Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2024/06/03 12:0 a.m.20 views

WordPress Advanced Custom Fields Plugin < 6.3 is vulnerable to Sensitive Data Exposure

Software Advanced Custom Fields Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A6: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4565 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5beab9ff85fb Credits Scott Kingsley Clark...

7.5CVSS6.4AI score0.00428EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/05/27 12:0 a.m.20 views

WordPress PostX Plugin < 4.1.0 is vulnerable to Cross Site Scripting (XSS)

Software PostX Type Plugin Vulnerable versions 4.1.0 Fixed in 4.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4305 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4a6a72a8e520 Credits Dmitrii Ignatyev Required privilege...

6.8CVSS5.7AI score0.0043EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2024/05/27 12:0 a.m.20 views

WordPress KKProgressbar2 Free Plugin <= 1.1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software KKProgressbar2 Free Type Plugin Vulnerable versions = 1.1.4.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4535 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1928f58a695a Credits Bob Matyas...

6.6AI score0.00324EPSS
Exploits3References4Affected Software1
Patchstack
Patchstack
added 2024/05/24 12:0 a.m.20 views

WordPress The Events Calendar PRO Plugin < 6.4.0.1 is vulnerable to Sensitive Data Exposure

Software The Events Calendar PRO Type Plugin Vulnerable versions 6.4.0.1 Fixed in 6.4.0.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1295 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bc59557889e3 Credits Scott Kingsley Cla...

6.5CVSS6.4AI score0.00464EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/05/22 12:0 a.m.20 views

WordPress Country State City Dropdown CF7 Plugin <= 2.7.2 is vulnerable to SQL Injection

Software Country State City Dropdown CF7 Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3495 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 39d467a76c0d Credits Krzysztof Zając Required privile...

9.8CVSS6.8AI score0.13618EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/05/22 12:0 a.m.20 views

WordPress Memberpress Plugin <= 1.11.29 is vulnerable to Server Side Request Forgery (SSRF)

Software Memberpress Type Plugin Vulnerable versions = 1.11.29 Fixed in 1.11.30 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-5031 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID fdb3181ef572 Credits stealthcopter Required privileg...

8.5CVSS6.9AI score0.00294EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/21 12:0 a.m.20 views

WordPress Uber Menu Plugin <= 3.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Uber Menu Type Plugin Vulnerable versions = 3.8.2 Fixed in 3.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4710 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 50d8afce240c Credits stealthcopter Required privile...

6.4CVSS5.8AI score0.00267EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/16 12:0 a.m.20 views

WordPress Tutor LMS Pro Plugin <= 2.7.0 is vulnerable to Privilege Escalation

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-4351 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fc3d215c9303 Credits villu164...

8.8CVSS6.5AI score0.01023EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/15 12:0 a.m.20 views

WordPress Ultimate Blocks – Gutenberg Blocks Plugin Plugin < 3.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Blocks – Gutenberg Blocks Plugin Type Plugin Vulnerable versions 3.1.7 Fixed in 3.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3241 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d5558061fd26 Credits...

5.4CVSS5.7AI score0.00353EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2024/05/10 12:0 a.m.20 views

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.102 is vulnerable to SQL Injection

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.102 Fixed in 1.5.105 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3055 Patch priority Low CVSS severity Low 8.5 Developer Unlimited Elements PSID 6f752cde8e3d...

8.8CVSS6.8AI score0.00821EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/05/07 12:0 a.m.20 views

WordPress Form Maker by 10Web Plugin <= 1.15.24 is vulnerable to Cross Site Scripting (XSS)

Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.24 Fixed in 1.15.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34437 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bccbcab6c64f Credits Huynh Tien Si Required privile...

5.9CVSS6.6AI score0.00447EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/03 12:0 a.m.20 views

WordPress EAN for WooCommerce Plugin <= 4.8.9 is vulnerable to Privilege Escalation

Software EAN for WooCommerce Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-34370 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 628e44782b40 Credits...

