Lucene search
K
PatchstackMost viewed

46571 matches found

Patchstack
Patchstack
added 2022/06/17 12:0 a.m.47 views

WordPress Popup Builder plugin <= 4.1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Popup Status Change

Cross-Site Request Forgery CSRF vulnerability leading to Popup Status Change discovered by BEE-K Patchstack in WordPress Popup Builder plugin versions = 4.1.0. Solution Update the WordPress Popup Builder plugin to the latest available version at least 4.1.1...

5.4CVSS2.7AI score0.00273EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/05/11 12:0 a.m.47 views

WordPress Database Backup for WordPress plugin <= 2.5.1 - Arbitrary Schedule Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Schedule Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Database Backup for WordPress plugin versions = 2.5.1. Solution Update the WordPress Database Backup for WordPress plugin to the latest available version at least 2.5.2...

5.8CVSS4AI score0.00402EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/14 12:0 a.m.47 views

WordPress KingComposer plugin <= 2.9.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress KingComposer plugin versions = 2.9.6. Solution No patched version is available. This plugin has been closed as of February 2, 2022 and is not available for download. This closure is temporary, pending a full...

5.4CVSS2.4AI score0.00627EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.47 views

WordPress Premmerce Pinterest for WooCommerce plugin <= 1.2.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Premmerce Pinterest for WooCommerce plugin versions = 1.2.3. Solution No patched version available...

2.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/03/25 12:0 a.m.47 views

WordPress All-in-One WP Migration plugin <= 7.14 - Arbitrary Backup Download vulnerability

Arbitrary Backup Download vulnerability found by Kamil Vavra in WordPress All-in-One WP Migration plugin versions = 7.14. Solution Update the WordPress All-in-One WP Migration plugin to the latest available version at least 7.15...

4.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2018/03/28 12:0 a.m.47 views

WordPress Duplicator plugin <=1.2.32 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Duplicator plugin versions =1.2.32 Solution Update the WordPress Duplicator plugin to the latest available version at least 1.2.33...

6.1CVSS1.6AI score0.03495EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2022/07/22 12:0 a.m.46 views

WordPress VR Calendar plugin < 2.3.1 - Unauthenticated Arbitrary Function Call vulnerability

Unauthenticated Arbitrary Function Call vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress VR Calendar plugin versions 2.3.1. Solution Update the WordPress VR Calendar plugin to the latest available version at least 2.3.1...

9.8CVSS2.2AI score0.12442EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/05/31 12:0 a.m.46 views

WordPress GTM4WP plugin <= 1.15.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress GTM4WP plugin versions = 1.15.1. Solution Update the WordPress GTM4WP plugin to the latest available version at least 1.15.2...

5.5CVSS1.8AI score0.01071EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2022/05/16 12:0 a.m.46 views

WordPress WPQA premium plugin <= 5.4 - Unauthenticated Private Message Disclosure vulnerability

Unauthenticated Private Message Disclosure vulnerability discovered by Veshraj Ghimire in WordPress WPQA premium plugin versions = 5.4. Solution Update the WordPress WPQA premium plugin to the latest available version at least 5.5...

5.3CVSS2.9AI score0.05591EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/23 12:0 a.m.46 views

WordPress Ad Injection plugin <= 1.2.0.19 - Stored Cross-Site Scripting (XSS) & RCE vulnerabilities

Stored Cross-Site Scripting XSS & RCE vulnerabilities discovered by Asif Nawaz Minhas in WordPress Ad Injection plugin versions = 1.2.0.19. Solution Deactivate and delete. This plugin has been closed as of March 18, 2022 and is not available for download. This closure is temporary, pending a full...

7.2CVSS2.5AI score0.40632EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.46 views

WordPress Greenshift – animation and page builder blocks plugin < 1.1.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Greenshift – animation and page builder blocks plugin versions 1.1.4. Solution Update the WordPress Greenshift – animation and page builder blocks plugin to the latest available version at least 1.1.4...

2.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/23 12:0 a.m.46 views

WordPress WooCommerce plugin <= 6.2.0 - Path Traversal via Importers vulnerability

Path Traversal via Importers vulnerability discovered in WordPress WooCommerce plugin versions = 6.2.0. Solution Update the WordPress WooCommerce plugin to the latest available version at least 6.2.1...

