Lucene search
K
PatchstackMost viewed

46702 matches found

Patchstack
Patchstack
added 2013/11/07 12:0 a.m.21 views

WordPress Kernel Theme - Remote File Upload

WordPress Kernel theme is prone to a remote file upload vulnerability. Affected file is "upload-handler.php". Solution Upgrade the theme...

2.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/08/09 12:0 a.m.21 views

WordPress Download Monitor Plugin <= 3.3.6.1 - XSS #1

Because of this vulnerability in admin/admin.php, the attackers can inject arbitrary web script or HTML via the "sort" parameter. Solution Update the plugin...

4.3CVSS3.9AI score0.01975EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/03/26 12:0 a.m.21 views

WordPress Login With Ajax Plugin <= 3.0 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that modify this plugin's settings. Solution Update the plugin...

6.8CVSS4.8AI score0.0097EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/03/26 12:0 a.m.21 views

WordPress One Webmaster Plugin <= 8.2.3 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that insert cross site scripting sequences. Solution Update the plugin...

6.8CVSS3AI score0.00954EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/03/26 12:0 a.m.21 views

WordPress Symposium Plugin <= 13.03 - XSS

Because of this vulnerability in invite.php in, the attackers can inject arbitrary web script or HTML via the "u" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.01601EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/01/24 12:0 a.m.21 views

WordPress WP Table Reloaded Plugin - Cross Site Scripting

WP Table Reloaded plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication...

4.3CVSS2.6AI score0.0635EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2013/01/19 12:0 a.m.21 views

WordPress Ripe HD FLV Player Plugin - SQL Injection

WordPress Ripe HD FLV Player plugin is prone to an SQL injection vulnerability. It allows an attacker to get access to the database, get username, password and disclosure the full path. Solution Update the plugin...

2.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/01/02 12:0 a.m.21 views

WordPress WP MailUp Plugin <= 1.3.2 - XSS

This plugin is prone to cross site scripting attacks by setting the wordpressloggedin cookie. Solution Update the plugin...

5CVSS1.5AI score0.02585EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/12/06 12:0 a.m.21 views

WordPress <= 3.5.0 - Multiple Cross Site Scripting

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.1AI score0.0248EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/10/25 12:0 a.m.21 views

WordPress SCORM Cloud Plugin <= 1.0.6 - SQL Injection

Because of this vulnerability in ajax.php, the attackers can execute arbitrary SQL commands via the "active" parameter. Solution Update the plugin...

7.5CVSS6.1AI score0.02431EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/09/23 12:0 a.m.21 views

WordPress Pretty Link Lite Plugin <= 1.5.5 - XSS

Because of this vulnerability in pretty-bar.php, the attackers can inject arbitrary web script or HTML via the "slug" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.02058EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/08/28 12:0 a.m.21 views

WordPress Adminimize Plugin <= 1.7.21 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.1AI score0.01655EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2012/06/16 12:0 a.m.21 views

WordPress Automatic Plugin 2.0.3 - SQL Injection

This WordPress Automatic plugin is prone to an SQL injection. This vulnerability works in the csv.php file which does not require valid login credential and it allows an attacker to execute SQL Queries. Solution Upgrade this plugin to version 2.0.4...

6.2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2012/01/26 12:0 a.m.21 views

WordPress Slideshow Gallery Plugin 1.1.x - Cross Site Scripting

WordPress Slideshow Gallery plugin's "border" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...

4.3CVSS2.8AI score0.03748EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/11/23 12:0 a.m.21 views

WordPress Featurific For WordPress Plugin 1.6.2 - Cross Site Scripting

WordPress Featurific For WordPress plugin's "snum" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker c...

4.3CVSS2.1AI score0.09964EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2011/11/19 12:0 a.m.21 views

WordPress Jetpack Plugin - SQL Injection

Jetpack plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

7.5CVSS3.7AI score0.02185EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/10/31 12:0 a.m.21 views

WordPress Classipress Theme <= 3.1.4 - Stored XSS

Classipress theme is prone to a stored cross-site scripting vulnerability because of input failure through the POST parameters 'facebookid' and 'twitterid' in a registered user's profile page. It allows an attacker to inject Javascript code. Solution Update the theme...

4.3CVSS3.5AI score0.03788EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/09/30 12:0 a.m.21 views

WordPress Morning Coffee Theme 3.5 - Cross Site Scripting

WordPress Morning Coffee theme's "index.php" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can ste...