7.2CVSS6.5AI score0.01095EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/02 12:0 a.m.20 views

WordPress Contact Form by WPForms Plugin <= 1.8.7.2 is vulnerable to Broken Access Control

Software Contact Form by WPForms Type Plugin Vulnerable versions = 1.8.7.2 Fixed in 1.8.8.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-3649 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f3183fdcee99 Credits Asaf Mozes Require...

5.3CVSS6.6AI score0.00679EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/30 12:0 a.m.20 views

WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.7.7 is vulnerable to Sensitive Data Exposure

Software Drag and Drop Multiple File Upload – Contact Form 7 Type Plugin Vulnerable versions = 1.3.7.7 Fixed in 1.3.7.8 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-3717 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

5.3CVSS6.6AI score0.0065EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/26 12:0 a.m.20 views

WordPress Social Media & Share Icons Plugin <= 2.8.6 is vulnerable to Broken Access Control

Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1a7903f770f4 Credits Dhabaleshwar Das...

6.2AI score0.00208EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/26 12:0 a.m.20 views

WordPress Filterable Portfolio Plugin <= 1.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Filterable Portfolio Type Plugin Vulnerable versions = 1.6.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4234 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a352fd807519 Credits Steven Julian Required privilege...

5.9CVSS6.6AI score0.00382EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.20 views

WordPress KB Support Plugin <= 1.6.0 is vulnerable to Broken Access Control

Software KB Support Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33589 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 770dfcb61dbb Credits Yudistira Arya Required privilege...

6.5CVSS6.6AI score0.00466EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.20 views

WordPress Smart Forms Plugin <= 2.6.91 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions = 2.6.91 Fixed in 2.6.92 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33593 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 810e0b29d7f7 Credits Dhabaleshwar Das Required...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.20 views

WordPress Serious Slider Plugin <= 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Serious Slider Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33650 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e5af7123ddcc Credits Steven Julian Requir...

4.3CVSS6.6AI score0.00214EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.20 views

WordPress Client Dash Plugin <= 2.2.1 is vulnerable to Broken Access Control

Software Client Dash Type Plugin Vulnerable versions = 2.2.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33652 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 999732255bed Credits Skalucy Required privilege...

5.3CVSS6.6AI score0.00524EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.20 views

WordPress Royal Elementor Addons Plugin <= 1.3.93 is vulnerable to Bypass Vulnerability

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.93 Fixed in 1.3.95 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-32786 Patch priority Low CVSS severity Low 5.3 Developer WProyal PSID 136b421b7f6f Credits Brandon Roldan Required...

9.8CVSS6.5AI score0.00455EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.20 views

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.16.2 is vulnerable to PHP Object Injection

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.16.2 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-7064 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID b9a2bdf53bc0 Credits Rhynorater -...

7.5CVSS6.9AI score0.00869EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.20 views

WordPress Simple Buttons Creator Plugin <= 1.04 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simple Buttons Creator Type Plugin Vulnerable versions = 1.04 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2858 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bfe6a65231af Credits Bob Matyas...

4.8CVSS6.6AI score0.00192EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.20 views

WordPress Ultimate Member Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Member Type Plugin Vulnerable versions = 2.8.4 Fixed in 2.8.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4af1ffb7c063 Credits tiborisaak Require...

5.4CVSS5.9AI score0.00502EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/11 12:0 a.m.20 views

WordPress Essential Grid Plugin <= 3.1.1 is vulnerable to Broken Access Control

Software Essential Grid Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3235 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 597aadc22d06 Credits 1337Wannabe Required privilege...

5.3CVSS6.6AI score0.00688EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/10 12:0 a.m.20 views

WordPress Table & Contact Form 7 Database – Tablesome Plugin <= 1.0.25 is vulnerable to Cross Site Request Forgery (CSRF)

Software Table & Contact Form 7 Database – Tablesome Type Plugin Vulnerable versions = 1.0.25 Fixed in 1.0.26 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2024-31388 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

4.3CVSS6.6AI score0.002EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.20 views

WordPress Relevanssi Plugin <= 4.22.1 is vulnerable to CSV Injection

Software Relevanssi Type Plugin Vulnerable versions = 4.22.1 Fixed in 4.22.2 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2024-3214 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 3b70af9574ea Credits Thura Moe Myint mgthuramoemyint Required privilege...

