Lucene search
K
PatchstackMost viewed

46704 matches found

Patchstack
Patchstack
added 2023/06/06 12:0 a.m.21 views

WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.14.2 is vulnerable to Broken Authentication

Software Abandoned Cart Lite for WooCommerce Type Plugin Vulnerable versions = 5.14.2 Fixed in 5.15.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2986 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15bb4df9e2c9 Credits István...

9.8CVSS6.5AI score0.42814EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2023/06/02 12:0 a.m.21 views

WordPress Premium Addons PRO Plugin <= 2.8.24 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons PRO Type Plugin Vulnerable versions = 2.8.24 Fixed in 2.8.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34012 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3e100a687a90 Credits Rafie Muhamm...

7.1CVSS5.9AI score0.00382EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/30 12:0 a.m.21 views

WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Social Login Type Plugin Vulnerable versions = 3.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34023 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6e7893e261d3 Credits Nguyen Xuan...

7.1CVSS5.9AI score0.00445EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2023/05/17 12:0 a.m.21 views

WordPress is vulnerable to Directory Traversal

Software WordPress Type WordPress Core Vulnerable versions = 6.2 Fixed in 6.2.1 OWASP Top 10 A1: Injection Classification Directory Traversal CVE CVE-2023-2745 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 0d1028dd7204 Credits Ramuel Gall Wordfence Required privile...

6.1CVSS6.6AI score0.79527EPSS
Exploits7References5Affected Software1
Patchstack
Patchstack
added 2023/05/16 12:0 a.m.21 views

WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions = 3.0.9 Fixed in 3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25019 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 46b92040d289 Credits Rafie Muhammad Patchstack...

7.1CVSS5.6AI score0.00401EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/15 12:0 a.m.21 views

WordPress Seo By 10Web Plugin < 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Seo By 10Web Type Plugin Vulnerable versions 1.2.7 Fixed in 1.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2224 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7380d78d51b0 Credits Taurus Omar Required privileg...

4.8CVSS5.7AI score0.00909EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/05/12 12:0 a.m.21 views

WordPress WP All Backup Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP All Backup Type Plugin Vulnerable versions = 2.4.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32583 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 2d09c30b2474 Credits Mika Required privilege...

8.8CVSS6.6AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/10 12:0 a.m.21 views

WordPress QuBotChat Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software QuBotChat Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2399 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 9f1b3d64b154 Credits Rafael B. Required privilege...

6.1CVSS5.7AI score0.00499EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/05/09 12:0 a.m.21 views

WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wise Chat Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32504 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14930cd15ca4 Credits Justiice Required privile...

8.8CVSS6.7AI score0.00324EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/09 12:0 a.m.21 views

WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to SQL Injection

Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32508 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 81dd81d22e8d Credits minhtuanact Required privilege...

9.8CVSS6.8AI score0.00681EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/04/19 12:0 a.m.21 views

WordPress I Recommend This Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)

Software I Recommend This Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23673 Patch priority Low CVSS severity Low 5.9 Developer Webtions Harish PSID f5cbbc89906b Credits Rio Darmawan Required...

5.9CVSS6AI score0.00392EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/04/12 12:0 a.m.21 views

WordPress Gallery Plugin < 4.7.0 is vulnerable to SQL Injection

Software Gallery Type Plugin Vulnerable versions 4.7.0 Fixed in 4.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0765 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 85ca584ad7e5 Credits dc11 Required privilege Author Published 12 April, 2023...

8.8CVSS6.8AI score0.00873EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/04/07 12:0 a.m.21 views

WordPress WP Data Access Plugin <= 5.3.7 is vulnerable to Broken Access Control

Software WP Data Access Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1874 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d34193572ac0 Credits Chloe Chamberland Required...

8.8CVSS6.8AI score0.02726EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/03/22 12:0 a.m.21 views

WordPress eRoom – Zoom Meetings & Webinar Plugin <= 1.4.6 is vulnerable to Broken Access Control

Software eRoom – Zoom Meetings & Webinar Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-43472 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5064cfd61ac8 Credits István...

6.3AI score0.00552EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.21 views

WordPress Webinar and Video Conference with Jitsi Meet Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Webinar and Video Conference with Jitsi Meet Type Plugin Vulnerable versions = 1.2.5 Fixed in 2.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d77b318b12e...

5.9AI score0.00113EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/20 12:0 a.m.21 views

WordPress ConvertBox Auto Embed WordPress plugin Plugin <= 1.0.19 is vulnerable to Cross Site Scripting (XSS)

Software ConvertBox Auto Embed WordPress plugin Type Plugin Vulnerable versions = 1.0.19 Fixed in 1.0.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23664 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 859421b50cad Credit...

6.5CVSS5.7AI score0.00361EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/16 12:0 a.m.21 views

WordPress Load More Products for WooCommerce Plugin <= 1.1.9.7 is vulnerable to Broken Access Control

Software Load More Products for WooCommerce Type Plugin Vulnerable versions = 1.1.9.7 Fixed in 1.1.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 09d1bbbd7382 Credits István...

