Lucene search
K
PatchstackMost viewed

46702 matches found

Patchstack
Patchstack
added 2020/04/28 12:0 a.m.21 views

WordPress LearnPress plugin <= 3.2.6.8 - Authenticated Page Creation and Status Modification vulnerability

Authenticated Page Creation and Status Modification vulnerability discovered by WordFence in WordPress LearnPress plugin versions = 3.2.6.8. Solution Update the WordPress LearnPress plugin to the latest available version at least 3.2.6.9...

3AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2020/03/26 12:0 a.m.21 views

WordPress IMPress for IDX Broker plugin <= 2.6.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress IMPress for IDX Broker plugin versions = 2.6.1. Solution Update the WordPress IMPress for IDX Broker plugin to the latest available version at least 2.6.2...

5.4CVSS1.9AI score0.00723EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2020/03/24 12:0 a.m.21 views

WordPress Buddypress Component Stats plugin <= 1.0 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability discovered by Random Robbie in WordPress Buddypress Component Stats plugin versions = 1.0. Solution Plugin closed. Deactivate and delete...

6.8CVSS2.7AI score0.39374EPSS
Exploits6References2Affected Software1
Patchstack
Patchstack
added 2020/02/27 12:0 a.m.21 views

WordPress 10Web Map Builder for Google Maps <= 1.0.63 - Unauthenticated Stored Cross-Site Scripting (XSS) via Plugin Settings Change vulnerability

Unauthenticated Stored Cross-Site Scripting XSS via Plugin Settings Change vulnerability found by Sean Murphy, QA Lead Matt Rusnak, and QA Engineer Ramuel Gall Wordfence in WordPress 10Web Map Builder for Google Maps = 1.0.63. Solution Update the WordPress 10Web Map Builder for Google Maps plugin...

1.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/02/18 12:0 a.m.21 views

WordPress Yottis premium theme <= 1.0 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by WordFence in WordPress Yottis premium theme versions = 1.0. Solution Update the WordPress Yottis premium theme to the latest available version at least 1.0.1...

9.8CVSS4.5AI score0.08877EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/01/29 12:0 a.m.21 views

WordPress Code Snippets plugin <= 2.13.3 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) vulnerability

Cross-Site Request Forgery CSRF to Remote Code Execution RCE vulnerability found by Chloe Chamberland in WordPress Code Snippets plugin versions = 2.13.3. Solution Update the WordPress Code Snippets plugin to the latest available version at least 2.14.0...

8.8CVSS4.4AI score0.11905EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2020/01/22 12:0 a.m.21 views

WordPress Ultimate Member plugin <= 2.1.2 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability found in WordPress Ultimate Member plugin versions = 2.1.2. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.1.3...

5.3CVSS3.2AI score0.02168EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/01/21 12:0 a.m.21 views

WordPress Chatbot with IBM Watson plugin <= 0.8.20 - DOM Cross-Site Scripting (XSS) vulnerability

DOM Cross-Site Scripting XSS vulnerability found by Hooper Labs in WordPress Chatbot with IBM Watson plugin versions = 0.8.20. Solution Update the WordPress Chatbot with IBM Watson plugin to the latest available version at least 0.8.21...

6.1CVSS1.6AI score0.01371EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/11/26 12:0 a.m.21 views

WordPress WP Spell Check plugin <= 7.1.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Takuya Yamaguchi in WordPress WP Spell Check plugin versions = 7.1.9. Solution Update the WordPress WP Spell Check plugin to the latest available version at least 7.1.10...

8.8CVSS3AI score0.00678EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/10/31 12:0 a.m.21 views

WordPress YITH WooCommerce Waiting List plugin <=1.3.10 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Waiting List plugin versions =1.3.10. Solution Update the WordPress YITH WooCommerce Waiting List plugin to the latest available version at least 1.3.11...

4.3CVSS3.1AI score0.00948EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/10/31 12:0 a.m.21 views

WordPress YITH WooCommerce Cart Messages plugin <=1.4.4 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Cart Messages plugin versions =1.4.4. Solution Update the WordPress YITH WooCommerce Cart Messages plugin to the latest available version at least 1.4.5...