4.3CVSS3.1AI score0.03571EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2011/08/30 12:0 a.m.21 views

WordPress Crawl Rate Tracker Plugin <= 2.0.2 - SQL Injection

Crawl Rate Tracker plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

3.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2011/08/18 12:0 a.m.21 views

WordPress Global Content Blocks Plugin <= 1.2 - SQL Injection

This WordPress Global Content Blocks plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

3.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2011/08/10 12:0 a.m.21 views

WordPress <= 3.1.2 - Clickjacking Attacks

This WordPress version does not prevent rendering for admin or login pages inside a frame in a third-party HTML document. It allows the attackers to conduct clickjacking attacks via a crafted web site. Solution Update WordPress...

5.8CVSS4.3AI score0.01525EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2011/04/07 12:0 a.m.21 views

WordPress WPtouch Plugin <= 1.9.20 - XSS

Because of this vulnerability in lib/includes/auth.inc.php, the attackers can inject arbitrary web script or HTML via the "wptouchsettings" parameter to include/adsense-new.php. Solution Update the plugin...

4.3CVSS2.7AI score0.01901EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2010/11/01 12:0 a.m.21 views

WordPress CformsII Plugin 11.5 / 13.1 - Multiple Cross-Site Scripting Vulnerabilities

CformsII plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication...

4.3CVSS3.3AI score0.04285EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2010/07/03 12:0 a.m.21 views

WordPress cache_lastpostdate - Arbitrary Code Execution

WordPress version prior to 1.5.1.3 is remotely exploitable if the web server on which it runs has registerglobals enabled in the PHP configuration. Perl code exists to automatically exploit vulnerable WP 1.5.1.3 sites, allowing the attacker to try to execute code. Solution Update WordPress...

7.5CVSS6.4AI score0.38771EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2009/12/02 12:0 a.m.21 views

WordPress WP Cumulus Plugin <= 1.21 - XSS

Because of this vulnerability in wp-cumulus.php, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...

4.3CVSS3AI score0.01795EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2008/03/12 12:0 a.m.21 views

WordPress <= 2.3.2 - Multiple XSS vulnerabilities

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...

4.3CVSS1.5AI score0.04998EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2008/02/11 12:0 a.m.21 views

WordPress Footnotes Plugin <= 2.2 - Multiple XSS vulnerabilities

Because of these vulnerabilities in adminpanel.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.4AI score0.03594EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2008/02/07 12:0 a.m.21 views

WordPress <= 2.3.2 - Unauthorized Access Vulnerability

Because of this vulnerability, the attackers can edit posts of other blog users via unknown vectors. Solution Update WordPress...

6.4CVSS5.9AI score0.03553EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/02/05 12:0 a.m.21 views

WordPress DMSGuestbook Plugin <= 1.8.0 - Directory Traversal

Because of this vulnerability in wp-admin/admin.php, the authenticated users can read arbitrary files. Solution Update the plugin...

4CVSS3.6AI score0.03476EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/01/31 12:0 a.m.21 views

WordPress Migration Plugin <= 1.0 - CSRF

Because of this vulnerability in deanspermalinksmigration.php, the attackers can modify the oldstructure configuration setting. Solution Update the plugin...

6.8CVSS4.6AI score0.01292EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/01/30 12:0 a.m.21 views

WordPress fGallery Plugin <= 2.4.1 - SQL Injection

Because of this vulnerability in fimrss.php, the attackers can execute arbitrary SQL commands via the "album" parameter. Solution Update the plugin...

7.5CVSS6.8AI score0.05549EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/01/10 12:0 a.m.21 views

WordPress FileManager Plugin <= 1.2 - Arbitrary File Upload

Because of this vulnerability in ajaxfilemanager.php, the attackers can upload and execute arbitrary PHP code via unspecified vectors. Solution Update the plugin...

7.5CVSS6.8AI score0.07702EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2008/01/09 12:0 a.m.21 views

WordPress <= 2.0.3 - Directory Traversal

Because of this vulnerability in wp-db-backup.php, the attackers can read arbitrary files, delete arbitrary files, and cause a denial of service in the "backup" parameter. Solution Update WordPress...

7.5CVSS4.9AI score0.0375EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/01/09 12:0 a.m.21 views

WordPress <= 2.0.11 - Multiple Vulnerabilities

Because of these vulnerabilities, the attackers can obtain sensitive information via an empty value of the "page" parameter to certain PHP scripts under wp-admin/. Solution Update WordPress...

5CVSS3.6AI score0.0331EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/01/09 12:0 a.m.21 views

WordPress <= 2.0.9 - Multiple XSS

Because of these vulnerabilitie, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...

