Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2023/11/24 12:0 a.m.20 views

WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure

Software Booster for WooCommerce Type Plugin Vulnerable versions = 7.1.1 Fixed in 7.1.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-48333 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b3744065c2d4 Credits Dave Jong...

6.5CVSS6.8AI score0.00593EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/11/21 12:0 a.m.20 views

WordPress Maspik – Spam blacklist Plugin <= 0.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Maspik – Spam blacklist Type Plugin Vulnerable versions = 0.9.2 Fixed in 0.9.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-48272 Patch priority High CVSS severity High 7.1 Developer Yonifre PSID 51f68067a7ba Credits Mika Required privile...

7.1CVSS5.9AI score0.00412EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/11/15 12:0 a.m.20 views

WordPress Elementor Addon Elements Plugin <= 1.12.7 is vulnerable to Broken Access Control

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.12.7 Fixed in 1.12.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4723 Patch priority Low CVSS severity Low 5.3 Developer WPVibes PSID e7f9c7b2043a Credits WordFence Required privileg...

5.3CVSS6.6AI score0.00927EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/11/07 12:0 a.m.20 views

WordPress Ninja Forms Plugin < 3.6.34 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions 3.6.34 Fixed in 3.6.34 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5530 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a9b2d204bb4c Credits Jonathan Zamora Required...

4.8CVSS6AI score0.0062EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/11/07 12:0 a.m.20 views

WordPress Cloud Templates & Patterns collection Plugin <= 1.2.2 is vulnerable to Sensitive Data Exposure

Software Cloud Templates & Patterns collection Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-47529 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

7.5CVSS6.5AI score0.00972EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2023/10/30 12:0 a.m.20 views

WordPress Superb slideshow gallery Plugin <= 13.1 is vulnerable to SQL Injection

Software Superb slideshow gallery Type Plugin Vulnerable versions = 13.1 Fixed in 13.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5434 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 2f0f3b992f7b Credits István Márton Required privilege Contributo...

8.8CVSS6.8AI score0.00797EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/10/26 12:0 a.m.20 views

WordPress ICS Calendar Plugin <= 10.12.0.3 is vulnerable to Arbitrary File Download

Software ICS Calendar Type Plugin Vulnerable versions = 10.12.0.3 Fixed in 10.12.0.4 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2023-46784 Patch priority Medium CVSS severity Medium 8.2 Developer Claim ownership PSID 662755066f6f Credits Muhammad Daffa Require...

8.2CVSS6.4AI score0.00499EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/10/26 12:0 a.m.20 views

WordPress News & Blog Designer Pack – WordPress Blog Plugin Plugin <= 3.4.1 is vulnerable to Remote Code Execution (RCE)

Software News & Blog Designer Pack – WordPress Blog Plugin Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-5815 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 968958ed229c Credits...

9.8CVSS7.1AI score0.04262EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/10/17 12:0 a.m.20 views

WordPress Tutor LMS Plugin < 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Tutor LMS Type Plugin Vulnerable versions 2.3.0 Fixed in 2.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4805 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 74daed2fad19 Credits emad-fazel Required...

5.4CVSS5.6AI score0.00403EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/10/16 12:0 a.m.20 views

WordPress WooCommerce Ninja Forms Product Add-ons Plugin <= 1.7.0 is vulnerable to Arbitrary File Upload

Software WooCommerce Ninja Forms Product Add-ons Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-5601 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2bbb91735283 Credits Alexander Concha...

9.8CVSS6.8AI score0.00877EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/10/13 12:0 a.m.20 views

WordPress is vulnerable to Cross Site Scripting (XSS)

Software WordPress Type WordPress Core Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-38000 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ac4da91c6db1 Credits Rafie Muhammad Patchstack Required...

6.5CVSS6.5AI score0.00788EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/10/12 12:0 a.m.20 views

WordPress ChatBot Plugin <= 4.8.9 is vulnerable to Path Traversal

Software ChatBot Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9.1 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5241 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 066f9b5875d8 Credits Marco Wotschka Required privilege Subscriber Published ...

9.6CVSS6.7AI score0.02066EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/10/03 12:0 a.m.20 views

WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure

Software WP Ultimate Exporter Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2487 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID b22ef0e23a4e Credits Jonas Höbenreic...

7.5CVSS6.5AI score0.00452EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/09/29 12:0 a.m.20 views

WordPress WP Site Protector Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Site Protector Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-44237 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8d18325c55eb Credits Nguyen Xuan Chien...

8.8CVSS6.6AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/09/25 12:0 a.m.20 views

WordPress BEAR Plugin <= 1.1.3.3 is vulnerable to Broken Access Control

Software BEAR Type Plugin Vulnerable versions = 1.1.3.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4938 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 611080b0d2da Credits Marco Wotschka Required privilege...

4.3CVSS6.8AI score0.00431EPSS
Exploits0References6Affected Software1
Patchstack
Patchstack
added 2023/09/19 12:0 a.m.20 views

WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Plugin <= 6.15.13.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Type Plugin Vulnerable versions = 6.15.13.1 Fixed in 6.15.15.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4975 Patch priority Low CVSS severity Low 4.3 Developer...

