Lucene search
K
PatchstackMost viewed

46702 matches found

Patchstack
Patchstack
added 2012/10/01 12:0 a.m.22 views

WordPress Akismet Plugin - Multiple Cross Site Scripting Vulnerabilities

WordPress Akismet plugin is prone to multiple cross-site scripting vulnerabilities. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...

2.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2012/09/14 12:0 a.m.22 views

WordPress Zingiri Plugin <= 1.4.3 - Directory Traversal

Because of this vulnerability in forum.php, attackers can read arbitrary files in the "url" parameter to index.php. Solution Update the plugin...

5CVSS3.9AI score0.03173EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2012/04/11 12:0 a.m.22 views

WordPress All-in-One Event Calendar Plugin 1.4 - Multiple Parameter XSS

WordPress All-in-One Event Calendar plugin's /wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php multiple parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browse...

4.3CVSS2.4AI score0.08946EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2012/01/04 12:0 a.m.22 views

WordPress <= 0.70 - PHP remote file inclusion

Because of this vulnerability in wp-links/links.all.php, attackers can execute arbitrary PHP code via a URL in the $abspath variable. Solution Update the plugin...

7.5CVSS6.5AI score0.03081EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/12/02 12:0 a.m.22 views

WordPress Users Plugin <= 1.3 - SQL Injection

Because of this vulnerability in wp-users.php, the attackers can execute arbitrary SQL commands via the "uid" parameter to index.php. Solution Update the plugin...

7.5CVSS6.5AI score0.02258EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/09/24 12:0 a.m.22 views

WordPress Cover WP Theme 1.6.5 - Cross Site Scripting

WordPress Cover WP theme's "s" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-base...

4.3CVSS2.7AI score0.03407EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/04/05 12:0 a.m.22 views

WordPress Custom Pages Plugin 0.5.0.1 - Local File Inclusion

This vulnerability can be exploited to include arbitrary files. Solution Update the plugin...

5CVSS2.8AI score0.22157EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2010/12/04 12:0 a.m.22 views

WordPress Register Plus Plugin <= 3.5.1 - Multiple Vulnerabilities

Because of these vulnerabilities, the attackers can obtain sensitive information via a direct request to dashwidget.php and register-plus.php. Solution Update the plugin...

5CVSS5.4AI score0.02374EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2010/11/17 12:0 a.m.22 views

WordPress Embedded Video Plugin <= 4.1 - XSS

Because of this vulnerability in lembedded-video.php, the attackers can inject arbitrary web script or HTML via the "content" parameter to wp-admin/post.php. Solution Update the plugin...

4.3CVSS2.9AI score0.01819EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2010/04/06 12:0 a.m.22 views

WordPress NextGEN Gallery Plugin <= 1.5.1 - XSS Vulnerability

This NextGEN Gallery plugin is prone to a cross-site scripting vulnerability. It is really popular plugin for the WordPress content management system, usually found as a blogging platform. The vulnerability manipulates the mode parameter of the xml/media-rss.php script and it results that...

4.3CVSS1.2AI score0.04727EPSS
Exploits6Affected Software1
Patchstack
Patchstack
added 2009/03/10 12:0 a.m.22 views

WordPress MU <= 2.7 - 'HOST' HTTP Header XSS Vulnerability

WordPress MU prior to version 2.7 fails to sanitize the Host header correctly in chooseprimaryblog function and can be hacked. Sites running in based virtual hosting setup are not affected while they are not the default virtual host. Solution Upgrade WordPress...

4.3CVSS1.2AI score0.04664EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2008/02/05 12:0 a.m.22 views

WordPress DMSGuestbook Plugin <= 1.8.0 - Multiple XSS vulnerabilities

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2AI score0.01514EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2007/10/05 12:0 a.m.22 views

WordPress FeedBurner Plugin <= 2.2 - CSRF

Because of this vulnerability, the attackers can change settings and hijack blog feeds via a request to wp-admin/options-general.php. Solution Update the plugin...

6.4CVSS4.8AI score0.04898EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2007/08/02 12:0 a.m.22 views

WordPress <= 2.2.1 - XSS

Because of this vulnerability in the wp-admin/includes/upload.php, the attackers can inject arbitrary web script or HTML via the "style" parameter. Solution Update WordPress...

4.3CVSS2.7AI score0.02366EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2007/06/14 12:0 a.m.22 views

WordPress Cordobo Green Park Theme - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the PHPSELF portion of a URI. Solution Update the theme...

4.3CVSS2.4AI score0.01784EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2007/05/22 12:0 a.m.22 views

WordPress <= 2.1 - SQL Injection

Because of this vulnerability in wp-admin/admin-ajax.php,the attackers can execute arbitrary SQL commands via the "cookie" parameter. Solution Update WordPress...

