Lucene search
K
PatchstackMost viewed

46704 matches found

Patchstack
Patchstack
added 2023/06/26 12:0 a.m.21 views

WordPress Chaty Plugin <= 3.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3245 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f10b64625618 Credits Dipak Panchal Required privilege...

4.8CVSS5.7AI score0.00389EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/06/20 12:0 a.m.21 views

WordPress Complianz Premium Plugin <= 6.4.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Complianz Premium Type Plugin Vulnerable versions = 6.4.7 Fixed in 6.4.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8ec92260cc85 Credits Rafie Muhammad...

8.8CVSS8.7AI score0.00338EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/06/14 12:0 a.m.21 views

WordPress MStore API Plugin <= 3.9.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software MStore API Type Plugin Vulnerable versions = 3.9.6 Fixed in 3.9.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3199 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 52100659480e Credits Truoc Phan Required...

4.3CVSS6.6AI score0.00298EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/06/06 12:0 a.m.21 views

WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.14.2 is vulnerable to Broken Authentication

Software Abandoned Cart Lite for WooCommerce Type Plugin Vulnerable versions = 5.14.2 Fixed in 5.15.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2986 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15bb4df9e2c9 Credits István...

9.8CVSS6.5AI score0.42814EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2023/06/02 12:0 a.m.21 views

WordPress Premium Addons PRO Plugin <= 2.8.24 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons PRO Type Plugin Vulnerable versions = 2.8.24 Fixed in 2.8.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34012 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3e100a687a90 Credits Rafie Muhamm...

7.1CVSS5.9AI score0.00382EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/30 12:0 a.m.21 views

WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Social Login Type Plugin Vulnerable versions = 3.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34023 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6e7893e261d3 Credits Nguyen Xuan...

7.1CVSS5.9AI score0.00445EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2023/05/17 12:0 a.m.21 views

WordPress is vulnerable to Directory Traversal

Software WordPress Type WordPress Core Vulnerable versions = 6.2 Fixed in 6.2.1 OWASP Top 10 A1: Injection Classification Directory Traversal CVE CVE-2023-2745 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 0d1028dd7204 Credits Ramuel Gall Wordfence Required privile...

6.1CVSS6.6AI score0.79527EPSS
Exploits7References5Affected Software1
Patchstack
Patchstack
added 2023/05/16 12:0 a.m.21 views

WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions = 3.0.9 Fixed in 3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25019 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 46b92040d289 Credits Rafie Muhammad Patchstack...

7.1CVSS5.6AI score0.00401EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/15 12:0 a.m.21 views

WordPress Seo By 10Web Plugin < 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Seo By 10Web Type Plugin Vulnerable versions 1.2.7 Fixed in 1.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2224 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7380d78d51b0 Credits Taurus Omar Required privileg...

4.8CVSS5.7AI score0.00909EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/05/12 12:0 a.m.21 views

WordPress WP All Backup Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP All Backup Type Plugin Vulnerable versions = 2.4.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32583 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 2d09c30b2474 Credits Mika Required privilege...

8.8CVSS6.6AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/10 12:0 a.m.21 views

WordPress QuBotChat Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software QuBotChat Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2399 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 9f1b3d64b154 Credits Rafael B. Required privilege...

6.1CVSS5.7AI score0.00499EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/05/09 12:0 a.m.21 views

WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wise Chat Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32504 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14930cd15ca4 Credits Justiice Required privile...

8.8CVSS6.7AI score0.00324EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/09 12:0 a.m.21 views

WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to SQL Injection

Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32508 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 81dd81d22e8d Credits minhtuanact Required privilege...

9.8CVSS6.8AI score0.00681EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/04/19 12:0 a.m.21 views

WordPress I Recommend This Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)

Software I Recommend This Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23673 Patch priority Low CVSS severity Low 5.9 Developer Webtions Harish PSID f5cbbc89906b Credits Rio Darmawan Required...

5.9CVSS6AI score0.00392EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/04/12 12:0 a.m.21 views

WordPress Gallery Plugin < 4.7.0 is vulnerable to SQL Injection

Software Gallery Type Plugin Vulnerable versions 4.7.0 Fixed in 4.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0765 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 85ca584ad7e5 Credits dc11 Required privilege Author Published 12 April, 2023...

8.8CVSS6.8AI score0.00873EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/04/07 12:0 a.m.21 views

WordPress WP Data Access Plugin <= 5.3.7 is vulnerable to Broken Access Control

Software WP Data Access Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1874 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d34193572ac0 Credits Chloe Chamberland Required...

8.8CVSS6.8AI score0.02726EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/03/22 12:0 a.m.21 views

WordPress eRoom – Zoom Meetings & Webinar Plugin <= 1.4.6 is vulnerable to Broken Access Control

Software eRoom – Zoom Meetings & Webinar Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-43472 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5064cfd61ac8 Credits István...

6.3AI score0.00552EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.21 views

WordPress Webinar and Video Conference with Jitsi Meet Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Webinar and Video Conference with Jitsi Meet Type Plugin Vulnerable versions = 1.2.5 Fixed in 2.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d77b318b12e...