6.9AI score0.00227EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/06 12:0 a.m.21 views

WordPress HT Slider For Elementor Plugin < 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software HT Slider For Elementor Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0495 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fea57db2be31 Credits Lana Codes...

4.3CVSS6.6AI score0.00262EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/03/03 12:0 a.m.21 views

WordPress Custom Content Shortcode Plugin <= 4.0.2 is vulnerable to Local File Inclusion

Software Custom Content Shortcode Type Plugin Vulnerable versions = 4.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0340 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54e338b50ba0 Credits Erwan LR WPScan Required...

8.8CVSS7.2AI score0.01047EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2023/02/20 12:0 a.m.21 views

WordPress WP Dynamic Keywords Injector Plugin <= 2.3.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Dynamic Keywords Injector Type Plugin Vulnerable versions = 2.3.15 Fixed in 2.3.16 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47141 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c2248ca9d15a Credits...

8.8CVSS7AI score0.00253EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.21 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0717 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID db3e0ac8c3e4 Credits Marco Wotschka Requir...

5.4CVSS6.8AI score0.00576EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.21 views

WordPress Spotlight Social Media Feeds Plugin < 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Spotlight Social Media Feeds Type Plugin Vulnerable versions 1.4.3 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0379 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 727812743302 Credits Lana...

5.4CVSS5.6AI score0.00526EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/01/16 12:0 a.m.21 views

WordPress PDF Generator for WordPress – Create & Customize PDF for Post, Pages and WooCommerce Products Plugin < 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software PDF Generator for WordPress – Create & Customize PDF for Post, Pages and WooCommerce Products Type Plugin Vulnerable versions 1.1.2 Fixed in 1.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4321 Patch priority Low CVSS severity Low 7.1...

6.1CVSS5.8AI score0.01193EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/01/10 12:0 a.m.21 views

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4704 Patch priority Medium CVSS severity Medium 5.4 Developer WProyal PSID 11224a1dc02d Credits Ramuel Gall Required...

8.1CVSS6.8AI score0.00792EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/01/04 12:0 a.m.21 views

WordPress Youtube Channel Gallery Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Youtube Channel Gallery Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4783 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID d89263cd84d3 Credits István Márton...

5.4CVSS5.7AI score0.0047EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/11/23 12:0 a.m.21 views

WordPress WP-FormAssembly plugin <= 2.0.5 - Auth. Arbitrary File Read vulnerability

Auth. Arbitrary File Read vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress WP-FormAssembly plugin versions = 2.0.5. Solution No patched version available...

4AI score0.00742EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/22 12:0 a.m.21 views

WordPress SMSA Shipping for WooCommerce premium plugin <= 1.0.4 - Auth. Arbitrary File Download vulnerability

Auth. Arbitrary File Download vulnerability discovered by WPScan in WordPress SMSA Shipping for WooCommerce premium plugin versions = 1.0.4. Solution Update the WordPress SMSA Shipping for WooCommerce plugin to the latest available version at least 1.0.5...

3.5AI score0.00382EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/21 12:0 a.m.21 views

WordPress Car Dealer plugin <= 3.04 - Auth. Arbitrary Plugin Installation vulnerability

Auth. Arbitrary Plugin Installation vulnerability discovered by Lana Codes in WordPress Car Dealer plugin versions = 3.04. Solution Update the WordPress Car Dealer plugin to the latest available version at least 3.05...

3.5AI score0.00336EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/21 12:0 a.m.21 views

WordPress Welcart e-Commerce plugin <= 2.8.3 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities discovered by Lana Codes in the WordPress Welcart e-Commerce plugin versions = 2.8.3. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 2.8.4...

2.2AI score0.00468EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/18 12:0 a.m.21 views

WordPress Plugin for Google Reviews plugin <= 2.2.2 - Auth. Broken Access Control vulnerability

Auth. Broken Access Control vulnerability leading to arbitrary feed creation discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress Plugin for Google Reviews plugin versions = 2.2.2. Solution Update the WordPress Plugin for Google Reviews plugin to the latest available version at leas...

4.3CVSS3.9AI score0.00497EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/17 12:0 a.m.21 views

WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability

Auth. CSV Injection vulnerability discovered by Mika Patchstack Alliance in the WordPress ProfileGrid plugin versions = 5.1.6. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 5.1.8...

8.8CVSS3.8AI score0.00646EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/15 12:0 a.m.21 views

WordPress TeraWallet – For WooCommerce plugin <= 1.4.3 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability discovered by Marco Wotschka in the WordPress TeraWallet – For WooCommerce plugin versions = 1.4.3. Solution Update the WordPress TeraWallet – For WooCommerce plugin to the latest available version at least 1.4.4...

3.1AI score0.00556EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/11/02 12:0 a.m.21 views

WordPress Jeeng Push Notifications plugin <= 2.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mariam Tariq in WordPress Jeeng Push Notifications plugin versions = 2.0.3. Solution Update the WordPress Jeeng Push Notifications plugin to the latest available version at least 2.0.4...

