Lucene search
K
PatchstackMost viewed

46571 matches found

Patchstack
Patchstack
added 2023/11/28 12:0 a.m.42 views

WordPress JetBlog Plugin <= 2.3.5 is vulnerable to Broken Access Control

Software JetBlog Type Plugin Vulnerable versions = 2.3.5 Fixed in 2.3.5.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID 41e8fbc9018f Credits Rafie Muhammad Patchstack Required...

9.8CVSS6.8AI score0.00445EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/11/14 12:0 a.m.42 views

WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Authorization Bypass vulnerability

Authorization Bypass vulnerability discovered by Julien Ahrens in WordPress Transposh WordPress Translation plugin versions = 1.0.8.1. Solution No patched version is available. This plugin has been closed as of February 7, 2022 and is not available for download. Reason: Security Issue...

2.9AI score0.01369EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
added 2022/08/15 12:0 a.m.42 views

WordPress WC Marketplace Plugin <= 3.8.11.8 - Unauthorized AJAX Calls Vulnerability

Unauthorized AJAX Calls vulnerability discovered by ptsfence in WordPress WC Marketplace plugin versions = 3.8.11.8. Solution Update the WordPress WC Marketplace plugin to the latest available version at least 3.8.12...

4.3CVSS2.9AI score0.00265EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/28 12:0 a.m.42 views

WordPress Request a Quote plugin <= 2.3.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Benachi in WordPress Request a Quote plugin versions = 2.3.7. Solution Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for download. This closure is temporary, pending a full revi...

4.8CVSS2.6AI score0.00532EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/01/12 12:0 a.m.42 views

WordPress PowerPack Lite for Beaver Builder plugin <= 1.2.9.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress PowerPack Lite for Beaver Builder plugin versions = 1.2.9.2. Solution Update the WordPress PowerPack Lite for Beaver Builder plugin to the latest available version at least 1.2.9.3...

6.1CVSS3.4AI score0.00863EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/08 12:0 a.m.42 views

WordPress RegistrationMagic plugin <= 5.0.1.5 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by JrXnm in WordPress RegistrationMagic plugin versions = 5.0.1.5. Solution Update the WordPress RegistrationMagic plugin to the latest available version at least 5.0.1.6...

7.2CVSS3AI score0.73293EPSS
Exploits6References3Affected Software1
Patchstack
Patchstack
added 2021/10/06 12:0 a.m.42 views

WordPress Age Gate plugin <= 2.16.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Martin Vierula Trustwave in WordPress Age Gate plugin versions = 2.16.3. Solution Update the WordPress Age Gate plugin to the latest available version at least 2.16.4...

2.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/03/24 12:0 a.m.42 views

WordPress Ignition premium theme <= 1.59 - Unauthenticated Arbitrary File Upload and Option Deletion

Unauthenticated Arbitrary File Upload and Option Deletion discovered by WordFence in WordPress Ignition premium theme versions = 1.59. Solution Update the WordPress Ignition premium theme to the latest available version at least 2.0.0...

3.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2014/09/25 12:0 a.m.42 views

WordPress All In One WP Security Plugin 3.8.2 - SQL Injection

This WordPress All In One WP Security plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

6.5CVSS3.4AI score0.04155EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
added 2012/12/13 12:0 a.m.42 views

WordPress Portable phpMyAdmin Plugin - Authentication Bypass

Portable phpMyAdmin plugins is prone to authentication bypass vulnerability. It allows an attacker to gain sensitive information. Solution Upgrade to version 1.3.1...

7.5CVSS4.8AI score0.23745EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
added 2026/06/04 12:32 p.m.41 views

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 2.0.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.8...

8.5CVSS5.9AI score0.00373EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/26 12:0 a.m.41 views

WordPress Category Ajax Filter Plugin <= 2.8.2 is vulnerable to Local File Inclusion

Software Category Ajax Filter Type Plugin Vulnerable versions = 2.8.2 Fixed in 2.8.3 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-10871 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 41b4026eef43 Credits Le Ngoc Anh Required privilege...