5.9AI score0.00113EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/20 12:0 a.m.21 views

WordPress ConvertBox Auto Embed WordPress plugin Plugin <= 1.0.19 is vulnerable to Cross Site Scripting (XSS)

Software ConvertBox Auto Embed WordPress plugin Type Plugin Vulnerable versions = 1.0.19 Fixed in 1.0.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23664 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 859421b50cad Credit...

6.5CVSS5.7AI score0.00361EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/16 12:0 a.m.21 views

WordPress Load More Products for WooCommerce Plugin <= 1.1.9.7 is vulnerable to Broken Access Control

Software Load More Products for WooCommerce Type Plugin Vulnerable versions = 1.1.9.7 Fixed in 1.1.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 09d1bbbd7382 Credits István...

6.9AI score0.00227EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/03 12:0 a.m.21 views

WordPress Custom Content Shortcode Plugin <= 4.0.2 is vulnerable to Local File Inclusion

Software Custom Content Shortcode Type Plugin Vulnerable versions = 4.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0340 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54e338b50ba0 Credits Erwan LR WPScan Required...

8.8CVSS7.2AI score0.01047EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2023/02/20 12:0 a.m.21 views

WordPress WP Dynamic Keywords Injector Plugin <= 2.3.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Dynamic Keywords Injector Type Plugin Vulnerable versions = 2.3.15 Fixed in 2.3.16 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47141 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c2248ca9d15a Credits...

8.8CVSS7AI score0.00253EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.21 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0717 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID db3e0ac8c3e4 Credits Marco Wotschka Requir...

5.4CVSS6.8AI score0.00576EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.21 views

WordPress Spotlight Social Media Feeds Plugin < 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Spotlight Social Media Feeds Type Plugin Vulnerable versions 1.4.3 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0379 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 727812743302 Credits Lana...

5.4CVSS5.6AI score0.00526EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/01/16 12:0 a.m.21 views

WordPress PDF Generator for WordPress – Create & Customize PDF for Post, Pages and WooCommerce Products Plugin < 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software PDF Generator for WordPress – Create & Customize PDF for Post, Pages and WooCommerce Products Type Plugin Vulnerable versions 1.1.2 Fixed in 1.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4321 Patch priority Low CVSS severity Low 7.1...

6.1CVSS5.8AI score0.01193EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/01/10 12:0 a.m.21 views

WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4704 Patch priority Medium CVSS severity Medium 5.4 Developer WProyal PSID 11224a1dc02d Credits Ramuel Gall Required...

8.1CVSS6.8AI score0.00792EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/01/04 12:0 a.m.21 views

WordPress Youtube Channel Gallery Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Youtube Channel Gallery Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4783 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID d89263cd84d3 Credits István Márton...

5.4CVSS5.7AI score0.0047EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/11/23 12:0 a.m.21 views

WordPress WP-FormAssembly plugin <= 2.0.5 - Auth. Arbitrary File Read vulnerability

Auth. Arbitrary File Read vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress WP-FormAssembly plugin versions = 2.0.5. Solution No patched version available...

4AI score0.00742EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/22 12:0 a.m.21 views

WordPress SMSA Shipping for WooCommerce premium plugin <= 1.0.4 - Auth. Arbitrary File Download vulnerability

Auth. Arbitrary File Download vulnerability discovered by WPScan in WordPress SMSA Shipping for WooCommerce premium plugin versions = 1.0.4. Solution Update the WordPress SMSA Shipping for WooCommerce plugin to the latest available version at least 1.0.5...

3.5AI score0.00382EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/21 12:0 a.m.21 views

WordPress Car Dealer plugin <= 3.04 - Auth. Arbitrary Plugin Installation vulnerability

Auth. Arbitrary Plugin Installation vulnerability discovered by Lana Codes in WordPress Car Dealer plugin versions = 3.04. Solution Update the WordPress Car Dealer plugin to the latest available version at least 3.05...

3.5AI score0.00336EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/21 12:0 a.m.21 views

WordPress Welcart e-Commerce plugin <= 2.8.3 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities discovered by Lana Codes in the WordPress Welcart e-Commerce plugin versions = 2.8.3. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 2.8.4...

2.2AI score0.00468EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/18 12:0 a.m.21 views

WordPress Plugin for Google Reviews plugin <= 2.2.2 - Auth. Broken Access Control vulnerability

Auth. Broken Access Control vulnerability leading to arbitrary feed creation discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress Plugin for Google Reviews plugin versions = 2.2.2. Solution Update the WordPress Plugin for Google Reviews plugin to the latest available version at leas...

4.3CVSS3.9AI score0.00497EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/17 12:0 a.m.21 views

WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability

Auth. CSV Injection vulnerability discovered by Mika Patchstack Alliance in the WordPress ProfileGrid plugin versions = 5.1.6. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 5.1.8...

