Lucene search
K
PatchstackMost viewed

46706 matches found

Patchstack
Patchstack
added 2023/09/14 12:0 a.m.21 views

WordPress Essential Blocks Pro Plugin <= 1.1.0 is vulnerable to PHP Object Injection

Software Essential Blocks Pro Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4386 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID b459be820fbe Credits Marco Wotschka Required privilege...

8.1CVSS7.2AI score0.00768EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/09/11 12:0 a.m.21 views

WordPress Slimstat Analytics Plugin <= 5.0.9 is vulnerable to SQL Injection

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-4598 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 8c9d4c888c2a Credits WordFence Required privilege Contributor...

8.8CVSS7.2AI score0.00916EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.21 views

WordPress Activity Log Plugin < 2.8.8 is vulnerable to Bypass Vulnerability

Software Activity Log Type Plugin Vulnerable versions 2.8.8 Fixed in 2.8.8 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-4281 Patch priority Low CVSS severity Low 5.3 Developer Elementor PSID 7011dff59d10 Credits Bartlomiej Marek and Tomasz Swiadek...

5.3CVSS6.9AI score0.00627EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/09/04 12:0 a.m.21 views

WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software User Feedback Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-39308 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4cad82df326d Credits Revan Arifio Required privilege...

7.1CVSS6.5AI score0.00483EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/08/17 12:0 a.m.21 views

WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Broken Access Control

Software Simple Org Chart Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-40603 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 404f7c0cda7d Credits Abdi Pranata Required privileg...

5.3CVSS6.9AI score0.00295EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/08/16 12:0 a.m.21 views

WordPress WP Remote Users Sync Plugin <= 1.2.11 is vulnerable to Broken Access Control

Software WP Remote Users Sync Type Plugin Vulnerable versions = 1.2.11 Fixed in 1.2.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-4374 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 367f50681d32 Credits Lana Codes Required...

4.3CVSS6.6AI score0.00533EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/08/11 12:0 a.m.21 views

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.11 is vulnerable to Cross Site Scripting (XSS)

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.11 Fixed in 3.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40196 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3a5e55d72b53...

7.1CVSS5.6AI score0.00331EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/08/09 12:0 a.m.21 views

WordPress Theme Demo Import Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload

Software Theme Demo Import Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-28170 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 5560e6fed5b7 Credits deokhunKim Required privilege Administrat...

9.1CVSS6.9AI score0.00627EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/28 12:0 a.m.21 views

WordPress Social Share Icons & Social Share Buttons Plugin <= 3.5.7 is vulnerable to Broken Access Control

Software Social Share Icons & Social Share Buttons Type Plugin Vulnerable versions = 3.5.7 Fixed in 3.5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 70d3b475ed6b Credits...

6.5CVSS6.2AI score0.00557EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/07/26 12:0 a.m.21 views

WordPress Fraud Prevention For Woocommerce Plugin <= 2.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Fraud Prevention For Woocommerce Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39159 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c961ef8cdc6 Credits Mi...

6.5CVSS6.6AI score0.00191EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/06/26 12:0 a.m.21 views

WordPress Chaty Plugin <= 3.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3245 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f10b64625618 Credits Dipak Panchal Required privilege...

4.8CVSS5.7AI score0.00389EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/06/20 12:0 a.m.21 views

WordPress Complianz Premium Plugin <= 6.4.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Complianz Premium Type Plugin Vulnerable versions = 6.4.7 Fixed in 6.4.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8ec92260cc85 Credits Rafie Muhammad...

8.8CVSS8.7AI score0.00338EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/06/14 12:0 a.m.21 views

WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3199 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 52100659480e Credits Truoc Phan Required...

4.3CVSS6.6AI score0.00298EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/06/06 12:0 a.m.21 views

WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.14.2 is vulnerable to Broken Authentication

Software Abandoned Cart Lite for WooCommerce Type Plugin Vulnerable versions = 5.14.2 Fixed in 5.15.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2986 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15bb4df9e2c9 Credits István...

9.8CVSS6.5AI score0.42814EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2023/06/02 12:0 a.m.21 views

WordPress Premium Addons PRO Plugin <= 2.8.24 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons PRO Type Plugin Vulnerable versions = 2.8.24 Fixed in 2.8.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34012 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3e100a687a90 Credits Rafie Muhamm...

7.1CVSS5.9AI score0.00382EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/30 12:0 a.m.21 views

WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Social Login Type Plugin Vulnerable versions = 3.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34023 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6e7893e261d3 Credits Nguyen Xuan...

7.1CVSS5.9AI score0.00445EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2023/05/17 12:0 a.m.21 views

WordPress is vulnerable to Directory Traversal

Software WordPress Type WordPress Core Vulnerable versions = 6.2 Fixed in 6.2.1 OWASP Top 10 A1: Injection Classification Directory Traversal CVE CVE-2023-2745 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 0d1028dd7204 Credits Ramuel Gall Wordfence Required privile...

