02566EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/12/02 12:0 a.m.•22 views

WordPress Nextend Facebook Connect Plugin 1.4.59 - XSS

Because of a cross-site scripting vulnerability in Nextend Facebook Connect plugin, anyone can change plugin settings. Solution Update the plugin to version 1.5.1...

4.3CVSS2.5AI score0.0377EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2014/11/21 12:0 a.m.•22 views

WordPress SP Client Document Manager Plugin 2.4.1 - SQL Injection

This WordPress SP Client Document Manager plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

7.5CVSS3.2AI score0.04737EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/11/10 12:0 a.m.•22 views

WordPress Another Classifieds Plugin - SQL Injection

This WordPress GD Star Rating plugin's "keywordphrase" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database when doing a search for classifieds. Solution...

7.5CVSS2.6AI score0.04737EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/11/10 12:0 a.m.•22 views

WordPress Another Classifieds Plugin - SQL Injection

This WordPress GD Star Rating plugin's "keywordphrase" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database when doing a search for classifieds. Solution...

7.5CVSS2.6AI score0.04737EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/09/11 12:0 a.m.•22 views

WordPress Web-Dorado Photo Gallery Plugin <= 1.1.30 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "callback", "dir", or "extensions" parameters. Solution Update the plugin...

4.3CVSS2.9AI score0.02374EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2014/09/08 12:0 a.m.•22 views

WordPress Epic Theme - Arbitrary File Download

Epic theme's "download.php" is prone to an arbitrary file download vulnerability. It allows an attacker to download arbitrary files from the web server and get potentially sensitive information. Solution Update the theme...

3.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/09/08 12:0 a.m.•22 views

WordPress Acento Theme - Arbitrary File Download

Acento theme's "file" parameter in view-pdf.php is prone to an arbitrary file download vulnerability. It allows an attacker to download arbitrary files from the web server and get potentially sensitive information. Solution Update the theme...

4.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/08/14 12:0 a.m.•22 views

WordPress <= 3.9.1 - XSS

This vulnerability is in the wp-includes/pluggable.php. It allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL. Solution Update WordPress...

2.1CVSS4.2AI score0.02196EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/07/13 12:0 a.m.•22 views

WordPress DZS Video Gallery Plugin - Cross Site Scripting and Command Injection Vulnerabilities

Because of these vulnerabilities in DZS Video Gallery plugin, an attacker can execute arbitrary script code in the browser and execute arbitrary OS commands. In that way an attacker can steal cookie-based authentication credentials and launch other attacks. Solution Upgrade the plugin...

4.3CVSS3.9AI score0.07309EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•22 views

WordPress Contact Form Plugin <= 2.3 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "width" parameter. Solution Update the plugin...

4.3CVSS3.2AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•22 views

WordPress VideoWhisper Live Streaming Integration Plugin <= 4.27.2 - XSS

Because of this vulnerability in ls/vvlogin.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS3AI score0.02046EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•22 views

WordPress Efence Plugin <= 1.3.2 - Multiple XSS

Because of these vulnerabilities in callback.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.1AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•22 views

WordPress HTML5 Video Player with Playlist Plugin <= 2.4.0 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS1.8AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•22 views

WordPress Wu Rating Plugin <= 1.0 12319 - XSS

Because of this vulnerability in wu-ratepost.php, the attackers can inject arbitrary web script or HTML via the "v" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•22 views

WordPress VideoWhisper Video Presentation Plugin <= 3.30 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.7AI score0.02023EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•22 views

WordPress Easy Post Types Plugin <= 1.4.3 - XSS

Because of this vulnerability in classes/custom-image/media.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS1.5AI score0.02046EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/10 12:0 a.m.•22 views

WordPress Flash & HTML5 Video Plugin - Cross Site Request Forgery

This Flash & HTML5 Video plugin is prone to a CSRF vulnerability. It allows an attacker to perform certain actions that lead to further attacks. Solution Update the plugin...

6.8CVSS3.6AI score0.02857EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/02 12:0 a.m.•22 views

WordPress Participants Database Plugin 1.5.4.8 - SQL Injection

SQL Injection in Participants Database plugin allows an unauthenticated user to execute arbitrary SQL statements. Solution Update the plugin...

7.5CVSS3.9AI score0.05643EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/05/21 12:0 a.m.•22 views

WordPress Booking System Plugin - SQL Injection

This WordPress Booking Calendar plugin's "bookingformid" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

6.5CVSS3.5AI score0.03588EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/02/07 12:0 a.m.•22 views

WordPress BuddyPress Plugin <= 1.9.1 - XSS

Because of this vulnerability, authenticated users can inject arbitrary web script or HTML via the name field to groups/create/step/group-details. Solution Update the plugin...