8.8CVSS3.8AI score0.00646EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/15 12:0 a.m.21 views

WordPress TeraWallet – For WooCommerce plugin <= 1.4.3 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability discovered by Marco Wotschka in the WordPress TeraWallet – For WooCommerce plugin versions = 1.4.3. Solution Update the WordPress TeraWallet – For WooCommerce plugin to the latest available version at least 1.4.4...

3.1AI score0.00556EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/11/01 12:0 a.m.21 views

WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dave Jong Patchstack in the WordPress Soledad premium theme versions = 8.2.5. Solution Update the WordPress soledad theme to the latest available version at least 8.2.6...

3.1AI score0.00177EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.21 views

WordPress Restaurant Menu <= 2.3.0 - Missing Authorization on AJAX Actions vulnerability

Missing Authorization on AJAX Actions vulnerability discovered by ptsfence in WordPress Restaurant Menu versions = 2.3.0. Solution Update the WordPress Restaurant Menu – Food Ordering System – Table Reservation plugin to the latest available version at least 2.3.1...

6.5CVSS4.1AI score0.00534EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/10/25 12:0 a.m.21 views

WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability

Auth. WordPress Options Change vulnerability discovered by Vlad Vector Patchstack in the WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...

7.2CVSS3.2AI score0.00798EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/21 12:0 a.m.21 views

WordPress Quiz And Survey Master plugin <= 7.3.10 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability was discovered by Thura Moe Myint Patchstack Alliance in the WordPress Quiz And Survey Master plugin versions = 7.3.10. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.11...

7.5CVSS3.2AI score0.00652EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/21 12:0 a.m.21 views

WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.5...

9.1CVSS3AI score0.00816EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/18 12:0 a.m.21 views

WordPress core <= 6.0.2 - Data Exposure vulnerability via REST API

Data Exposure vulnerability via REST API discovered by Than Taintor in WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...

3.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/10/17 12:0 a.m.21 views

WordPress FluentForm plugin <= 4.3.12 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Francesco Carlucci in WordPress FluentForm plugin versions = 4.3.12. Solution Update the WordPress Contact Form Plugin plugin to the latest available version at least 4.3.13...

9.8CVSS3.4AI score0.01231EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/10 12:0 a.m.21 views

WordPress Newspaper premium theme <= 11.5.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Truoc Phan Techlab Corporation in WordPress Newspaper premium theme versions = 11.5.1 Solution Update the WordPress Newspaper theme to the latest available version at least 12...

6.1CVSS1.8AI score0.00551EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/26 12:0 a.m.21 views

WordPress Helpful plugin <= 4.5.25 - Information Disclosure vulnerability

Information Disclosure vulnerability discovered by Aleksi Kistauri in WordPress Helpful plugin versions = 4.5.25. Solution Deactivate and delete. This plugin has been closed as of August 26, 2022 and is not available for download. This closure is temporary, pending a full review...

5.3CVSS2.2AI score0.00769EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/22 12:0 a.m.21 views

WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress Customer Reviews for WooCommerce plugin versions = 5.3.5. Solution Update the WordPress Customer Reviews for WooCommerce plugin to the latest available version at least 5.3.6...

7.5CVSS3.3AI score0.00704EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/21 12:0 a.m.21 views

WordPress WP Custom Cursors plugin <= 3.0 - Arbitrary Cursor Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Cursor Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes in WordPress WP Custom Cursors plugin versions = 3.0. Solution Update the WordPress WP Custom Cursors plugin to the latest available version at least 3.0.1...

4.3CVSS3.9AI score0.00267EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/20 12:0 a.m.21 views

WordPress Import all XML, CSV & TXT plugin <= 6.5.7 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Sanjay Das in WordPress Import all XML, CSV & TXT plugin versions = 6.5.7. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.5.8...

4.2CVSS2.7AI score0.00386EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/09/20 12:0 a.m.21 views

WordPress We’re Open! plugin <= 1.41 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress We’re Open! plugin versions = 1.41. Solution Update the WordPress We’re Open! plugin to the latest available version at least 1.42...

4.8CVSS2.1AI score0.00496EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/14 12:0 a.m.21 views

WordPress Slider, Gallery, and Carousel by MetaSlider plugin <= 3.27.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Anurag Bhoir in WordPress Slider, Gallery, and Carousel by MetaSlider plugin versions = 3.27.8. Solution Update the WordPress Responsive Slider by MetaSlider plugin to the latest available version at least 3.27.9...

4.8CVSS2.2AI score0.0047EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/07 12:0 a.m.21 views

WordPress Wordfence Security – Firewall & Malware Scan plugin <= 7.6.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ori Gabriel in WordPress Wordfence Security – Firewall & Malware Scan plugin versions = 7.6.0. Solution Update the WordPress Wordfence plugin to the latest available version at least 7.6.1...

4.8CVSS1.8AI score0.00613EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/09/07 12:0 a.m.21 views

WordPress Donation Thermometer plugin <= 2.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Donation Thermometer plugin versions = 2.1.2. Solution Update the WordPress Donation Thermometer plugin to the latest available version at least 2.1.3...

4.8CVSS2.3AI score0.00548EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities5000