Lucene search
K
PatchstackMost viewed

46702 matches found

Patchstack
Patchstack
•added 2016/04/12 12:0 a.m.•21 views

WordPress Infusionsoft Gravity Forms Add-on Plugin <= 1.5.11 - XSS

This plugin is prone to a cross site scripting vulnerability. Solution Upgrade the plugin...

6.1CVSS1.3AI score0.04195EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
•added 2016/01/25 12:0 a.m.•21 views

WordPress Booking Calendar Contact Form Plugin 1.1.23 - Unauthenticated SQL Injection

This WordPress Booking Calendar Contact Form plugin's "action=cpabcappointmentscheckIPNverification" parameter is prone to an unauthenticated SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the...

2.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/12/09 12:0 a.m.•21 views

WordPress Wordfence Plugin <= 5.1.4 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...

6.1CVSS2.1AI score0.0119EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/11/21 12:0 a.m.•21 views

WordPress WP RSS Multi Importer Plugin <= 3.15 - Multiple Vulnerabilities

This plugin is prone to an SQL injection and cross site scripting vulnerabilities. Because of them, remote authenticated users can execute arbitrary SQL commands and inject HTML and JavaScript. Solution Upgrade this plugin...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/09/22 12:0 a.m.•21 views

WordPress Appointment Booking Calendar Plugin <= 1.1.7 - Multiple XSS

These vulnerabilities allow an attacker to inject an arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...

4.3CVSS4AI score0.02137EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2015/06/24 12:0 a.m.•21 views

WordPress Wordfence Plugin <= 5.2.3 - Bypass

This plugin is prone to banned IP functionality bypass vulnerability. Unlogged requests won't trigger automatic throttling and banning. Solution Update plugin...

2.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2015/05/26 12:0 a.m.•22 views

WordPress Church Admin Plugin 0.800 - Stored XSS

Better Church Admin plugins is prone to a stored XSS vulnerability that allow to steal cookies or gain privileged access to the affected site. Solution Fixed in version 0.810...

4.3CVSS5.2AI score0.07495EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/05/26 12:0 a.m.•21 views

WordPress Landing Pages Plugin <= 1.8.4 - XSS

Cross-site scripting XSS vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php. Solution Upgrade the plugin...

3.5CVSS3.1AI score0.03947EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2015/05/26 12:0 a.m.•21 views

WordPress NewStatPress Plugin 0.9.8 - Multiple Vulnerabilities

NewStatPress plugin is prone to multiple vulnerabilities, such as authenticated SQL injection and authenticated XSS. Solution Update the plugin...

6.5CVSS2.6AI score0.09183EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2015/05/15 12:0 a.m.•21 views

WordPress Slideshow Plugin <= 2.2.21 - Bypass

This plugin is prone to option value disclosure vulnerability. Solution Update plugin...

7.5CVSS2.3AI score0.03488EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/05/15 12:0 a.m.•21 views

WordPress WP Cumulus Plugin <= 1.22 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/05/12 12:0 a.m.•21 views

WordPress Modern Theme <= 1.4.1 - Cross Site Scripting

This WordPress theme is prone to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary script or HTML. Solution Update the theme...

3.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/04/29 12:0 a.m.•21 views

WordPress TheCartPress Plugin 1.3.9 - Multiple Vulnerabilities

TheCartPress plugin is prone to multiple vulnerabilities, such as local PHP file inclusion, stored XSS, improper access control and multiple XSS vulnerabilities. Solution Update the plugin...

4.3CVSS1.7AI score0.06422EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
•added 2015/03/03 12:0 a.m.•21 views

WordPress Fusion Theme <= 3.1 - Arbitrary File Upload

Because of this vulnerability in this Fusion theme, the authenticated users can execute arbitrary code by uploading a file with an executable extension in a fusionsave action and then accessing it via unspecified vectors. Solution Update the theme...

6.5CVSS6AI score0.03189EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/02/20 12:0 a.m.•21 views

WordPress Contact Form DB Plugin <= 2.8.26 - XSS

This vulnerability allows an attacker to inject arbitrary web script or HTML via the "submittime" parameter in the CF7DBPluginSubmissions page to wp-admin/admin.php. Solution Update the plugin...

4.3CVSS2.4AI score0.01633EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/02/17 12:0 a.m.•21 views

WordPress Contact Form DB Plugin <= 2.8.31 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that delete all plugin records. Solution Upgrade the plugin...

6.8CVSS4.3AI score0.01465EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2015/02/11 12:0 a.m.•21 views

WordPress Spider Facebook Plugin <= 1.0.10 - Multiple XSS

Because of these vulnerabilities, some parameters are shown unsanitized. Solution Upgrade the plugin...