4.3CVSS2.1AI score0.02587EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2014/01/20 12:0 a.m.•22 views

WordPress <= 3.0.1 - XSS

Because of this vulnerability in wp-admin/plugins.php, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...

4.3CVSS1.8AI score0.01815EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/12/03 12:0 a.m.•22 views

WordPress Jetpack Plugin <= 2.9.2 - Security BYPASS

This plugin does not properly restrict access to the XML-RPC service. In that way the attackers can bypass intended restrictions and publish posts via unspecified vectors. Solution Update the plugin...

5.8CVSS5.4AI score0.02244EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/11/20 12:0 a.m.•22 views

WordPress prettyPhoto Plugin <= 3.1.4 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via a crafted PATHINTO to the default URI. Solution Update the plugin...

4.3CVSS3.4AI score0.03111EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/11/01 12:0 a.m.•22 views

WordPress Tweet Blender Plugin <= 4.0.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "tbtabindex" parameter to wp-admin/options-general.php. Solution Update the plugin...

4.3CVSS2.8AI score0.02058EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2013/05/07 12:0 a.m.•22 views

WordPress Apptha Video Gallery Plugin <= 2.0 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "playid" parameter to index.php. Solution Update the plugin...

7.5CVSS6.4AI score0.02166EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/04/22 12:0 a.m.•22 views

WordPress Digg Digg Plugin <= 5.3.4 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of users for requests that modify settings via unspecified vectors. Solution Update the plugin...

6.8CVSS5.7AI score0.0107EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/02/19 12:0 a.m.•22 views

WordPress <= 3.5.1 - Full Path Disclosure

Because of this vulnerability, the attackers can obtain sensitive information via an invalid upload request. Solution Update the plugin...

4.3CVSS3.8AI score0.02026EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/02/19 12:0 a.m.•22 views

WordPress TinyMCE Media Plugin <= 3.5.1 - Content Spoofing

A moxieplayer.as does not consider the presence of a character during extraction of the QUERYSTRING. In that way the attackers can pass arbitrary parameters to a Flash application and conduct content-spoofing attacks. Solution Update the plugin...

4.3CVSS5.3AI score0.02904EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/02/19 12:0 a.m.•22 views

WordPress SWFUpload Plugin <= 3.5.1 - XSS

This plugin is prone to a cross site scripting vulnerability. Solution Update the plugin...

4.3CVSS1.8AI score0.0296EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/02/14 12:0 a.m.•22 views

WordPress NextGEN Gallery Plugin - Path Disclosure Vulnerability

This NextGEN Gallery plugin is prone to a path-disclosure vulnerability. It allows anr attacker to obtain sensitive information that may lead to further attacks. Solution Update the plugin...

7.5CVSS2.8AI score0.15621EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/01/23 12:0 a.m.•22 views

WordPress Organizer Plugin <= 1.2.1 - Multiple XSS

Because of these vulnerabilities in organizer/page/users.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2AI score0.02503EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/01/02 12:0 a.m.•22 views

WordPress Mingle Forum Plugin <= 1.0.34 - Multiple CSRF

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests. Solution Update the plugin...

6.8CVSS4.6AI score0.01058EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/10/15 12:0 a.m.•22 views

WordPress White Label CMS Plugin <= 1.5 - XSS

Because of this vulnerability in wlcms-plugin.php, the authenticated administrators can inject arbitrary web script or HTML via the "wlcmsodevelopername" parameter. Solution Update the plugin...

3.5CVSS2.1AI score0.039EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2012/10/08 12:0 a.m.•22 views

WordPress Mingle Forum Plugin <= 1.0.32 - Multiple SQL Injection #2

Because of these vulnerabilities in fs-admin/fs-admin.php, the authenticated users can execute arbitrary SQL commands via the "usergroup" parameter in an addusertogroup action or "addforumgroupid" parameter in an addforumsubmit action. Solution Update the plugin...

6.5CVSS5.8AI score0.01731EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/10/01 12:0 a.m.•22 views

WordPress Akismet Plugin - Multiple Cross Site Scripting Vulnerabilities

WordPress Akismet plugin is prone to multiple cross-site scripting vulnerabilities. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...

2.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/09/14 12:0 a.m.•22 views

WordPress Zingiri Plugin <= 1.4.3 - Directory Traversal

Because of this vulnerability in forum.php, attackers can read arbitrary files in the "url" parameter to index.php. Solution Update the plugin...

5CVSS3.9AI score0.03173EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/04/11 12:0 a.m.•22 views

WordPress All-in-One Event Calendar Plugin 1.4 - Multiple Parameter XSS

WordPress All-in-One Event Calendar plugin's /wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php multiple parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browse...

4.3CVSS2.4AI score0.08946EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities5000