9.8CVSS6.9AI score0.00769EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/29 12:0 a.m.20 views

WordPress Contact Form 7 Newsletter Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Newsletter Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31110 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d60fc2231b4d Credits Dimas Maulana Required...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/03/28 12:0 a.m.20 views

WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software WOOCS – WooCommerce Currency Switcher Type Plugin Vulnerable versions = 1.4.1.7 Fixed in 1.4.1.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30458 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38805bdd386d...

8.8CVSS6.6AI score0.00241EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/12 12:0 a.m.20 views

WordPress Seriously Simple Podcasting Plugin < 3.0.0 is vulnerable to Sensitive Data Exposure

Software Seriously Simple Podcasting Type Plugin Vulnerable versions 3.0.0 Fixed in 3.0.0 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2023-6444 Patch priority Low CVSS severity Low 5.3 Developer Castos PSID d8c267ec50e4 Credits Krzysztof Zając CERT PL Required...

5.3CVSS6.9AI score0.02463EPSS
Exploits3References4Affected Software1
Patchstack
Patchstack
added 2024/02/19 12:0 a.m.20 views

WordPress MasterStudy LMS Plugin <= 3.2.5 is vulnerable to SQL Injection

Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.2.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1512 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e235479f4753 Credits Krzysztof Zając Required privilege Unauthenticat...

9.8CVSS7.2AI score0.77729EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/02/08 12:0 a.m.20 views

WordPress Livemesh Addons for Elementor Plugin <= 8.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.3.2 Fixed in 8.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1235 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ab5cdd31d383 Credits Webbernaut...

6.4CVSS5.8AI score0.00429EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/02/07 12:0 a.m.20 views

WordPress PowerPack Addons for Elementor Plugin <= 2.7.14 is vulnerable to Cross Site Scripting (XSS)

Software PowerPack Addons for Elementor Type Plugin Vulnerable versions = 2.7.14 Fixed in 2.7.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1055 Patch priority Low CVSS severity Low 6.5 Developer IdeaBox Creations PSID 07e0415bb2da Credits...

5.4CVSS5.8AI score0.00423EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/02/07 12:0 a.m.20 views

WordPress WP RSS Aggregator Plugin <= 4.23.5 is vulnerable to Server Side Request Forgery (SSRF)

Software WP RSS Aggregator Type Plugin Vulnerable versions = 4.23.5 Fixed in 4.23.6 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-0628 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID dd1943fc88ab Credits Colin Xu Requir...

3.8CVSS6.6AI score0.00363EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/01/22 12:0 a.m.20 views

WordPress WPvivid Backup and Migration Plugin <= 0.9.94 is vulnerable to Broken Access Control

Software WPvivid Backup and Migration Type Plugin Vulnerable versions = 0.9.94 Fixed in 0.9.95 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4637 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9fe28924b5f3 Credits Revan Arifio...

5.3CVSS6.9AI score0.00615EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/01/22 12:0 a.m.20 views

WordPress enigma chart.js Plugin <= 2023.2 is vulnerable to Cross Site Scripting (XSS)

Software enigma chart.js Type Plugin Vulnerable versions = 2023.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6082 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f48f6888cc5 Credits Asif Nawaz Minhas & Serge...

5.4CVSS6AI score0.0039EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2024/01/19 12:0 a.m.20 views

WordPress FluentForm Plugin <= 5.1.5 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.5 Fixed in 5.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0618 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0f6deb843ce1 Credits Akbar Kustirama Required...

4.8CVSS5.8AI score0.0054EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/01/19 12:0 a.m.20 views

WordPress Stripe Payment Gateway for WooCommerce Plugin <= 3.7.9 is vulnerable to SQL Injection

Software Stripe Payment Gateway for WooCommerce Type Plugin Vulnerable versions = 3.7.9 Fixed in 3.8.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0705 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 8c922733cce2 Credits Francesco Carlucci Requir...