4.3CVSS3AI score0.00948EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/09/28 12:0 a.m.21 views

WordPress Visualizer plugin <= 3.3.0 - Server-Side Request Forgery (SSRF)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks. Solution Update the plugin to the latest version...

10CVSS5.8AI score0.39137EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2019/08/30 12:0 a.m.21 views

WordPress WooCommerce Product Feed plugin <= 3.1.14 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability found by Damian Ebelties in WordPress WooCommerce Product Feed plugin versions = 3.1.14. Solution Update the WordPress WooCommerce Product Feed plugin to the latest available version at least 3.1.15...

5.4CVSS2.7AI score0.03213EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2019/08/30 12:0 a.m.21 views

WordPress Variation Swatches for WooCommerce plugin <= 1.0.61 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found in WordPress Variation Swatches for WooCommerce plugin versions = 1.0.61. Solution Update the WordPress Variation Swatches for WooCommerce plugin to the latest available version at least 1.0.62...

6.1CVSS2.7AI score0.0102EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/08/23 12:0 a.m.21 views

WordPress Easy Forms for Mailchimp plugin <= 6.5.2 - Code Injection vulnerability

Code Injection vulnerability found by Henri Salo in WordPress Easy Forms for Mailchimp plugin versions = 6.5.2. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.5.3...

9.8CVSS1.8AI score0.02177EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/08/21 12:0 a.m.21 views

WordPress Web Librarian plugin <= 3.5.4 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability found in WordPress Web Librarian plugin versions = 3.5.4. Solution Update the WordPress Web Librarian plugin to the latest available version at least 3.5.5...

6.5CVSS4AI score0.01427EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/08/16 12:0 a.m.21 views

WordPress WP SVG Icons plugin <= 3.2.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by zeroauth in WordPress WP SVG Icons plugin versions = 3.2.2. Solution Update the WordPress WP SVG Icons plugin to the latest available version at least 3.2.3...

8.8CVSS3.3AI score0.00839EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/08/14 12:0 a.m.21 views

WordPress WP Fastest Cache plugin <= 0.8.9.5 - Directory Traversal vulnerability

Directory Traversal vulnerability found by Imre Rad in WordPress WP Fastest Cache plugin versions = 0.8.9.5. Solution Update the WordPress WP Fastest Cache plugin to the latest available version at least 0.8.9.6...

9.1CVSS2.6AI score0.45361EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/05/22 12:0 a.m.21 views

WordPress WPGraphQL plugin <= 0.2.3 - Multiple Vulnerabilities

Multiple Vulnerabilities found in WordPress WPGraphQL plugin versions = 0.2.3. Solution Update the WordPress WPGraphQL plugin to the latest available version at least 0.3.0...

2.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/03/22 12:0 a.m.21 views

WordPress WP Google Maps plugin <= 7.10.41 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Tim Coen in WordPress WP Google Maps plugin versions = 7.10.41. Solution Update the WordPress WP Google Maps plugin to the latest available version at least 7.10.43...

6.1CVSS1.3AI score0.03028EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/03/12 12:0 a.m.21 views

WordPress Give plugin <= 2.3.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Tim Coen in WordPress Give plugin versions = 2.3.0. Solution Update the WordPress Give plugin to the latest available version at least 2.3.1...

6.1CVSS2AI score0.0142EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2019/03/12 12:0 a.m.21 views

WordPress Contact Form Email plugin <= 1.2.65 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Tim Coen in WordPress Contact Form Email plugin versions = 1.2.65. Solution Update the WordPress Contact Form Email plugin to the latest available version at least 1.2.66...

6.1CVSS3.6AI score0.01389EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2019/01/08 12:0 a.m.21 views

WordPress Google XML Sitemaps plugin <= 4.0.9 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by takagisan in WordPress Google XML Sitemaps plugin version = 4.0.9. Solution Update the WordPress Google XML Sitemaps plugin to the latest available version at least 4.1.0...

4.8CVSS2AI score0.00678EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/12/04 12:0 a.m.21 views

WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability found by Larry W. Cashdollar in WordPress Arigato Autoresponder and Newsletter plugin versions = 2.5.1.8. Solution Update the WordPress Arigato Autoresponder and Newsletter plugin to the latest available version at least 2.5.2...