4.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/01/08 12:0 a.m.46 views

WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability in WordPress JSmol2WP plugin versions = 1.07. Solution 08.01.2019 - we were unable to find a patched version of this plugin. According to WordPess.org plugin repository, this plugin was closed on January 7, 2019 and is no longer available for...

6.1CVSS2.4AI score0.0397EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2015/08/19 12:0 a.m.46 views

WordPress Symposium Plugin <= 15.7- SQL Injection

This vulnerability allows an attacker to execute arbitrary SQL commands via the "size" parameter to getalbumitem.php. Solution Update the plugin...

7.5CVSS5.3AI score0.74127EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2012/04/11 12:0 a.m.46 views

WordPress All-in-One Event Calendar Plugin 1.4 - "msg" Parameter XSS

WordPress All-in-One Event Calendar plugin's /wp-content/plugins/all-in-one-event-calendar/app/view/savesuccessful.php "msg" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser ...

4.3CVSS2.7AI score0.08946EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2011/09/19 12:0 a.m.46 views

WordPress Relocate Upload Plugin 0.14 - Remote File Inclusion

This Relocate Upload plugin is prone to remote file include vulnerability. It allows an attacker to include a remote file and get access to the server. Solution Upgrade the plugin...

7.5CVSS4.2AI score0.24909EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 6:59 p.m.45 views

NPM: n8n: Wrong OAuth Scope On Evaluations Test Run Creation Endpoint

NPM: n8n: Wrong OAuth Scope On Evaluations Test Run Creation Endpoint vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/25 12:0 a.m.45 views

WordPress is vulnerable to Path Traversal

Software WordPress Type WordPress Core Vulnerable versions 6.5.5 Fixed in 6.5.5 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-32111 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID f2c038f99720 Credits Rafie Muhammad Patchstack Required...

5CVSS6.9AI score0.00434EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/08/01 12:0 a.m.45 views

WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.3 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Kim Jong Min aka Universe Patchstack Alliance in WordPress Enable SVG, WebP & ICO Upload plugin versions = 1.0.3. Solution No patched version available...

8.8CVSS3.4AI score0.00979EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/04/11 12:0 a.m.45 views

WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Slider Creation / Modification

Cross-Site Request Forgery CSRF vulnerability leading to Slider Creation / Modification discovered by Ex.Mi Patchstack in WordPress Yoo Slider plugin versions = 2.0.0. Solution Update the WordPress Yoo Slider plugin to the latest available version at least 2.1.0...

4.3CVSS3AI score0.00407EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.45 views

WordPress Salon booking system plugin <= 7.6.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered by Huli Cymetrics in WordPress Salon booking system plugin versions = 7.6.1. Solution Update the WordPress Salon booking system plugin to the latest available version at least 7.6.3...

7.5CVSS1.4AI score0.01431EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/08/04 12:0 a.m.45 views

WordPress Divi premium theme <= 4.5.2 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Divi premium theme versions = 4.5.2. Solution Update the WordPress Divi premium theme to the latest available version at least 4.5.3...

9.9CVSS3.3AI score0.02356EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2013/11/18 12:0 a.m.45 views

WordPress Euclid Theme 1.x.x - CSRF

WordPress Euclid theme is prone to a cross-site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session. Solution Upgrade the theme...

3.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.44 views

WordPress Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Image and Video Lightbox, Image PopUp Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24004 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4d9c16d4d9c1 Credits...

5.9CVSS5.8AI score0.00392EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/10/10 12:0 a.m.44 views

WordPress WP Contact Slider plugin <= 2.4.7 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress WP Contact Slider plugin versions = 2.4.7. Solution Update the WordPress WP Contact Slider plugin to the latest available version at least 2.4.8...

4.8CVSS2AI score0.00532EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/02 12:0 a.m.44 views

WordPress Shortcodes Ultimate plugin <= 5.12.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Preset Settings Change discovered by Dave Jong Patchstack in WordPress Shortcodes Ultimate plugin versions = 5.12.0. Solution Update the WordPress Shortcodes Ultimate plugin to the latest available version at least 5.12.1...

5.4CVSS2.9AI score0.00285EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/10 12:0 a.m.44 views

WordPress Gallery PhotoBlocks plugin <= 1.2.7 - Cross-Site Request Forgery (CSRF) vulnerabilities

Cross-Site Request Forgery CSRF vulnerabilities leading to Gallery Delete / Copy discovered by Ngo Van Thien Patchstack Alliance in WordPress Gallery PhotoBlocks plugin versions = 1.2.7. Solution Deactivate and delete. This plugin has been closed as of August 10, 2022 and is not available for...