9.8CVSS6.8AI score0.00765EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2022/07/31 12:0 a.m.41 views

WordPress Fast Flow Plugin <= 1.2.12 - Authenticated Stored Cross-Site Scripting

Authenticated Stored Cross-Site Scripting vulnerability discovered by Hardik Rathod in Fast Flow plugin versions = 1.2.12 Solution Update the WordPress Fast Flow plugin to the latest available version at least 1.2.13...

5.5CVSS2.2AI score0.00575EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/04/25 12:0 a.m.41 views

WordPress WPCargo Track & Trace plugin <= 6.9.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raul in WordPress WPCargo Track & Trace plugin versions = 6.9.4. Solution Update the WordPress WPCargo Track & Trace plugin to the latest available version at least 6.9.5...

4.8CVSS3AI score0.00565EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/04/04 12:0 a.m.41 views

WordPress wpDataTables plugin <= 2.1.27 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress wpDataTables plugin versions = 2.1.27. Solution Update the WordPress wpDataTables plugin to the latest available version at least 2.1.28...

4.8CVSS3.1AI score0.00543EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/01/24 12:0 a.m.41 views

WordPress Float menu plugin <= 4.3 - Arbitrary Menu Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Menu Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress Float menu plugin versions = 4.3. Solution Update the WordPress Float menu plugin to the latest available version at least 4.3.1...

4.3CVSS4.5AI score0.00464EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/12/17 12:0 a.m.41 views

WordPress Contact Form 7 plugin <= 5.3.1 - Unrestricted File Upload vulnerability

Unrestricted File Upload vulnerability found by Jinson Varghese Behanan in WordPress Contact Form 7 plugin versions = 5.3.1. Solution Update the WordPress Contact Form 7 plugin to the latest available version at least 5.3.2...

3.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/03/24 12:0 a.m.41 views

WordPress WP e-Commerce Shop Styling plugin <= 2.9.1 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability discovered by Random Robbie in WordPress WP e-Commerce Shop Styling plugin versions = 2.9.1. Solution Plugin closed. Deactivate and delete...

6.8CVSS2.1AI score0.39374EPSS
Exploits6References2Affected Software1
Patchstack
Patchstack
added 2019/03/13 12:0 a.m.41 views

WordPress 3.9-5.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Simon Scannell in WordPress versions 3.9-5.1. Solution Update WordPress to the latest available version at least 5.1.1...

1.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2017/08/08 12:0 a.m.41 views

WordPress Bridge theme <=11.1 - DOM Cross-Site Scripting (XSS) vulnerability

WordPress Bridge theme 11.1 and earlier versions are vulnerable to DOM Cross-Site Scripting XSS vulnerability Solution Update the WordPress Bridge theme to the latest available version at least 11.2...

1.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/01/27 12:0 a.m.41 views

WordPress Photo Gallery plugin <= 1.2.100 - SQL Injection

Because of this vulnerability, authenticated users can execute arbitrary SQL commands via "the ascordesc" parameter in the galleriesbwg page to wp-admin/admin.php. Solution Upgrade the plugin...

6.5CVSS5.8AI score0.01655EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2025/06/24 9:32 p.m.40 views

WordPress Everest Forms (Pro) plugin <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion vulnerability

Unauthenticated Path Traversal to Arbitrary File Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Everest Forms Pro versions = 1.9.4...

7.5CVSS6.7AI score0.0058EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/16 2:5 p.m.40 views

WordPress WP Flipclock plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin WP Flipclock versions = 1.9.1...

6.5CVSS6.9AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/27 12:0 a.m.40 views

WordPress Widget Options Plugin <= 4.0.7 is vulnerable to Remote Code Execution (RCE)

Software Widget Options Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-8672 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 44c40aa090ca Credits Webbernaut Required privilege...

7.6AI score0.43797EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.40 views

WordPress W3 Total Cache Plugin <= 2.7.5 is vulnerable to Sensitive Data Exposure

Software W3 Total Cache Type Plugin Vulnerable versions = 2.7.5 Fixed in 2.7.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5359 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 553a33ae4238 Credits Ivan Kuzymchak Required...