6.1CVSS6.6AI score0.79527EPSS
Exploits7References5Affected Software1
Patchstack
Patchstack
added 2023/05/16 12:0 a.m.21 views

WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions = 3.0.9 Fixed in 3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25019 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 46b92040d289 Credits Rafie Muhammad Patchstack...

7.1CVSS5.6AI score0.00401EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/15 12:0 a.m.21 views

WordPress Seo By 10Web Plugin < 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Seo By 10Web Type Plugin Vulnerable versions 1.2.7 Fixed in 1.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2224 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7380d78d51b0 Credits Taurus Omar Required privileg...

4.8CVSS5.7AI score0.00909EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/05/12 12:0 a.m.21 views

WordPress WP All Backup Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP All Backup Type Plugin Vulnerable versions = 2.4.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32583 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 2d09c30b2474 Credits Mika Required privilege...

8.8CVSS6.6AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/10 12:0 a.m.21 views

WordPress QuBotChat Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software QuBotChat Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2399 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 9f1b3d64b154 Credits Rafael B. Required privilege...

6.1CVSS5.7AI score0.00499EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/05/09 12:0 a.m.21 views

WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wise Chat Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32504 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14930cd15ca4 Credits Justiice Required privile...

8.8CVSS6.7AI score0.00324EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/09 12:0 a.m.21 views

WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to SQL Injection

Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32508 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 81dd81d22e8d Credits minhtuanact Required privilege...

9.8CVSS6.8AI score0.00681EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/04/19 12:0 a.m.21 views

WordPress I Recommend This Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)

Software I Recommend This Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23673 Patch priority Low CVSS severity Low 5.9 Developer Webtions Harish PSID f5cbbc89906b Credits Rio Darmawan Required...

5.9CVSS6AI score0.00392EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/04/12 12:0 a.m.21 views

WordPress Gallery Plugin < 4.7.0 is vulnerable to SQL Injection

Software Gallery Type Plugin Vulnerable versions 4.7.0 Fixed in 4.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0765 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 85ca584ad7e5 Credits dc11 Required privilege Author Published 12 April, 2023...

8.8CVSS6.8AI score0.00873EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/04/07 12:0 a.m.21 views

WordPress WP Data Access Plugin <= 5.3.7 is vulnerable to Broken Access Control

Software WP Data Access Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1874 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d34193572ac0 Credits Chloe Chamberland Required...

8.8CVSS6.8AI score0.02726EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/03/22 12:0 a.m.21 views

WordPress eRoom – Zoom Meetings & Webinar Plugin <= 1.4.6 is vulnerable to Broken Access Control

Software eRoom – Zoom Meetings & Webinar Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-43472 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5064cfd61ac8 Credits István...

6.3AI score0.00552EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.21 views

WordPress Webinar and Video Conference with Jitsi Meet Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Webinar and Video Conference with Jitsi Meet Type Plugin Vulnerable versions = 1.2.5 Fixed in 2.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d77b318b12e...

5.9AI score0.00113EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/20 12:0 a.m.21 views

WordPress ConvertBox Auto Embed WordPress plugin Plugin <= 1.0.19 is vulnerable to Cross Site Scripting (XSS)

Software ConvertBox Auto Embed WordPress plugin Type Plugin Vulnerable versions = 1.0.19 Fixed in 1.0.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23664 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 859421b50cad Credit...

6.5CVSS5.7AI score0.00361EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/16 12:0 a.m.21 views

WordPress Load More Products for WooCommerce Plugin <= 1.1.9.7 is vulnerable to Broken Access Control

Software Load More Products for WooCommerce Type Plugin Vulnerable versions = 1.1.9.7 Fixed in 1.1.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 09d1bbbd7382 Credits István...

6.9AI score0.00227EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/03 12:0 a.m.21 views

WordPress Custom Content Shortcode Plugin <= 4.0.2 is vulnerable to Local File Inclusion

Software Custom Content Shortcode Type Plugin Vulnerable versions = 4.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0340 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54e338b50ba0 Credits Erwan LR WPScan Required...

8.8CVSS7.2AI score0.01047EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2023/02/20 12:0 a.m.21 views

WordPress WP Dynamic Keywords Injector Plugin <= 2.3.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Dynamic Keywords Injector Type Plugin Vulnerable versions = 2.3.15 Fixed in 2.3.16 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47141 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c2248ca9d15a Credits...

8.8CVSS7AI score0.00253EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.21 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0717 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID db3e0ac8c3e4 Credits Marco Wotschka Requir...

5.4CVSS6.8AI score0.00576EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.21 views

WordPress Spotlight Social Media Feeds Plugin < 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Spotlight Social Media Feeds Type Plugin Vulnerable versions 1.4.3 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0379 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 727812743302 Credits Lana...