8.8CVSS3.3AI score0.00306EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/01 12:0 a.m.44 views

WordPress Advanced Custom Fields plugin <= 5.12.2 - Unauthenticated File Upload vulnerability

Unauthenticated File Upload vulnerability discovered by James Golovich in WordPress Advanced Custom Fields plugin versions = 5.12.2. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 5.12.3...

8.8CVSS2.8AI score0.01264EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2021/10/11 12:0 a.m.44 views

WordPress Vision Interactive plugin < 1.5.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by WPScanTeam in WordPress Vision Interactive plugin versions 1.5.2. Solution Update the WordPress Vision Interactive plugin to the latest available version at least 1.5.2...

2.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2016/04/12 12:0 a.m.44 views

WordPress <= 4.4.1 - CSRF

WordPress before 4.5 is prone to a cross-site request forgery CSRF vulnerability. In the wpajaxwpcompressiontest function in wp-admin/includes/ajax-actions.php file attackers can hijack the authentication of administrators when they change the script compression option. Solution Update WordPress ...

8.8CVSS2.8AI score0.02489EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2015/07/23 12:0 a.m.44 views

WordPress <= 4.2.2 - XSS

WordPress 4.2.2 is prone to a cross site scripting vulnerability that allows an authenticated user to bypass intended access restrictions and create drafts by leveraging the Subscriber role. Also, it allows to inject web script or HTML by leveraging the Author role to place a crafted shortcode...

4CVSS0.9AI score0.08814EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/10/15 12:0 a.m.44 views

WordPress White Label CMS Plugin <= 1.5.0 - CSRF

Because of this vulnerability in wlcms-plugin.php, the attackers can hijack the authentication of administrators for requests that modify the developer name via the wlcmsodevelopername parameter in a save action to wp-admin/admin.php. Solution Update the plugin...

6.8CVSS5.3AI score0.02993EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
added 2025/07/13 10:23 p.m.43 views

WordPress JetEngine <= 3.7.0 - Remote Code Execution (RCE) Vulnerability

Remote Code Execution RCE Vulnerability discovered by stealthcopter in WordPress Plugin JetEngine versions = 3.7.0...

8.5CVSS7.3AI score0.00347EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/14 12:0 a.m.43 views

WordPress Really Simple SSL Plugin 9.0.0-9.1.1.1 is vulnerable to Broken Authentication

Software Really Simple SSL Type Plugin Vulnerable versions 9.0.0-9.1.1.1 Fixed in 9.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10924 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 8effdc8642db Credits István Márton...

9.8CVSS6.5AI score0.81722EPSS
Exploits21References3Affected Software1
Patchstack
Patchstack
added 2024/10/01 12:0 a.m.43 views

WordPress Slider Revolution Plugin <= 6.7.18 is vulnerable to Cross Site Scripting (XSS)

Software Slider Revolution Type Plugin Vulnerable versions = 6.7.18 Fixed in 6.7.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8107 Patch priority Low CVSS severity Low 5.9 Developer ThemePunch PSID 36b1d1650d8f Credits wesley wcraft Required...

6.4CVSS5.8AI score0.00296EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/06 12:0 a.m.43 views

WordPress Brozzme Scroll Top Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS)

Software Brozzme Scroll Top Type Plugin Vulnerable versions = 1.8.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34426 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 40ba77316890 Credits Cronus Required privilege Administrat...

5.9CVSS6.6AI score0.00446EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/07/25 12:0 a.m.43 views

WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered by Julien Ahrens in WordPress Transposh WordPress Translation plugin versions = 1.0.8.1. Solution Deactivate and delete. This plugin has been closed as of February 7, 2022 and is not available for download. Reason: Security Issue...

5.3CVSS1.8AI score0.02936EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
added 2022/06/09 12:0 a.m.43 views

WordPress ToolBar to Share plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by Sho Sakata Cryptography Laboratory at Tokyo Denki University in WordPress ToolBar to Share plugin versions = 2.0. Solution Deactivate and delete. This plugin has been closed as of May 31, 2022 and is n...