7.2CVSS3.2AI score0.04354EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2018/09/01 12:0 a.m.21 views

WordPress Export Users to CSV plugin <= 1.1.1 - CSV Injection vulnerability

CSV Injection vulnerability found by Javier Olmedo in WordPress Export Users to CSV plugin versions = 1.1.1. Solution 2018.09.01 - we were unable to find a patched version of this plugin...

8.6CVSS3.2AI score0.01498EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/08/28 12:0 a.m.21 views

WordPress Plainview Activity Monitor plugin <= 20161228 - Remote Command Execution (RCE) vulnerability

Remote Command Execution RCE vulnerability found by "aas" in WordPress Plainview Activity Monitor plugin versions = 20161228. Solution Update the WordPress Plainview Activity Monitor plugin to the latest available version at least 20180826...

9CVSS5.7AI score0.7699EPSS
Exploits11References1Affected Software1
Patchstack
Patchstack
added 2018/08/28 12:0 a.m.21 views

WordPress Chained Quiz plugin <= 1.0.8 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by Qlirim Emini in WordPress Chained Quiz plugin versions = 1.0.8. Solution Update the WordPress Chained Quiz plugin to the latest available version at least 1.0.9...

9.8CVSS3AI score0.02686EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2018/05/30 12:0 a.m.21 views

WordPress wpForo Forum plugin <=1.4.9 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection via a search with the /forum/ wpfo parameter found by cate4cafe in WordPress wpForo Forum plugin versions =1.4.9. Solution Update the WordPress wpForo Forum plugin to the latest available version at least 1.4.11...

9.8CVSS4.2AI score0.0165EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2018/04/29 12:0 a.m.21 views

WordPress Cookie Consent plugin <=2.3.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found in WordPress Cookie Consent plugin versions =2.3.9. Solution Update the WordPress Cookie Consent plugin to the latest available version at least 2.3.10...

5.4CVSS2.3AI score0.03892EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2018/04/09 12:0 a.m.21 views

WordPress Background Takeover plugin <=4.1.4 - Directory Traversal vulnerability

Directory Traversal vulnerability found in WordPress Background Takeover plugin versions =4.1.4. Unescaped URL allows access to other files. Solution Update the WordPress Background Takeover plugin to the latest available version at least 4.1.5...

7.5CVSS4.1AI score0.48158EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
added 2018/04/05 12:0 a.m.21 views

WordPress WP Security Audit Log plugin <=3.1.1 - Sensitive Information Disclosure

Sensitive Information Disclosure found in WordPress WP Security Audit Log plugin versions =3.1.1. Failed login log files indexable by Google. Solution Update the WordPress WP Security Audit Log plugin to the latest available version at least 3.1.2...

5.3CVSS1.6AI score0.15782EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
added 2018/03/28 12:0 a.m.21 views

WordPress Activity Log plugin <=2.4.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress Activity Log plugin versions =2.4.0 Solution Update the WordPress Activity Log plugin to the latest available version at least 2.4.1...

6.1CVSS2.3AI score0.0563EPSS
Exploits7References1Affected Software1
Patchstack
Patchstack
added 2018/03/13 12:0 a.m.21 views

WordPress WP Retina 2x plugin <=5.2.0 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress WP Retina 2x plugin versions =5.2.0. The vulnerability allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Solution Update the WordPress WP Retina 2x plugin to the latest available version at least 5.2.2...

6.1CVSS2.6AI score0.00918EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/02/07 12:0 a.m.21 views

WordPress Instagram Feed plugin <=1.5.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found Dumpcore in WordPress Instagram Feed plugin versions =1.5.1. Solution Update the WordPress Instagram Feed plugin to the latest available version at least 1.6...

1.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/01/30 12:0 a.m.21 views

WordPress Social Media Widget by Acurax plugin <=3.2.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Panagiotis Vagenas in WordPress Social Media Widget by Acurax plugin versions =3.2.5. Solution Update the WordPress Social Media Widget by Acurax plugin to the latest available version at least 3.2.6...

8.8CVSS4.5AI score0.00661EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/01/10 12:0 a.m.21 views

WordPress SagePay Server Gateway for WooCommerce plugin <=1.0.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found in WordPress SagePay Server Gateway for WooCommerce plugin versions =1.0.8. Solution Update the WordPress SagePay Server Gateway for WooCommerce plugin to the latest available version at least 1.0.9...