5.4CVSS5.6AI score0.00526EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/01/16 12:0 a.m.21 views

WordPress PDF Generator for WordPress – Create & Customize PDF for Post, Pages and WooCommerce Products Plugin < 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software PDF Generator for WordPress – Create & Customize PDF for Post, Pages and WooCommerce Products Type Plugin Vulnerable versions 1.1.2 Fixed in 1.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4321 Patch priority Low CVSS severity Low 7.1...

6.1CVSS5.8AI score0.01193EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/01/10 12:0 a.m.21 views

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4704 Patch priority Medium CVSS severity Medium 5.4 Developer WProyal PSID 11224a1dc02d Credits Ramuel Gall Required...

8.1CVSS6.8AI score0.00792EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/12/29 12:0 a.m.21 views

WordPress club-theme Theme < 10 is vulnerable to Arbitrary File Upload

Software club-theme Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c1148e89d858 Credits Joshua Small Required privilege...

9.8CVSS9.3AI score0.02084EPSS
Exploits12References2Affected Software1
Patchstack
Patchstack
added 2022/11/23 12:0 a.m.21 views

WordPress WP-FormAssembly plugin <= 2.0.5 - Auth. Arbitrary File Read vulnerability

Auth. Arbitrary File Read vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress WP-FormAssembly plugin versions = 2.0.5. Solution No patched version available...

4AI score0.00742EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/22 12:0 a.m.21 views

WordPress SMSA Shipping for WooCommerce premium plugin <= 1.0.4 - Auth. Arbitrary File Download vulnerability

Auth. Arbitrary File Download vulnerability discovered by WPScan in WordPress SMSA Shipping for WooCommerce premium plugin versions = 1.0.4. Solution Update the WordPress SMSA Shipping for WooCommerce plugin to the latest available version at least 1.0.5...

3.5AI score0.00382EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/21 12:0 a.m.21 views

WordPress Car Dealer plugin <= 3.04 - Auth. Arbitrary Plugin Installation vulnerability

Auth. Arbitrary Plugin Installation vulnerability discovered by Lana Codes in WordPress Car Dealer plugin versions = 3.04. Solution Update the WordPress Car Dealer plugin to the latest available version at least 3.05...

3.5AI score0.00336EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/21 12:0 a.m.21 views

WordPress Welcart e-Commerce plugin <= 2.8.3 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities discovered by Lana Codes in the WordPress Welcart e-Commerce plugin versions = 2.8.3. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 2.8.4...

2.2AI score0.00468EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/18 12:0 a.m.21 views

WordPress Plugin for Google Reviews plugin <= 2.2.2 - Auth. Broken Access Control vulnerability

Auth. Broken Access Control vulnerability leading to arbitrary feed creation discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress Plugin for Google Reviews plugin versions = 2.2.2. Solution Update the WordPress Plugin for Google Reviews plugin to the latest available version at leas...

4.3CVSS3.9AI score0.00497EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/17 12:0 a.m.21 views

WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability

Auth. CSV Injection vulnerability discovered by Mika Patchstack Alliance in the WordPress ProfileGrid plugin versions = 5.1.6. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 5.1.8...

8.8CVSS3.8AI score0.00646EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/15 12:0 a.m.21 views

WordPress TeraWallet – For WooCommerce plugin <= 1.4.3 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability discovered by Marco Wotschka in the WordPress TeraWallet – For WooCommerce plugin versions = 1.4.3. Solution Update the WordPress TeraWallet – For WooCommerce plugin to the latest available version at least 1.4.4...

3.1AI score0.00556EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/11/01 12:0 a.m.21 views

WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dave Jong Patchstack in the WordPress Soledad premium theme versions = 8.2.5. Solution Update the WordPress soledad theme to the latest available version at least 8.2.6...

3.1AI score0.00177EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.21 views

WordPress Restaurant Menu <= 2.3.0 - Missing Authorization on AJAX Actions vulnerability

Missing Authorization on AJAX Actions vulnerability discovered by ptsfence in WordPress Restaurant Menu versions = 2.3.0. Solution Update the WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin to the latest available version at least 2.3.1...

6.5CVSS4.1AI score0.00534EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/10/25 12:0 a.m.21 views

WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability

Auth. WordPress Options Change vulnerability discovered by Vlad Vector Patchstack in the WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...

7.2CVSS3.2AI score0.00798EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/21 12:0 a.m.21 views

WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.5...

9.1CVSS3AI score0.00816EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/18 12:0 a.m.21 views

WordPress core <= 6.0.2 - Data Exposure vulnerability via REST API

Data Exposure vulnerability via REST API discovered by Than Taintor in WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...

3.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/10/17 12:0 a.m.21 views

WordPress FluentForm plugin <= 4.3.12 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Francesco Carlucci in WordPress FluentForm plugin versions = 4.3.12. Solution Update the WordPress Contact Form Plugin plugin to the latest available version at least 4.3.13...

9.8CVSS3.4AI score0.01231EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities5000