7.5CVSS6.8AI score0.052EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2007/04/09 12:0 a.m.22 views

WordPress <= 2.1.2 - Security BYPASS

The authenticated users with the contributor role can bypass intended access restrictions and invoke the publishposts functionality. Solution Update the WordPress to the latest available version at least 2.1.3...

4.9CVSS3.9AI score0.01165EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2007/01/30 12:0 a.m.22 views

WordPress Article Management Plugin <= 3.40 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "wcHeadlines" parameter. Solution Update the WordPress Article Management plugin to the latest available version at least 3.41...

7.5CVSS6.6AI score0.01919EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2006/05/30 12:0 a.m.22 views

WordPress <= 2.0.2 - Direct Static Code Injection

Because of this vulnerability, the attackers can execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, when it is appended after a special comment sequence into files. Solution Update the WordPress to the latest available version at least 2.0.3...

7.5CVSS6.1AI score0.1453EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2005/07/01 12:0 a.m.22 views

WordPress <= 1.5.1.2 - Multiple XSS vulnerabilities

Because of these vulnerabilities in post.php, attackers can inject arbitrary web script or HTML via the "p" or "comment" parameter. Solution Update the WordPress to the latest available version at least 1.5.1.3...

4.3CVSS2.5AI score0.02559EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:28 p.m.21 views

NPM: Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message

NPM: Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message vulnerability discovered by ? in WordPress Npm nodemailer versions = 9.0.0...

6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/02 1:33 p.m.21 views

WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Niv Kochan in WordPress Plugin Montonio for WooCommerce versions = 10.1.2...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/13 12:11 p.m.21 views

WordPress MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin <= 10.1.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure And Plugin Integration Reset vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Google Analytics by Monster Insights versions = 10.1.2...

7.1CVSS5.8AI score0.00349EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/12 5:11 p.m.21 views

WordPress ilGhera Support System for WooCommerce plugin <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Woocommerce Support System versions = 1.3.0...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/21 3:23 p.m.21 views

WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Alexis Lafontaine in WordPress Plugin Royal MCP versions = 1.4.2...

5.8AI score0.00219EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/23 7:9 p.m.21 views

WordPress WP JobHunt plugin <= 7.7 - Authenticated (Candidate+) Insecure Direct Object Reference vulnerability

Authenticated Candidate+ Insecure Direct Object Reference vulnerability discovered by meghnine islem - CYBEARS in WordPress Plugin WP JobHunt versions = 7.7...

4.3CVSS6.8AI score0.00171EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/08 7:25 a.m.21 views

WordPress Rich Shortcodes for Google Reviews plugin <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Google Review vulnerability

Unauthenticated Stored Cross-Site Scripting via Google Review vulnerability discovered by Kishan Vyas in WordPress Plugin Rich Showcase for Google Reviews versions = 6.8...

7.2CVSS5.4AI score0.0034EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/03 7:8 a.m.21 views

WordPress WP Directory Kit plugin <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover vulnerability

Authentication Bypass to Privilege Escalation via Account Takeover vulnerability discovered by Ryan Kozak in WordPress Plugin WP Directory Kit versions 1.4.0-1.4.4...

10CVSS7.5AI score0.0472EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2025/10/03 11:39 p.m.21 views

WordPress Appy Pie Connect for WooCommerce plugin <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password vulnerability

Missing Authorization to Unauthenticated Privilege Escalation via resetuserpassword vulnerability discovered by johska in WordPress Plugin Appy Pie Connect for WooCommerce versions = 1.1.2...

9.8CVSS6.7AI score0.00436EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/09/26 9:57 a.m.21 views

WordPress User Notes plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin User Notes versions = 1.0.2...

5.9CVSS5.9AI score0.0021EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/07/18 4:17 a.m.21 views

WordPress Attachment Manager plugin <= 2.1.2 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by johska in WordPress Plugin Attachment Manager versions = 2.1.2...

9.1CVSS6.8AI score0.00722EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/23 7:36 a.m.21 views

WordPress Content No Cache plugin <= 0.1.4 - Arbitrary Function Call vulnerability

Arbitrary Function Call vulnerability discovered by HLog in WordPress Plugin Content No Cache versions = 0.1.4...

8.6CVSS6.8AI score0.00353EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/03 8:50 p.m.21 views

WordPress Popup Maker plugin <= 1.20.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via popupID Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via popupID Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin Popup Maker versions = 1.20.4...

6.4CVSS5.5AI score0.00238EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/26 12:0 a.m.21 views

WordPress Simple Side Tab Plugin <= 2.1.14 is vulnerable to Cross Site Scripting (XSS)

Software Simple Side Tab Type Plugin Vulnerable versions = 2.1.14 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10551 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2f20e42d5a25 Credits Krugov Artyom Required...