4.3CVSS3.9AI score0.01651EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/02/09 12:0 a.m.•21 views

WordPress WPLMS Learning Management System Theme <= 1.8.4.1 - Privilege Escalation

Because of this vulnerability, the attackers can have an administrator account on the target's website. Solution Update the theme...

4.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/01/20 12:0 a.m.•21 views

WordPress Pixabay Images Plugin 2.3 - Multiple Vulnerabilities

WordPress Pixarbay Images plugin is prone to multiple vulnerabilities, such as authentication bypass, arbitrary file upload, path traversal and cross-site scripting XSS vulnerabilities. Solution Upgrade the plugin...

5CVSS2.8AI score0.1342EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/01/13 12:0 a.m.•21 views

WordPress Another WordPress Classifieds Plugin - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the query string to the default URI. Solution Update the plugin...

4.3CVSS3AI score0.01633EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/01/13 12:0 a.m.•21 views

WordPress April's Super Functions Pack Plugin <= 1.4.7 - XSS

Because of this vulnerability in readme.php, the attackers to inject arbitrary web script or HTML via the "page" parameter. Solution Update the plugin...

4.3CVSS3.1AI score0.01948EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/01/08 12:0 a.m.•21 views

WordPress Google Captcha Plugin <= 1.12 - BYPASS

Because of this vulnerability, attackers can bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. Solution Update the plugin...

5CVSS6.6AI score0.02351EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/01/08 12:0 a.m.•21 views

WordPress All In One WP Security & Firewall Plugin <= 3.8.9 - CSRF

Because of this vulnerability, attacker can hijack the authentication of administrators for requests that delete logs of 404 HTTP status codes. Solution Update the plugin...

6.8CVSS2.2AI score0.01076EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/01/08 12:0 a.m.•21 views

WordPress All in One SEO Pack Plugin <= 2.2.5 - Information Management

All in One SEO Pack plugin is prone to an information management vulnerability. The attackers can obtain sensitive information by reading HTML source code, because this plugin does not consider the presence of password protection during generation of the Meta Description field. Solution Update th...

5CVSS1.6AI score0.03029EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/01/02 12:0 a.m.•21 views

WordPress Relevanssi Plugin <= 3.3.7 - XSS

This vulnerability allows the attackers to inject arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...

4.3CVSS4.4AI score0.01601EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/01/02 12:0 a.m.•21 views

WordPress Sliding Social Icons Plugin <= 1.61 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution No fix available, because the plugin has...

6.8CVSS3.4AI score0.01015EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/12/17 12:0 a.m.•21 views

WordPress Wp Unique Article Header Image Plugin <= 1.0 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution There is no solution, because plugin is...

6.8CVSS3.2AI score0.01015EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/12/17 12:0 a.m.•21 views

WordPress Simple Life Plugin <=1.2 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...

6.8CVSS3.5AI score0.01001EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/12/02 12:0 a.m.•21 views

WordPress Google Analytics Plugin <= 5.1.2 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "Manually enter your UA code" field in the General Settings. Solution Update the plugin...

4.3CVSS2.6AI score0.01959EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/11/10 12:0 a.m.•21 views

WordPress XCloner Plugin - Multiple Vulnerabilities

XCloner plugin is prone to multiple vulnerabilities, such as: unauthenticated remote access to backup files via easily guessable file names, arbitrary command execution and authenticated remote file access. Also, clear text MySQL password exposure through HTML text box. Solution Upgrade the plugi...

6.5CVSS1.9AI score0.06368EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/10/20 12:0 a.m.•21 views

WordPress Spreadsheet Plugin <= 0.62- SQL Injection

This Spreadsheet plugin is prone to an SQL injection vulnerability, that allows the attackers to execute arbitrary SQL commands via the "ssid" parameter. Solution Update the plugin...

7.5CVSS6.8AI score0.02149EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/10/09 12:0 a.m.•21 views

WordPress InfusionSoft Plugin - Upload Vulnerability

InfusionSoft plugin is prone to vulnerability that allows for arbitrary file upload and remote code execution. Solution Update the plugin...

7.5CVSS4.1AI score0.46174EPSS
Exploits8References1Affected Software1
Patchstack
Patchstack
•added 2014/09/27 12:0 a.m.•21 views

WordPress Advanced Access Manager Plugin <= 2.8.2 - Admin User File Read/Write

Because of this vulnerability, attackers can write arbitrary content to arbitrary files. Solution Update the plugin...

7.2CVSS4.7AI score0.03288EPSS
Exploits3References2Affected Software1
Patchstack
Patchstack
•added 2014/09/09 12:0 a.m.•21 views

WordPress WP Support Plus Responsive Ticket System Plugin 2.0 - Multiple Vulnerabilities

There are 4 multiple vulnerabilities in this plugin. 1. SQL injection. 2. Full path disclosure. With this vulnerability full path to the file will be shown to the user after the file has been uploaded. 3. Directory traversal that allows download any file from the server. 4. Broken authentication...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/09/08 12:0 a.m.•21 views

WordPress W3 Total Cache plugin <= 0.9.4 - Cross-Site Request Forgery (CSRF) vulnerability

WordPress W3 Total Cache plugin's "admin.php" is prone to a cross-site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session. Solution Update the WordPress W3 Total...