4.3CVSS7AI score0.0028EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/09/14 12:0 a.m.20 views

WordPress Essential Blocks for Gutenberg Plugin <= 4.2.0 is vulnerable to PHP Object Injection

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4402 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 12450c59ad4b Credits Marco Wotschka Required...

9.8CVSS7.2AI score0.0134EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.20 views

WordPress FileOrganizer Plugin <= 1.0.2 is vulnerable to Arbitrary File Download

Software FileOrganizer Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Download CVE CVE-2023-3664 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 1dc652566f23 Credits Dmitrii Required privilege...

7.2CVSS6.9AI score0.00628EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.20 views

WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Social Login Type Plugin Vulnerable versions = 3.0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4773 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7be568b5c18c Credits Lana Codes Required...

6.4CVSS6AI score0.00359EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/08/29 12:0 a.m.20 views

WordPress Slimstat Analytics Plugin <= 5.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4597 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5f7946c39456 Credits István Márton Requir...

6.4CVSS5.7AI score0.00576EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/08/16 12:0 a.m.20 views

WordPress Accordion and Accordion Slider Plugin <= 1.2.4 is vulnerable to Broken Access Control

Software Accordion and Accordion Slider Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6640940bf9c1 Credits Abdi Pranata...

5.8AI score0.00188EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/08/09 12:0 a.m.20 views

WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF)

Software Header Footer Code Manager Type Plugin Vulnerable versions = 1.1.34 Fixed in 1.1.35 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39989 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5536fb0cce4a Credits Rafie...

8.8CVSS6.8AI score0.00221EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/08/09 12:0 a.m.20 views

WordPress Theme Demo Import Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload

Software Theme Demo Import Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-28170 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 5560e6fed5b7 Credits deokhunKim Required privilege Administrat...

9.1CVSS6.9AI score0.00627EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/08/09 12:0 a.m.20 views

WordPress Canto Plugin <= 3.0.4 is vulnerable to Remote File Inclusion

Software Canto Type Plugin Vulnerable versions = 3.0.4 Fixed in 3.0.5 OWASP Top 10 A1: Injection Classification Remote File Inclusion CVE CVE-2023-3452 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID aabfee448799 Credits Marco Wotschka Required privilege Unauthenticated...

9.8CVSS6.7AI score0.0562EPSS
Exploits7References3Affected Software1
Patchstack
Patchstack
added 2023/08/03 12:0 a.m.20 views

WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Remote Code Execution (RCE)

Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4142 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID a395389d1982 Credits István Márton Required...

8.8CVSS7.2AI score0.01239EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/27 12:0 a.m.20 views

WordPress WPCode Plugin < 2.0.13.1 is vulnerable to Cross Site Scripting (XSS)

Software WPCode Type Plugin Vulnerable versions 2.0.13.1 Fixed in 2.0.13.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3524 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef32523fa659 Credits Erwan LR WPScan Require...

6.1CVSS5.9AI score0.00452EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/07/27 12:0 a.m.20 views

WordPress Quiz And Survey Master Plugin < 8.1.11 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions 8.1.11 Fixed in 8.1.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9853dd82cef9 Credits Andreas Damen...

5.4CVSS5.7AI score0.00469EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.20 views

WordPress WP News and Scrolling Widgets Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software WP News and Scrolling Widgets Type Plugin Vulnerable versions = 3.3.4 Fixed in 4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c0214c70fb9b Credits Rafie Muhammad Patchstac...

6.1AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.20 views

WordPress WP Shopping Pages Plugin <= 1.14 is vulnerable to Cross Site Scripting (XSS)

Software WP Shopping Pages Type Plugin Vulnerable versions = 1.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3492 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 898c5bf8d8e1 Credits Katharina Altmann...

6.8CVSS5.6AI score0.00327EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/07/10 12:0 a.m.20 views

WordPress Buy Me a Coffee Plugin <= 3.7 is vulnerable to Broken Access Control

Software Buy Me a Coffee Type Plugin Vulnerable versions = 3.7 Fixed in 3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2078 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4f9e072d5272 Credits Lana Codes Required privilege...

7.3CVSS6.5AI score0.0045EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/07/04 12:0 a.m.20 views

WordPress Post SMTP Plugin < 2.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post SMTP Type Plugin Vulnerable versions 2.5.7 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3179 Patch priority Low CVSS severity Low 8.8 Developer WPExperts PSID a42127c2ce5a Credits Erwan LR WPScan Required privilege...

8.8CVSS6.5AI score0.00321EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/07/04 12:0 a.m.20 views

WordPress Post SMTP Plugin < 2.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post SMTP Type Plugin Vulnerable versions 2.5.7 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3178 Patch priority Low CVSS severity Low 5.4 Developer WPExperts PSID 120e0e7d693e Credits Erwan LR WPScan Required privilege...

4.3CVSS6.6AI score0.00232EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/06/28 12:0 a.m.20 views

WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.6.4 is vulnerable to Broken Authentication

Software WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Type Plugin Vulnerable versions = 7.6.4 Fixed in 7.6.5 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2982 Patch priority High CVSS severity High 9.8 Developer Claim ownership...