4.3CVSS1.7AI score0.05072EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2007/11/02 12:0 a.m.21 views

WordPress BackUpWordPress Plugin <= 0.4.2 - Remote File Inclusion

Because og this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "bkpwppluginpath" parameter. Solution Update the plugin...

6.8CVSS6.5AI score0.36543EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2007/08/03 12:0 a.m.21 views

WordPress <= 2.2.1 - SQL Injection

Because of this vulnerability in options.php, the authenticated administrators can execute arbitrary SQL commands via the "pageoptions" parameter. Solution Update WordPress...

6.5CVSS6AI score0.01899EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2007/06/14 12:0 a.m.21 views

WordPress Default Theme <= 2.2 - XSS

Because of this vulnerability, the authenticated administrators can inject arbitrary web script or HTML. Solution Update the theme...

6CVSS1.5AI score0.02EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2007/06/14 12:0 a.m.21 views

WordPress Vistered Little Theme - XSS

Because of this vulnerability in 404.php, the attackers can inject arbitrary web script or HTML via the URI REQUESTURI that accesses index.php. Solution Update the theme...

4.3CVSS3AI score0.02776EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2007/03/28 12:0 a.m.21 views

WordPress <= 2.1.2 - Cross Site Scripting

Because of this vulnerability in an mt import in wp-admin/admin.php, the authenticated administrators can inject arbitrary web script or HTML via the "demo" parameter Solution Update the WordPress to the latest available version at least 2.1.3...

3.5CVSS2.3AI score0.01539EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2007/03/02 12:0 a.m.21 views

WordPress <= 2.1.1 - Multiple XSS

Because of these vulnerabilities in wp-includes/functions.php, the attackers can inject arbitrary web script or HTML. Solution Update the WordPress to the latest available version at least 2.1.2...

5.8CVSS1.6AI score0.02053EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2007/02/21 12:0 a.m.21 views

WordPress <= 2.1.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "file" parameter. Solution Update the WordPress to the latest available version at least 2.1.1...

4.3CVSS2.5AI score0.06294EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2006/02/16 12:0 a.m.21 views

WordPress <= 2.0.0 - Cross Site Scripting

Because of this vulnerability, attackers can inject arbitrary web script or HTML via scriptable attributes such as onfocus and onblur in the "author's website" field. Solution Update the WordPress to the latest available version at least 2.0.1...

2.6CVSS2.5AI score0.04719EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2005/12/21 12:0 a.m.21 views

WordPress <= 1.5.1 - Multiple Vulnerabilities

Because of these vulnerabilities, the attackers can obtain sensitive information via a direct request to wp-admin/upgrade-functions.php, wp-includes/vars.php, wp-admin/edit-form.php, wp-content/plugins/hello.php, wp-settings.php or wp-admin/edit-form-comment.php. Solution Update the WordPress to...

5CVSS4.3AI score0.03308EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2005/07/01 12:0 a.m.21 views

WordPress <= 1.5.1.2 - Multiple Vulnerabilities #1

Because of these vulnerabilities in wp-login.php, the attackers can change the content of the forgotten password e-mail message via the message variable, that is not initialized before use. Solution Update the WordPress to the latest available version at least 1.5.1.3...

5CVSS4.6AI score0.02578EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2005/07/01 12:0 a.m.21 views

WordPress <= 1.5.1.2 - Multiple Vulnerabilities #2

Because of these vulnerabilities, the attackers can obtain sensitive information via a direct request to menu-header.php or a value in the "feed" parameter to wp-atom.php. Solution Update the Wordpress to the latest available version at least 1.5.1.3...

5CVSS4.5AI score0.02879EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 12:0 a.m.20 views

WordPress The7 — Website and eCommerce Builder for WordPress theme <= 14.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Theme The7 versions = 14.3.2...

6.4CVSS5.8AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/12 12:0 a.m.20 views

WordPress WPC Badge Management for WooCommerce plugin <= 3.1.6 - Authenticated (Shop Manager+) Stored Cross-Site Scripting vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WPC Badge Management for WooCommerce versions = 3.1.6...

5.5CVSS5.8AI score0.00207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/21 3:10 p.m.20 views

WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Contest Gallery versions = 28.1.6...

5.8AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/08 10:21 a.m.20 views

WordPress All-in-One Video Gallery plugin <= 4.5.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin All-in-One Video Gallery versions = 4.5.7...

8.8CVSS6.8AI score0.00446EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000