9.8CVSS6.8AI score0.02657EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/01/16 12:0 a.m.20 views

WordPress Stock Locations for WooCommerce Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)

Software Stock Locations for WooCommerce Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22153 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cf59ffb809c9 Credits Mika Required privileg...

5.9CVSS6.6AI score0.00358EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/12/28 12:0 a.m.20 views

WordPress WP Adminify Plugin <= 3.1.6 is vulnerable to SQL Injection

Software WP Adminify Type Plugin Vulnerable versions = 3.1.6 Fixed in 3.1.7 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-52132 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 1e08f0f78327 Credits Muhammad Daffa Required privilege Administrator...

7.6CVSS6.8AI score0.00541EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.20 views

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.2.1 is vulnerable to Privilege Escalation

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.3.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51546 Patch priority Medium CVSS severity Medium...

7.2CVSS6.5AI score0.00643EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/12/19 12:0 a.m.20 views

WordPress EazyDocs Plugin < 2.3.4 is vulnerable to SQL Injection

Software EazyDocs Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6035 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 6ad682fb44ae Credits Dao Xuan Hieu Required privilege Subscriber Published 19...

8.8CVSS6.8AI score0.00853EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/12/12 12:0 a.m.20 views

WordPress Popup Builder Plugin < 4.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 4.2.3 Fixed in 4.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6000 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 14212aacf7f9 Credits Marc Montpas Required...

6.1CVSS5.8AI score0.01999EPSS
Exploits4References4Affected Software1
Patchstack
Patchstack
added 2023/12/06 12:0 a.m.20 views

WordPress Multi Currency For WooCommerce Plugin <= 1.5.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Multi Currency For WooCommerce Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49840 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c36e478dcad3 Credits Nguy...

8.8CVSS6.6AI score0.00261EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/12/04 12:0 a.m.20 views

WordPress Advanced Database Cleaner Plugin <= 3.1.2 is vulnerable to SQL Injection

Software Advanced Database Cleaner Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49764 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 18ca57291df6 Credits Mika Required privilege Administrator...

7.6CVSS6.8AI score0.0074EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/11/29 12:0 a.m.20 views

WordPress Social Share Buttons & Analytics Plugin – GetSocial.io Plugin <= 4.3.12 is vulnerable to Cross Site Scripting (XSS)

Software Social Share Buttons & Analytics Plugin – GetSocial.io Type Plugin Vulnerable versions = 4.3.12 Fixed in 4.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49189 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e59fc2241f6f Credits...

5.9CVSS6.5AI score0.00394EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.20 views

WordPress JetThemeCore Plugin <= 2.1.2.1 is vulnerable to Broken Access Control

Software JetThemeCore Type Plugin Vulnerable versions = 2.1.2.1 Fixed in 2.1.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48761 Patch priority Medium CVSS severity Medium 6.3 Developer Crocoblock PSID 81078e3aaad1 Credits Rafie Muhammad Patchstack...

6.3CVSS6.8AI score0.00268EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.20 views

WordPress JetTricks Plugin <= 1.4.6.1 is vulnerable to Broken Access Control

Software JetTricks Type Plugin Vulnerable versions = 1.4.6.1 Fixed in 1.4.6.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID 1a049ca5510e Credits Rafie Muhammad Patchstack...

9.8CVSS9.3AI score0.00445EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.20 views

WordPress JetElements For Elementor Plugin <= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software JetElements For Elementor Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.13.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48762 Patch priority Low CVSS severity Low 6.3 Developer Crocoblock PSID 1a0a78a4df65 Credits Rafie...

8.8CVSS8.6AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/11/27 12:0 a.m.20 views

WordPress Theme My Login 2FA Plugin < 1.2 is vulnerable to Bypass Vulnerability

Software Theme My Login 2FA Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2023-6272 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 8ec60bf22c2e Credits Joost Grunwald Required privilege...

9.8CVSS6.9AI score0.00892EPSS
Exploits2References2Affected Software1
Total number of security vulnerabilities5000