6.8CVSS4.1AI score0.01357EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/08/18 12:0 a.m.•21 views

WordPress Mobile Pack Plugin <= 2.0.1 - Information Disclosure

Because of this vulnerability, the attackers can obtain sensitive information via an exportarticles action to export/content.php. Solution Update the plugin...

5CVSS4.6AI score0.16988EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/08/14 12:0 a.m.•21 views

WordPress Disqus Plugin 2.7.5 - Admin Stored CSRF and XSS

Disqus plugin is prone to an admin stored CSRF and XSS vulnerabilities. Solution Update the plugin...

4.3CVSS2.9AI score0.06095EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/08/13 12:0 a.m.•21 views

WordPress <=3.9.1 - Multiple Vulnerabilities #2

wp-includes/pluggable.php rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, that allows the attackers to bypass a CSRF protection mechanism via a brute-force attack. Related records:...

6.8CVSS4.6AI score0.0185EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/08/11 12:0 a.m.•21 views

WordPress GB Gallery Slideshow Plugin - SQL Injection

This WordPress GB Gallery Slideshow plugin's "wp-admin/admin-ajax.php" is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

6.5CVSS3.3AI score0.0323EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/08/06 12:0 a.m.•21 views

WordPress Last.FM Rotation Plugin <= 3.3 - Local File Inclusion

Because of this vulnerability in lastfm-proxy.php, the attackers can read arbitrary files in the "snode" parameter. Solution Update the plugin...

5CVSS4.5AI score0.04259EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/07/28 12:0 a.m.•21 views

WordPress Lead Octopus Power Plugin - SQL Injection

This WordPress Lead Octopus Power plugin's "id" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

7.5CVSS2.9AI score0.04594EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/07/26 12:0 a.m.•21 views

WordPress Brute Force Login Protection plugin <= 1.5.3 - Arbitrary IP Removal/Add via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary IP Removal/Add via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Brute Force Login Protection plugin versions = 1.5.3. Solution Deactivate and delete. This plugin has been closed as of April 7, 2022 and is not available for download. This closure is temporary,...

8.8CVSS3.4AI score0.01116EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2014/06/27 12:0 a.m.•21 views

WordPress Simple Share Buttons Adder Plugin 4.4 - Multiple Vulnerabilities

Simple Share Buttons Adder plugin is prone to multiple vulnerabilities CSRF and XSS that allow an attacker to convince an admin to visit a link of their choosing. Solution Update to version 4.5...

6.8CVSS4.6AI score0.02805EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•21 views

WordPress Rezgo Online Booking Plugin <= 1.8.1 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.1AI score0.01618EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•21 views

WordPress Picasa Image Plugin <=1.0 - XSS

Because of this vulnerability in picasaupload.php, the attackers can inject arbitrary web script or HTML via the "postid" parameter. Solution Update the plugin...

4.3CVSS2.9AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/05/28 12:0 a.m.•21 views

WordPress BookX Plugin - Local File Include

BookX plugin's "includes/bookxexport.php" is prone to a local file include vulnerability because of failure of validation user-supplied input. It allows an attacker to get potentially sensitive information. Solution Update the plugin...

5CVSS2.8AI score0.08856EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/05/22 12:0 a.m.•21 views

WordPress TinyMCE Color Picker Plugin <= 1.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. Solution Update the plugin...

6.8CVSS5.4AI score0.00952EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/04/28 12:0 a.m.•21 views

WordPress iMember360 Plugin 3.8.012 - 3.9.001 - Multiple Vulnerabilities

WordPress iMember360 plugin is prone to multiple vulnerabilities, such as XSS, arbitrary user deletion, arbitrary code execution and disclosure of database credentials vulnerabilities. Solution Upgrade the plugin...

4.3CVSS3.1AI score0.04509EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/01/16 12:0 a.m.•21 views

WordPress WP Forum Server Plugin <= 1.7.4 - XSS

Because of this vulnerability in fs-admin/wpf-add-forum.php, the attackers can inject arbitrary web script or HTML via the "groupid" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.01976EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/12/14 12:0 a.m.•21 views

WordPress OptimizePress Theme <= 1.60 - File Upload Vulnerability

Multiple unrestricted file upload vulnerabilities, the attackers can execute arbitrary code by uploading a file with an executable extension, then accessing it. Solution Update the theme...

6.8CVSS4.9AI score0.14802EPSS
Exploits3References1Affected Software1
Total number of security vulnerabilities5000