Lucene search
K
PatchstackMost viewed

46702 matches found

Patchstack
Patchstack
•added 2024/10/02 12:0 a.m.•21 views

WordPress SEOPress Plugin <= 8.1.1 is vulnerable to Cross Site Scripting (XSS)

Software SEOPress Type Plugin Vulnerable versions = 8.1.1 Fixed in 8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9225 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 788a715fcbd5 Credits vgo0 Required privilege...

6.1CVSS5.7AI score0.00415EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/09/30 12:0 a.m.•21 views

WordPress BA Book Everything Plugin <= 1.6.20 is vulnerable to Cross Site Scripting (XSS)

Software BA Book Everything Type Plugin Vulnerable versions = 1.6.20 Fixed in 1.6.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47360 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e3cd73e82790 Credits Dimas Maulana Required...

7.1CVSS6.5AI score0.00285EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/09/27 12:0 a.m.•21 views

WordPress AI ChatBot with ChatGPT and Content Generator by AYS Plugin <= 2.0.9 is vulnerable to Broken Access Control

Software AI ChatBot with ChatGPT and Content Generator by AYS Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.1.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-7714 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID...

7.5CVSS6.5AI score0.00826EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
•added 2024/09/03 12:0 a.m.•21 views

WordPress FluentForm Plugin <= 5.1.18 is vulnerable to Broken Access Control

Software FluentForm Type Plugin Vulnerable versions = 5.1.18 Fixed in 5.1.19 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5053 Patch priority Low CVSS severity Low 4.2 Developer Claim ownership PSID 98f9a0a6e43d Credits Tobias Weißhaar kun19 Required...

4.3CVSS6.6AI score0.00402EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/08/29 12:0 a.m.•21 views

WordPress Taxi Booking Manager for WooCommerce Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Taxi Booking Manager for WooCommerce Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43986 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cd7a0b805b0e Credits Sharanabasappa...

5.9CVSS6.6AI score0.00262EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/08/29 12:0 a.m.•21 views

WordPress WP Accessibility Helper (WAH) Plugin <= 0.6.2.8 is vulnerable to Broken Access Control

Software WP Accessibility Helper WAH Type Plugin Vulnerable versions = 0.6.2.8 Fixed in 0.6.2.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5987 Patch priority Low CVSS severity Low 5.4 Developer Alexander Volkov PSID d7cc8b0ae32e Credits Lucio Sá...

5.4CVSS6.6AI score0.00264EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/08/26 12:0 a.m.•21 views

WordPress Timetics Plugin <= 1.0.23 is vulnerable to Sensitive Data Exposure

Software Timetics Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43923 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0ab309ff3351 Credits Manab Jyoti Dowarah Required...

9.8CVSS6.3AI score0.0052EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/08/21 12:0 a.m.•21 views

WordPress Phlox PRO Theme <= 5.16.4 is vulnerable to Cross Site Scripting (XSS)

Software Phlox PRO Type Theme Vulnerable versions = 5.16.4 Fixed in 5.16.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6339 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1d783a1b1dee Credits kauenavarro Required...

6.1CVSS5.7AI score0.00384EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/08/16 12:0 a.m.•21 views

WordPress Flash & HTML5 Video Plugin <= 2.5.30 is vulnerable to Broken Access Control

Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.30 Fixed in 2.5.31 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43296 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 14d9f8844f5d Credits Ananda Dhakal Patchstac...

8.8CVSS6.3AI score0.00393EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/08/07 11:42 a.m.•21 views

WordPress StreamCast <= 2.2.3 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin StreamCast versions = 2.2.3...

5.9CVSS5.8AI score0.00259EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2024/07/29 12:0 a.m.•21 views

WordPress FluentForm Plugin <= 5.1.19 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.19 Fixed in 5.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6520 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8737e12493c8 Credits Joel Indra Yoel Indra...

5.5CVSS5.8AI score0.003EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/07/22 12:0 a.m.•21 views

WordPress Best Restaurant Menu by PriceListo Plugin <= 1.4.1 is vulnerable to SQL Injection

Software Best Restaurant Menu by PriceListo Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38793 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID e01346317df5 Credits Jayden Caelli ret2desync...