2.8AI score0.00501EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/01 12:0 a.m.21 views

WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dave Jong Patchstack in the WordPress Soledad premium theme versions = 8.2.5. Solution Update the WordPress soledad theme to the latest available version at least 8.2.6...

3.1AI score0.00177EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.21 views

WordPress Restaurant Menu <= 2.3.0 - Missing Authorization on AJAX Actions vulnerability

Missing Authorization on AJAX Actions vulnerability discovered by ptsfence in WordPress Restaurant Menu versions = 2.3.0. Solution Update the WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin to the latest available version at least 2.3.1...

6.5CVSS4.1AI score0.00534EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/10/25 12:0 a.m.21 views

WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability

Auth. WordPress Options Change vulnerability discovered by Vlad Vector Patchstack in the WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...

7.2CVSS3.2AI score0.00798EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/21 12:0 a.m.21 views

WordPress Quiz And Survey Master plugin <= 7.3.10 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability was discovered by Thura Moe Myint Patchstack Alliance in the WordPress Quiz And Survey Master plugin versions = 7.3.10. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.11...

7.5CVSS3.2AI score0.00652EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/21 12:0 a.m.21 views

WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.5...

9.1CVSS3AI score0.00816EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/18 12:0 a.m.21 views

WordPress core <= 6.0.2 - Data Exposure vulnerability via REST API

Data Exposure vulnerability via REST API discovered by Than Taintor in WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...

3.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/10/17 12:0 a.m.21 views

WordPress FluentForm plugin <= 4.3.12 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Francesco Carlucci in WordPress FluentForm plugin versions = 4.3.12. Solution Update the WordPress Contact Form Plugin plugin to the latest available version at least 4.3.13...

9.8CVSS3.4AI score0.01231EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/10 12:0 a.m.21 views

WordPress Newspaper premium theme <= 11.5.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Truoc Phan Techlab Corporation in WordPress Newspaper premium theme versions = 11.5.1 Solution Update the WordPress Newspaper theme to the latest available version at least 12...

6.1CVSS1.8AI score0.00551EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/30 12:0 a.m.21 views

WordPress Contact Bank plugin <= 3.0.30 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Zhang Yunpei in WordPress Contact Bank plugin versions = 3.0.30. Solution Deactivate and delete. This plugin has been closed as of September 28, 2022 and is not available for download. This closure is temporary, pending a...

4.8CVSS2.1AI score0.00489EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/26 12:0 a.m.21 views

WordPress Helpful plugin <= 4.5.25 - Information Disclosure vulnerability

Information Disclosure vulnerability discovered by Aleksi Kistauri in WordPress Helpful plugin versions = 4.5.25. Solution Deactivate and delete. This plugin has been closed as of August 26, 2022 and is not available for download. This closure is temporary, pending a full review...

5.3CVSS2.2AI score0.00769EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/22 12:0 a.m.21 views

WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to sending of test emails discovered by Muhammad Daffa Patchstack Alliance in WordPress Customer Reviews for WooCommerce plugin versions = 5.3.5. Solution Update the WordPress Customer Reviews for WooCommerce plugin to the latest available...

8.8CVSS4.2AI score0.00298EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/22 12:0 a.m.21 views

WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress Customer Reviews for WooCommerce plugin versions = 5.3.5. Solution Update the WordPress Customer Reviews for WooCommerce plugin to the latest available version at least 5.3.6...

7.5CVSS3.3AI score0.00704EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/21 12:0 a.m.21 views

WordPress WP Custom Cursors plugin <= 3.0 - Arbitrary Cursor Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Cursor Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes in WordPress WP Custom Cursors plugin versions = 3.0. Solution Update the WordPress WP Custom Cursors plugin to the latest available version at least 3.0.1...

4.3CVSS3.9AI score0.00267EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/20 12:0 a.m.21 views

WordPress Import all XML, CSV & TXT plugin <= 6.5.7 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Sanjay Das in WordPress Import all XML, CSV & TXT plugin versions = 6.5.7. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.5.8...

4.2CVSS2.7AI score0.00386EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/09/20 12:0 a.m.21 views

WordPress We’re Open! plugin <= 1.41 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress We’re Open! plugin versions = 1.41. Solution Update the WordPress We’re Open! plugin to the latest available version at least 1.42...

4.8CVSS2.1AI score0.00496EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/14 12:0 a.m.21 views

WordPress WP 2FA plugin <= 2.2.1 - Time-Based Side-Channel Attack vulnerability

Time-Based Side-Channel Attack vulnerability discovered by Calvin Alkan in WordPress WP 2FA plugin versions = 2.2.1. Solution Update the WordPress WP 2FA plugin to the latest available version at least 2.3.0...

5.9CVSS3.2AI score0.00747EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/09/14 12:0 a.m.21 views

WordPress Slider, Gallery, and Carousel by MetaSlider plugin <= 3.27.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Anurag Bhoir in WordPress Slider, Gallery, and Carousel by MetaSlider plugin versions = 3.27.8. Solution Update the WordPress Responsive Slider by MetaSlider plugin to the latest available version at least 3.27.9...

4.8CVSS2.2AI score0.0047EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities5000