7.5CVSS6.6AI score0.00802EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/11/29 12:0 a.m.40 views

WordPress WP Pocket URLs Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Pocket URLs Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49176 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 380f014ea38f Credits SeungYongLee Required privilege...

7.1CVSS6.5AI score0.00403EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/10/18 12:0 a.m.40 views

WordPress core <= 6.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability via SQL Injection SQLi in Media Library discovered by Ben Bidner WordPress security team and Marc Montpas Automattic in WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...

2.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/09/07 12:0 a.m.40 views

WordPress Backup Buddy plugin 8.5.8.0 - 8.7.4.1 - Unauthenticated Path Traversal / Arbitrary File Download vulnerability

Unauthenticated Path Traversal / Arbitrary File Download vulnerability discovered by Lew Ayotte & Timothy Jacobs in WordPress Backup Buddy plugin versions 8.5.8.0 - 8.7.4.1. Solution Update the WordPress BackupBuddy plugin to the latest available version at least 8.7.5.0...

4.7AI score0.63761EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/18 12:0 a.m.40 views

WordPress Download Manager Plugin <= 3.2.49 - Authenticated PHAR Deserialization vulnerability

Authenticated PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in Download Manager plugin versions = 3.2.49 Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.50...

8.8CVSS3.9AI score0.01328EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/07/12 12:0 a.m.40 views

WordPress weForms plugin <= 1.6.13 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Tri Wanda Septian in WordPress weForms plugin versions = 1.6.13. Solution Update the WordPress weForms plugin to the latest available version at least 1.6.14...

4.8CVSS2.6AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/15 12:0 a.m.40 views

WordPress Ninja Forms plugin <= 3.6.10 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered in WordPress Ninja Forms plugin versions = 3.6.10. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.11...

3.2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/04/21 12:0 a.m.40 views

WordPress WPQA - Builder forms Addon plugin < 5.2 - Arbitrary Profile Picture Deletion via IDOR vulnerability

Arbitrary Profile Picture Deletion via IDOR vulnerability discovered by Binit Ghimire in WordPress WPQA - Builder forms Addon plugin versions 5.2. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.2...

4.3CVSS4.1AI score0.00618EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/03/22 12:0 a.m.40 views

WordPress Pricing Table Plugin plugin <= 3.6 - Authenticated SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by cydave in WordPress Pricing Table Plugin plugin versions = 3.6. Solution Update the WordPress Pricing Table Plugin plugin to the latest available version at least 3.6.1...

9.8CVSS3.1AI score0.12455EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.40 views

WordPress ClickerVolt – Affiliate Links & Click Tracking for Performance Marketers plugin <= 1.169 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress ClickerVolt – Affiliate Links & Click Tracking for Performance Marketers plugin versions = 1.169. Solution No patched version available...

3.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/09/27 12:0 a.m.40 views

WordPress Check & Log Email plugin <= 1.0.2 - Multiple SQL Injection (SQLi) vulnerabilities

Multiple SQL Injection SQLi vulnerabilities were discovered by bl4derunner in WordPress Check & Log Email plugin versions = 1.0.2. Solution Update the WordPress Check & Log Email plugin to the latest available version at least 1.0.3...

2.7AI score0.01275EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/10/29 12:0 a.m.40 views

WordPress <= 5.5.1 - Unauthenticated Denial-of-Service (DoS) Attack to Remote Code Execution (RCE) vulnerability

Unauthenticated Denial-of-Service DoS Attack to Remote Code Execution RCE vulnerability found by Omar Ganiev in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...

9.8CVSS5.7AI score0.0774EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/05/03 12:0 a.m.40 views

WordPress <=4.7.4 - Host Header Injection in Password Reset

The issue with the SERVERNAME and PHP mail function allow an attacker to trick the WordPress send the password reset crafted wp-login.php?action=lostpassword request mail to the attackers SMTP server. Solution Update WordPress to the latest possible version at least 4.7.5...

5.9CVSS3.2AI score0.26699EPSS
Exploits7Affected Software1
Patchstack
Patchstack
added 2015/10/09 12:0 a.m.40 views

WordPress Visual Composer Plugin <= 4.7.3 - Cross Site Scripting

This WordPress plugin is prone to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary script or HTML. Solution Update the plugin...