8.8CVSS6.8AI score0.01178EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
•added 2024/07/20 12:0 a.m.•21 views

WordPress Smartsupp – live chat, chatbots, AI and lead generation Plugin <= 3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smartsupp – live chat, chatbots, AI and lead generation Type Plugin Vulnerable versions = 3.6 Fixed in 3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38790 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

6.8AI score0.00208EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/07/19 12:0 a.m.•21 views

WordPress JetWidgets for Elementor and WooCommerce Plugin <= 1.1.7 is vulnerable to Local File Inclusion

Software JetWidgets for Elementor and WooCommerce Type Plugin Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-38772 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8f1a24339fa6 Credits João...

6.5CVSS6.6AI score0.00498EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/07/16 12:0 a.m.•21 views

WordPress Brizy Plugin <= 2.4.44 is vulnerable to Broken Access Control

Software Brizy Type Plugin Vulnerable versions = 2.4.44 Fixed in 2.4.45 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1937 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5274a9cc7b66 Credits stealthcopter Required privilege...

7.1CVSS6.6AI score0.00365EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/07/11 12:0 a.m.•21 views

WordPress FormFlow Plugin < 2.12.2 is vulnerable to Cross Site Scripting (XSS)

Software FormFlow Type Plugin Vulnerable versions 2.12.2 Fixed in 2.12.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3113 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 05bb1755ee18 Credits Dikshita Trivedi Cybersecdexter...

5.9CVSS5.8AI score0.0031EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2024/07/05 12:0 a.m.•21 views

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.10 is vulnerable to Cross Site Scripting (XSS)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.10 Fixed in 8.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37512 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6818a3b8cb82 Credits LVT-tholv2k Require...

6.5CVSS6.6AI score0.00313EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/07/01 12:0 a.m.•21 views

WordPress Ultimate Bootstrap Elements for Elementor Plugin <= 1.4.2 is vulnerable to Local File Inclusion

Software Ultimate Bootstrap Elements for Elementor Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37462 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a8f9d8a5eba6 Credits João...

8.8CVSS6.6AI score0.00575EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/06/27 12:0 a.m.•21 views

WordPress ARI Fancy Lightbox Plugin <= 1.3.14 is vulnerable to Cross Site Scripting (XSS)

Software ARI Fancy Lightbox Type Plugin Vulnerable versions = 1.3.14 Fixed in 1.3.15 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID c2fee65eb87c Credits Yudistira...

6.5AI score0.72648EPSS
Exploits15References2Affected Software1
Patchstack
Patchstack
•added 2024/06/07 12:0 a.m.•21 views

WordPress Quiz And Survey Master Plugin <= 9.0.1 is vulnerable to SQL Injection

Software Quiz And Survey Master Type Plugin Vulnerable versions = 9.0.1 Fixed in 9.0.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3592 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 26d19aa78d42 Credits Lucio Sá Required privilege Contributor...

9.9CVSS6.7AI score0.00591EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
•added 2024/06/06 12:0 a.m.•21 views

WordPress ElasticPress Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ElasticPress Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35684 Patch priority Low CVSS severity Low 4.3 Developer 10up PSID fbb3d18344c4 Credits Ananda Dhakal Patchstack Required...

4.3CVSS6.6AI score0.00185EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/06/06 12:0 a.m.•21 views

WordPress Sensei Pro (WC Paid Courses) Plugin <= 4.23.1.1.23.1 is vulnerable to Cross Site Scripting (XSS)

Software Sensei Pro WC Paid Courses Type Plugin Vulnerable versions = 4.23.1.1.23.1 Fixed in 4.24.0.1.24.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ffa624f39abc Credits Rafie...

6.5CVSS6.5AI score0.00353EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2024/06/06 12:0 a.m.•21 views

WordPress Bloglo Theme <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Bloglo Type Theme Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35715 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 469488b623d7 Credits stealthcopter Required privilege Contributor...