6.1CVSS2.2AI score0.03685EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/01/09 12:0 a.m.21 views

WordPress GD Rating System plugin 2.3 - Cross-Site Scripting (XSS) vulnerability (3)

A third Cross-Site Scripting XSS vulnerability found by d4wner in WordPress GD Rating System plugin version 2.3. XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page. Solution 1/9/2018 - we were unable to find a patched version of this plugin...

6.1CVSS2.5AI score0.01265EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/01/03 12:0 a.m.21 views

WordPress Smart Google Code Inserter plugin <=3.4 - Authorization bypass vulnerability

Authorization bypass vulnerability found by Benjamin Lim in WordPress Smart Google Code Inserter plugin versions =3.4. Solution Update the WordPress Smart Google Code Inserter plugin to the latest available version at least version 3.5...

9.8CVSS3.4AI score0.91477EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2017/12/20 12:0 a.m.21 views

WordPress CSV Import-Export plugin <=1.1.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress CSV Import-Export plugin versions =1.1.0. Solution Dec 20, 2017 - we were unable to find a patched version of this plugin last updated three years ago. Uninstall or use it at your own risk...

6.1CVSS1.5AI score0.00845EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2017/11/20 12:0 a.m.21 views

WordPress Duplicator plugin <=1.2.28 – Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by Ricardo Sanchez in WordPress Duplicator plugin versions =1.2.28. The plugin is vulnerable due to incorrectly filtered values "urlnew" and "logging". Solution Update the WordPress Duplicator plugin to the latest available version at least...

6.1CVSS1.7AI score0.01017EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/11/07 12:0 a.m.21 views

WordPress WP Simple Booking Calendar Premium plugin 5.0–5.4 <= Unauthenticated Data leak

The booking notes are shown in the source code of the page. Solution Update the plugin to 5.5 version...

4.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/07/03 12:0 a.m.21 views

WordPress WatuPRO plugin 5.5.1 - SQL Injection vulnerability

SQL Injection vulnerability found by Manich Koomsusi in WatuPRO 5.5.1 WordPress plugin. Data sent with “watuproquestions” parameter not sanitized before SQL statement. Solution Update the WatuPRO WordPress plugin to the latest available version at least 5.5.3.7...

3.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/01/10 12:0 a.m.21 views

WordPress plugin WP Support Plus Responsive Ticket System <= 7.1.3 - Privilege Escalation

WordPress plugin WP Support Plus Responsive Ticket System 7.1.3 earlier versions and 7.1.4 vulnerable to privilege escalation. It is possible to log in as any user without knowing password due to the incorrect usage of "wpsetauthcookie". Solution Update the plugin to the latest version atleast...

4.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2016/11/12 12:0 a.m.21 views

WordPress BBS e-Franchise Plugin <= 1.1.1 - SQL Injection

This plugin is prone to an SQL injection vulnerability. It allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/11/08 12:0 a.m.21 views

WordPress YITH WooCommerce Compare Plugin <= 2.0.9 - PHP Object injection

Because of this vulnerability, attackers can execute arbitrary PHP code. Solution Update the plugin...

5.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/09/27 12:0 a.m.21 views

WordPress W3 Total Cache Plugin <= 0.9.4.1 - Arbitrary File Upload

This plugin is prone to an authenticated arbitrary file upload vulnerability. Solution Update the plugin...

3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/08/01 12:0 a.m.21 views

WordPress Contact Bank Plugin <= 2.1.21 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/07/20 12:0 a.m.21 views

WordPress Indexisto Plugin <= 1.0.5 - Reflected XSS

This plugin is prone to a cross site scripting vulnerability. Solution Upgrade the plugin...

6.1CVSS1.9AI score0.03432EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2016/06/23 12:0 a.m.21 views

WordPress <= 4.5.2 - Denial of Service Attacks

Because of oEmbed protocol implementation in WordPress, an attacker can cause a denial of service via unspecified vectors. Solution Update WordPress...

7.5CVSS5.9AI score0.04084EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/06/09 12:0 a.m.21 views

WordPress EWWW Image Optimizer Plugin <= 2.8.3 - Remote Code Execution

Because of this vulnerability, attackers can create a backdoor or take a site down altogether. Solution Upgrade this plugin...

5.4AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities5000