5.6AI score0.00303EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/11/25 12:0 a.m.21 views

WordPress Sp*tify Play Button for WordPress Plugin <= 2.11 is vulnerable to Cross Site Scripting (XSS)

Software Sptify Play Button for WordPress Type Plugin Vulnerable versions = 2.11 Fixed in 2.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11192 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dfa0a0c11673 Credits Peter...

6.4CVSS5.8AI score0.00408EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/20 12:0 a.m.21 views

WordPress Activity Log Plugin <= 2.11.1 is vulnerable to Cross Site Scripting (XSS)

Software Activity Log Type Plugin Vulnerable versions = 2.11.1 Fixed in 2.11.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10788 Patch priority Medium CVSS severity Medium 7.1 Developer Elementor PSID 657fbb862f42 Credits mikemyers Required...

7.2CVSS5.9AI score0.00767EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/18 12:0 a.m.21 views

WordPress Geolocator Plugin <= 1.1 is vulnerable to PHP Object Injection

Software Geolocator Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52443 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 70b8a65b2fb3 Credits LVT-tholv2k Required privilege Unauthenticated...

9.8CVSS6.9AI score0.0054EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/15 12:0 a.m.21 views

WordPress Fancy Gallery Plugin <= 1.6.58 is vulnerable to Cross Site Scripting (XSS)

Software Fancy Gallery Type Plugin Vulnerable versions = 1.6.58 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10875 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3416f5a9cb28 Credits Peter Thaleikis...

6.1CVSS5.9AI score0.0038EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.21 views

WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Arbitrary File Deletion

Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Deletion CVE CVE-2024-11150 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b9352f46ad9 Credits Chloe Chamberland Require...

9.8CVSS6.6AI score0.01339EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/12 12:0 a.m.21 views

WordPress Aqua SVG Sprite Plugin <= 3.0.14 is vulnerable to Cross Site Scripting (XSS)

Software Aqua SVG Sprite Type Plugin Vulnerable versions = 3.0.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9426 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4ffa1c9bb1a6 Credits Francesco Carlucci Requir...

6.4CVSS5.7AI score0.00316EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/11 12:0 a.m.21 views

WordPress CYAN Backup Plugin <= 2.5.3 is vulnerable to Arbitrary File Download

Software CYAN Backup Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-52390 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID b0f12165e19f Credits Junsu Yeo Required privilege...

4.9CVSS6.5AI score0.00531EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.21 views

WordPress Multiple Votes in one page Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Multiple Votes in one page Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51917 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4983d4506f9d Credits SOPROBRO Required privilege...

6.5CVSS6.9AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/05 12:0 a.m.21 views

WordPress Table of Contents Plus Plugin <= 2411 is vulnerable to Cross Site Scripting (XSS)

Software Table of Contents Plus Type Plugin Vulnerable versions = 2411 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5578 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 487fd7341438 Credits Dmitrii Ignatyev...

4.8CVSS5.3AI score0.00358EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.21 views

WordPress WooCommerce Social Login Plugin <= 2.7.7 is vulnerable to Broken Authentication

Software WooCommerce Social Login Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10114 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 36095483e627 Credi...

8.1CVSS6.6AI score0.00524EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/30 12:0 a.m.21 views

WordPress Jigoshop – Store Exporter Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS)

Software Jigoshop – Store Exporter Type Plugin Vulnerable versions = 1.5.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50519 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 721f9b13ca88 Credits Zlrqh Required privilege...

7.1CVSS6.5AI score0.00394EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.21 views

WordPress MaanStore API Plugin <= 1.0.1 is vulnerable to Broken Authentication

Software MaanStore API Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50487 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 80e67caa15fa Credits...

9.8CVSS6.8AI score0.00525EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.21 views

WordPress WP Query Console Plugin <= 1.0 is vulnerable to Remote Code Execution (RCE)

Software WP Query Console Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-50498 Patch priority High CVSS severity High 10 Developer Claim ownership PSID af5ddac5f157 Credits stealthcopter Required privilege...

10CVSS7.6AI score0.5364EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.21 views

WordPress Time Clock Pro Plugin <= 1.1.4 is vulnerable to Remote Code Execution (RCE)

Software Time Clock Pro Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-9593 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 9837dd0a77ff Credits István Márton Required privilege...

8.3CVSS7.2AI score0.12491EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.21 views

WordPress GiveWP Plugin <= 3.16.3 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.16.3 Fixed in 3.16.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-9634 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID a33794a83e6f Credits lefab Required privilege Unauthenticated...

9.8CVSS9.6AI score0.01399EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.21 views

WordPress Movie Database Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Software Movie Database Type Plugin Vulnerable versions = 1.0.11 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43300 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d8991f93ba12 Credits FX Required privilege Administrator...

5.9CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000