6.5CVSS6.5AI score0.00254EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/06/04 12:0 a.m.•21 views

WordPress Essential Real Estate Plugin <= 4.4.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4274 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ccac1e739e5c Credits Lucio S...

4.3CVSS6.5AI score0.00462EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/05/29 12:0 a.m.•21 views

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.89 is vulnerable to Remote Code Execution (RCE)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.89 Fixed in 1.5.91 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6743 Patch priority High CVSS severity High 9.9 Developer Unlimited Elements PSID...

8.8CVSS7.2AI score0.01254EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/05/28 12:0 a.m.•21 views

WordPress Expert Invoice Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Expert Invoice Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5172 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e96705f138f8 Credits Guido Iván García Duva...

4.8CVSS5.7AI score0.00398EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
•added 2024/05/22 12:0 a.m.•21 views

WordPress Country State City Dropdown CF7 Plugin <= 2.7.2 is vulnerable to SQL Injection

Software Country State City Dropdown CF7 Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3495 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 39d467a76c0d Credits Krzysztof ZajÄ…c Required privile...

9.8CVSS6.8AI score0.13618EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2024/05/20 12:0 a.m.•21 views

WordPress Piotnet Addons For Elementor Plugin <= 2.4.26 is vulnerable to Cross Site Scripting (XSS)

Software Piotnet Addons For Elementor Type Plugin Vulnerable versions = 2.4.26 Fixed in 2.4.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4432 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ba2de4b7d3a7 Credits Ankit Pat...

6.4CVSS5.8AI score0.00342EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/05/16 12:0 a.m.•21 views

WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.57 is vulnerable to PHP Object Injection

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.57 Fixed in 4.9.58 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4733 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID c137dcbad43b Credits Peter...

7.5CVSS6.8AI score0.00588EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/05/15 12:0 a.m.•21 views

WordPress Advanced Custom Fields PRO Plugin < 6.2.10 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.2.10 Fixed in 6.2.10 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-34761 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID d593f1472031 Credits Security audit Required...

8.5CVSS7AI score0.00429EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/05/07 12:0 a.m.•21 views

WordPress 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin Plugin <= 3.71 is vulnerable to Cross Site Scripting (XSS)

Software 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin Type Plugin Vulnerable versions = 3.71 Fixed in 3.72 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34561 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID...

5.9CVSS6.6AI score0.00259EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/05/07 12:0 a.m.•21 views

WordPress Move Addons for Elementor Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Move Addons for Elementor Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34562 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 788c0e0d4eae Credits Khalid Yusuf Required...

6.5CVSS6.6AI score0.00256EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/05/07 12:0 a.m.•21 views

WordPress Stockholm Core Plugin <= 2.4.1 is vulnerable to Local File Inclusion

Software Stockholm Core Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-34554 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID f9aa82fd3a5e Credits Rafie Muhammad Patchstack Required privileg...

8.8CVSS6.8AI score0.00514EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2024/04/29 12:0 a.m.•21 views

WordPress WTI Like Post Plugin <= 1.4.6 is vulnerable to Bypass Vulnerability

Software WTI Like Post Type Plugin Vulnerable versions = 1.4.6 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-33917 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2def3782f557 Credits Mika Required privilege...

5.3CVSS6.5AI score0.00414EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2024/04/29 12:0 a.m.•21 views

WordPress WP Media Cleaner Plugin <= 6.7.2 is vulnerable to Sensitive Data Exposure

Software WP Media Cleaner Type Plugin Vulnerable versions = 6.7.2 Fixed in 6.7.3 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-33922 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 489615881bfc Credits Joshua Chan Required...

5.3CVSS6.5AI score0.00447EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/04/26 12:0 a.m.•21 views

WordPress Arconix Shortcodes Plugin <= 2.1.10 is vulnerable to Broken Access Control

Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.1.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 049f969c5895 Credits Dhabaleshwar Das Required...