3.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.40 views

WordPress WooCommerce Plugin <= 2.3.5 - SQL Injection

Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands. Solution Update the plugin...

6.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2012/01/25 12:0 a.m.40 views

WordPress <= 3.3.1 - Multiple Vulnerabilities

WordPress version 3.3.1 is prone to PHP code execution and persistent cross-site scripting vulnerabilities via "setup-config.php" page. The attackers can host their own MySQL database server and then successfully complete the WordPress installation without having any valid credentials on the targ...

5CVSS2.1AI score0.09551EPSS
Exploits7References1Affected Software1
Patchstack
Patchstack
added 2023/11/09 12:0 a.m.39 views

WordPress WP responsive FAQ with category Plugin <= 3.8 is vulnerable to Broken Access Control

Software WP responsive FAQ with category Type Plugin Vulnerable versions = 3.8 Fixed in 3.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 32b8b1fbabbe Credits Abdi Pranat...

5.9AI score0.00188EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/11/21 12:0 a.m.39 views

WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to the plugin specific for this theme settings change discovered by Dave Jong Patchstack in the WordPress Betheme premium theme versions = 26.6.1. Solution Update the WordPress Betheme theme to the latest available version at least 26.6.3...

3.3AI score0.00405EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/28 12:0 a.m.39 views

WordPress Comments – wpDiscuz plugin 7.4.2 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Dhakal Ananda in WordPress Comments – wpDiscuz plugin versions 7.4.2. Solution Update the WordPress wpDiscuz plugin to the latest available version at least 7.5...

8.8CVSS2.9AI score0.00593EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/13 12:0 a.m.39 views

WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to plugin settings reset was discovered by Mika Patchstack Alliance in the WordPress Page View Count plugin versions = 2.5.5. Solution Update the WordPress Page View Count plugin to the latest available version at least 2.5.6...

5.4CVSS3.9AI score0.00243EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/23 12:0 a.m.39 views

WordPress All-in-One WP Migration plugin <= 7.62 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Team ISH Tecnologia in WordPress All-in-One WP Migration plugin versions = 7.62. Solution Update the WordPress All-in-One WP Migration plugin to the latest available version at least 7.63...

2.6AI score0.01204EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2022/08/10 12:0 a.m.39 views

WordPress AS – Create Pinterest Pinboard Pages plugin <= 1.0 - Authenticated plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability

Authenticated plugin settings change leading to Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence in WordPress AS – Create Pinterest Pinboard Pages plugin versions = 1.0. Solution No fix is available...

5.4CVSS1.5AI score0.00424EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/02 12:0 a.m.39 views

WordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Muhammad Daffa Patchstack Alliance in WordPress MaxButtons plugin versions = 9.2. Solution Update the WordPress MaxButtons plugin to the latest available version at least 9.3...

8.8CVSS4.2AI score0.00334EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/07/19 12:0 a.m.39 views

WordPress WP-UserOnline plugin <= 2.87.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Steffin Stanly in WordPress WP-UserOnline plugin versions = 2.87.6. Solution Update the WordPress User Online plugin to the latest available version at least 2.88.0...

5.5CVSS1.9AI score0.0095EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/04/28 12:0 a.m.39 views

WordPress All in One WP Migration plugin <= 7.58 - Directory Traversal to File Deletion on Windows Hosts vulnerability

Directory Traversal to File Deletion on Windows Hosts vulnerability discovered by haidv35 Viettel Cyber Security in WordPress All-in-One WP Migration plugin versions = 7.58. Solution Update the WordPress All-in-One WP Migration plugin to the latest available version at least 7.59...

6.6CVSS2AI score0.47495EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2022/04/18 12:0 a.m.39 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE

Arbitrary File Upload leading to RCE discovered by Huli Cymetrics in WordPress VikBooking Hotel Booking Engine & PMS plugin versions = 1.5.3. Solution Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version at least 1.5.4...

9.8CVSS2.7AI score0.01638EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000