8.8CVSS1.2AI score0.00815EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/03/11 12:0 a.m.43 views

WordPress <= 5.9.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ben Bidner in WordPress versions = 5.9.1. Solution Update the WordPress to the latest available version at least 5.9.2...

1.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/03/01 12:0 a.m.43 views

WordPress File Upload plugin <= 4.16.2 - Contributor+ Path Traversal vulnerability leading to Remote Code Execution (RCE)

Contributor+ Path Traversal vulnerability leading to Remote Code Execution RCE discovered by apple502j in WordPress File Upload plugin versions = 4.16.2. Solution Update the WordPress File Upload plugin to the latest available version at least 4.16.3...

8.8CVSS4.2AI score0.02849EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/07 12:0 a.m.43 views

WordPress Paid Memberships Pro <= 2.6.6 - Unauthenticated Blind SQL Injection (SQLi) vulnerability

Unauthenticated Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Paid Memberships Pro versions = 2.6.6. Solution Update the WordPress Paid Memberships Pro to the latest available version at least 2.6.7...

9.8CVSS2.4AI score0.82248EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.43 views

WordPress NEX-Forms – Ultimate Form Builder plugin <= 8.1 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Stored Cross-Site Scripting XSS vulnerabilities were discovered by Shivam Rai in WordPress NEX-Forms – Ultimate Form Builder plugin versions = 8.1. Solution Deactivate and delete. This plugin has been closed as of October 4, 2021 and is not available for download. This closure is...

4.8CVSS2AI score0.00305EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/05 12:0 a.m.43 views

WordPress Perfect Survey plugin <= 1.5.0 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by apple502j in WordPress Perfect Survey plugin versions = 1.5.0. Solution Vulnerability fixed in 1.5.2 version, but plugin closed due to other security issues. This plugin has been closed as of October 5, 2021 and is not available for...

9.8CVSS3.9AI score0.86896EPSS
Exploits7References3Affected Software1
Patchstack
Patchstack
added 2021/07/22 12:0 a.m.43 views

WordPress WOOCS – WooCommerce Currency Switcher plugin <= 1.3.6.2 - Local File Inclusion (LFI) leading vulnerability to Remote Code Execution (RCE)

Local File Inclusion LFI leading vulnerability to Remote Code Execution RCE discovered by Marc Montpas Automattic in WordPress WOOCS – WooCommerce Currency Switcher plugin versions = 1.3.6.2. Solution Update the WordPress WOOCS – WooCommerce Currency Switcher plugin to the latest available versio...

3.7AI score0.01316EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2020/10/29 12:0 a.m.43 views

WordPress <= 5.5.1 - Cross-Site Scripting (XSS) via Global Variables vulnerability

Cross-Site Scripting XSS via Global Variables vulnerability found by Marc Montas in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...

6.1CVSS2.8AI score0.017EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/06/06 12:0 a.m.43 views

WordPress Simple Backup Plugin 2.7.11 - Multiple Vulnerabilities

Simple Backup plugin is prone to multiple vulnerabilities, such as arbitrary file deletion and file download vulnerabilities. Because of these issues, an attacker can download remote files from the webserver delete arbitrary files without any authentication and permission. Solution Update the...

3.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/03/16 12:0 a.m.43 views

WordPress WPML Plugin <= 3.1.9.1 - Multiple Vulnerabilities

WPML is prone to SQL injection, page or post menu deletion and reflected cross-site scripting vulnerabilities. Solution Update the plugin...

7.5CVSS1.9AI score0.07069EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2024/10/10 12:0 a.m.42 views

WordPress GutenKit Plugin <= 2.1.0 is vulnerable to Arbitrary File Upload

Software GutenKit Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9234 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 084e0f3075d0 Credits Sean Murphy Required privilege Unauthenticated...

9.8CVSS6.8AI score0.10429EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.42 views

WordPress Contact Form to Any API Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form to Any API Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7617 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8a05dbbe144d Credits Jorgson...

7.2CVSS5.7AI score0.00569EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.42 views

WordPress BuddyForms Plugin <= 2.8.8 is vulnerable to Arbitrary File Download

Software BuddyForms Type Plugin Vulnerable versions = 2.8.8 Fixed in 2.8.9 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-32830 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID df4ae0005bef Credits Yudistira Arya Required privilege...

8.6CVSS6.5AI score0.00583EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities5000