4.3CVSS4.4AI score0.00346EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/04/26 12:0 a.m.•21 views

WordPress Filterable Portfolio Plugin <= 1.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Filterable Portfolio Type Plugin Vulnerable versions = 1.6.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4234 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a352fd807519 Credits Steven Julian Required privilege...

5.9CVSS6.6AI score0.00382EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/04/26 12:0 a.m.•21 views

WordPress Social Share Icons & Social Share Buttons Plugin <= 3.6.1 is vulnerable to Broken Access Control

Software Social Share Icons & Social Share Buttons Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9b34a062d9ab Credits...

6.2AI score0.00208EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/04/25 12:0 a.m.•21 views

WordPress XStore Theme <= 9.3.8 is vulnerable to Cross Site Scripting (XSS)

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33562 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d1626b7824f Credits Rafie Muhammad Patchstack Required privile...

7.1CVSS6.5AI score0.00418EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2024/04/25 12:0 a.m.•21 views

WordPress Payment Gateway Based Fees and Discounts for WooCommerce Plugin <= 2.12.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Payment Gateway Based Fees and Discounts for WooCommerce Type Plugin Vulnerable versions = 2.12.1 Fixed in 2.12.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33585 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PS...

4.3CVSS6.7AI score0.0034EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/04/25 12:0 a.m.•21 views

WordPress Smart Forms Plugin <= 2.6.91 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions = 2.6.91 Fixed in 2.6.92 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33593 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 810e0b29d7f7 Credits Dhabaleshwar Das Required...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/04/19 12:0 a.m.•21 views

WordPress HelloAsso Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software HelloAsso Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32697 Patch priority Low CVSS severity Low 6.5 Developer HelloAsso PSID 1f9d717bb882 Credits Khalid Yusuf Required privilege Contributor...

6.5CVSS6.6AI score0.0032EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/04/15 12:0 a.m.•21 views

WordPress Responsive Slider by MetaSlider Plugin <= 3.70.0 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Slider by MetaSlider Type Plugin Vulnerable versions = 3.70.0 Fixed in 3.70.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3285 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 334dac19f012 Credits wesley...

6.4CVSS6AI score0.00343EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/04/10 12:0 a.m.•21 views

WordPress i-max Theme <= 1.6.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software i-max Type Theme Vulnerable versions = 1.6.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d50a050a84ef Credits Dhabaleshwar Das Required...

4.3CVSS4.3AI score0.00368EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2024/04/10 12:0 a.m.•21 views

WordPress WOLF Plugin <= 1.0.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WOLF Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31430 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID de601e918847 Credits Dhabaleshwar Das Required...

8.8CVSS4.6AI score0.00224EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/04/08 12:0 a.m.•21 views

WordPress Photo Gallery by 10Web Plugin <= 1.8.21 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.21 Fixed in 1.8.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2296 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID db9d53f79206 Credits Jobert Krohnen...

5.5CVSS5.8AI score0.00436EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2024/03/29 12:0 a.m.•21 views

WordPress Contact Form 7 Newsletter Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Newsletter Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31110 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d60fc2231b4d Credits Dimas Maulana Required...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2024/03/28 12:0 a.m.•21 views

WordPress Spiffy Calendar Plugin <= 4.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.7 Fixed in 4.9.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30427 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e5917dca625b Credits Dimas Maulana Required privileg...

7.1CVSS6.5AI score0.00414EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/03/28 12:0 a.m.•21 views

WordPress Media Library Folders Plugin <= 8.1.7 is vulnerable to SQL Injection

Software Media Library Folders Type Plugin Vulnerable versions = 8.1.7 Fixed in 8.1.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30486 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 07c50fa94bf4 Credits Le Ngoc Anh Required privilege Author...

8.8CVSS6.8AI score0.00577EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2024/03/13 12:0 a.m.•21 views

WordPress Automatic Plugin <= 3.92.0 is vulnerable to SQL Injection

Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-27956 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID aeab56860169 Credits Rafie Muhammad Patchstack Required privilege...

9.9CVSS6.8AI score0.93971EPSS
Exploits16References1Affected Software1
Total number of security vulnerabilities5000