9.8CVSS6.5AI score0.46947EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2023/06/28 12:0 a.m.20 views

WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software WCP OpenWeather Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25471 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 90acb7d8d993 Credits Nguyen Xuan Chien...

7.1CVSS5.7AI score0.0042EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.20 views

WordPress Event Manager for WooCommerce Plugin <= 3.9.5 is vulnerable to Cross Site Scripting (XSS)

Software Event Manager for WooCommerce Type Plugin Vulnerable versions = 3.9.5 Fixed in 3.9.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-36383 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8cd145419482 Credits emad...

5.9CVSS5.8AI score0.00286EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.20 views

WordPress Simple Iframe Plugin < 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Simple Iframe Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2964 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0a6a1d288d08 Credits Jihoon Lee Required...

5.4CVSS5.6AI score0.00452EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/06/20 12:0 a.m.20 views

WordPress Complianz – GDPR/CCPA Cookie Consent Plugin <= 6.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Complianz – GDPR/CCPA Cookie Consent Type Plugin Vulnerable versions = 6.4.5 Fixed in 6.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a135bb16d42c Credit...

8.8CVSS8.7AI score0.00338EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/06/19 12:0 a.m.20 views

WordPress ChatBot Plugin < 4.5.6 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions 4.5.6 Fixed in 4.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2811 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID eb7005b63455 Credits NGO VAN TU Required privilege...

4.8CVSS5.7AI score0.00442EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/05/22 12:0 a.m.20 views

WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to SQL Injection

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-31212 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID e8d727f37fdc Credits Rafie Muhammad Patchstack Required privilege...

9.8CVSS7.2AI score0.0075EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/15 12:0 a.m.20 views

WordPress Bit Form – Contact Form Plugin Plugin < 1.9 is vulnerable to Remote Code Execution (RCE)

Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions 1.9 Fixed in 1.9 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2022-4774 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4efef0b2be54 Credits Felipe Restrepo Rodríguez...

9.8CVSS7.2AI score0.01785EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/05/11 12:0 a.m.20 views

WordPress WoodMart Theme <= 7.2.1 is vulnerable to Broken Access Control

Software WoodMart Type Theme Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32240 Patch priority Medium CVSS severity Medium 5.4 Developer Xtemos PSID b409a147912c Credits Dave Jong Patchstack Required privilege...

6.3AI score0.00272EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/10 12:0 a.m.20 views

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.3.6 Fixed in 2.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32516 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...

7.1CVSS5.6AI score0.00385EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/04/25 12:0 a.m.20 views

WordPress Mega Addons For WPBakery Page Builder Plugin <= 4.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Mega Addons For WPBakery Page Builder Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0268 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f4952c1a005f...

5.4CVSS5.9AI score0.00444EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/04/06 12:0 a.m.20 views

WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.5.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions = 6.5.13 Fixed in 6.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4938 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 825435f567d9...

8.8CVSS7AI score0.00248EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/03/16 12:0 a.m.20 views

WordPress Brands for WooCommerce Plugin <= 3.7.0.5 is vulnerable to Broken Access Control

Software Brands for WooCommerce Type Plugin Vulnerable versions = 3.7.0.5 Fixed in 3.7.0.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9f2b0dfb0d37 Credits István Márton...

5.9AI score0.00227EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/06 12:0 a.m.20 views

WordPress Watu Quiz Plugin <= 3.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Watu Quiz Type Plugin Vulnerable versions = 3.3.9 Fixed in 3.3.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0968 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID f8e4b6a3eab0 Credits Marco Wotschka Required...

6.1CVSS5.6AI score0.01252EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/03/06 12:0 a.m.20 views

WordPress Shortcodes Ultimate Plugin < 5.12.8 is vulnerable to Sensitive Data Exposure

Software Shortcodes Ultimate Type Plugin Vulnerable versions 5.12.8 Fixed in 5.12.8 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0911 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 466e8901614e Credits Erwan LR WPScan Requir...

6.5CVSS6.5AI score0.00654EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/03/03 12:0 a.m.20 views

WordPress Custom Content Shortcode Plugin <= 4.0.2 is vulnerable to Local File Inclusion

Software Custom Content Shortcode Type Plugin Vulnerable versions = 4.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0340 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 54e338b50ba0 Credits Erwan LR WPScan Required...

8.8CVSS7.2AI score0.01047EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2023/02/27 12:0 a.m.20 views

WordPress All In One SEO Pack Plugin <= 4.2.9 is vulnerable to Cross Site Scripting (XSS)

Software All In One SEO Pack Type Plugin Vulnerable versions = 4.2.9 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0585 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 21a22db087a8 Credits WordFence Required...

4.8CVSS6AI score0.00776EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/02/20 12:0 a.m.20 views

WordPress Publish to Schedule Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Publish to Schedule Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.5.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25994 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 196402e1491d Credits Rio Darmawan...

8.8CVSS7AI score0.00306EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000