Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
•added 2022/09/05 12:0 a.m.•20 views

WordPress Post SMTP Mailer/Email Log plugin <= 2.1.6 - Authenticated Blind Server-Side Request Forgery (SSRF) vulnerability

Authenticated Blind Server-Side Request Forgery SSRF vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Post SMTP Mailer/Email Log plugin versions = 2.1.6. Solution Update the WordPress Post SMTP Mailer/Email Log plugin to the latest available version at least 2.1.7...

7.2CVSS1.3AI score0.01028EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/09/01 12:0 a.m.•20 views

WordPress WHA Crossword plugin <= 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress WHA Crossword plugin versions = 1.1.10. Solution Deactivate and delete. No reply from the vendor...

5.4CVSS2.7AI score0.00421EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/09/01 12:0 a.m.•20 views

WordPress WHA Crossword plugin <= 1.1.10 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Vlad Vector Patchstack in the WordPress WHA Crossword plugin versions = 1.1.10. Solution Deactivate and delete. No reply from the vendor...

5.4CVSS2.4AI score0.00568EPSS
Exploits1Affected Software1
Patchstack
Patchstack
•added 2022/08/29 12:0 a.m.•20 views

WordPress Zephyr Project Manager plugin <= 3.2.42 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities

Multiple Unauthenticated SQL Injection SQLi vulnerabilities were discovered by Rizacan Tufan in the WordPress Zephyr Project Manager plugin versions = 3.2.42. Solution Update the WordPress Zephyr Project Manager plugin to the latest available version at least 3.2.5...

9.8CVSS2.9AI score0.09675EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
•added 2022/08/29 12:0 a.m.•20 views

WordPress WP Users Exporter plugin <= 1.4.2 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Zhouyuan Yang in WordPress WP Users Exporter plugin versions = 1.4.2. Solution Deactivate and delete. This plugin has been closed as of January 8, 2020 and is not available for download. Reason: Security Issue...

8.8CVSS2.9AI score0.01053EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2022/08/26 12:0 a.m.•20 views

WordPress Better Delete Revision plugin <= 1.6.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Lana Codes Patchstack Alliance in WordPress Better Delete Revision plugin versions = 1.6.1. Solution Deactivate and delete. This plugin has been closed as of August 26, 2022 and is not available for download. This closur...

4.8CVSS2.6AI score0.00437EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/08/25 12:0 a.m.•20 views

WordPress Launcher: Coming Soon & Maintenance Mode plugin <= 1.0.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Launcher: Coming Soon & Maintenance Mode plugin versions = 1.0.11. Solution No patched version is available. Ignored by the vendor...

4.8CVSS3.6AI score0.00457EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/08/17 12:0 a.m.•20 views

WordPress Autoptimize Plugin <= 3.1.0 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Raad Haddad in Autoptimize versions = 3.1.0 Solution Update the WordPress Autoptimize plugin to the latest available version at least 3.1.1...

4.8CVSS1.8AI score0.00511EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2022/08/10 12:0 a.m.•20 views

WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Gallery PhotoBlocks plugin versions = 1.2.6. Solution Deactivate and delete. This plugin has been closed as of August 10, 2022 and is not available for...

5.4CVSS1.6AI score0.00488EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/08/08 12:0 a.m.•20 views

WordPress Export All URLs plugin <= 4.3 - Authenticated Arbitrary System File Removal vulnerability

Authenticated Arbitrary System File Removal vulnerability discovered by Raad Haddad in WordPress Export All URLs plugin versions = 4.3. Solution Update the WordPress Export All URLs plugin to the latest available version at least 4.4...

6.5CVSS2AI score0.00952EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2022/08/04 12:0 a.m.•21 views

WordPress Duplicator plugin <= 1.4.7 - Unauthenticated System Information Disclosure vulnerability

Unauthenticated System Information Disclosure vulnerability discovered by Ihsan Sencan in WordPress Duplicator plugin versions = 1.4.7. Solution Update the WordPress Duplicator plugin to the latest available version at least 1.4.7.1...

5.3CVSS2.4AI score0.08415EPSS
Exploits5References2Affected Software1
Patchstack
Patchstack
•added 2022/08/01 12:0 a.m.•20 views

WordPress LinkWorth plugin <= 3.3.3 - Arbitrary Setting Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Setting Update via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress LinkWorth plugin versions = 3.3.3. Solution Update the WordPress LinkWorth plugin plugin to the latest available version at least 3.3.4...

4.3CVSS4.3AI score0.00317EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/08/01 12:0 a.m.•20 views

WordPress WP phpMyAdmin plugin <= 5.2.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress WP phpMyAdmin plugin versions = 5.2.0.3. Solution Update the WordPress WP phpMyAdmin plugin to the latest available version at least 5.2.0.4...

4.8CVSS1.2AI score0.00642EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/08/01 12:0 a.m.•20 views

WordPress Simple SEO plugin <= 1.7.91 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Jorgson in WordPress Simple SEO plugin versions = 1.7.91. Solution Update the WordPress Simple SEO plugin to the latest available version at least 1.7.92...

6.4CVSS1.9AI score0.00477EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2022/07/26 12:0 a.m.•20 views

WordPress Feed Them Social plugin <= 2.9.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Feed Them Social plugin versions = 2.9.9. Solution Update the WordPress Feed Them Social plugin to the latest available version at least 3.0.1...

6.1CVSS2.4AI score0.00634EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/07/19 12:0 a.m.•20 views

WordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities

Multiple Authenticated SQL Injection SQLi vulnerabilities were discovered by Lenon Leite Patchstack Alliance in the WordPress Homepage Product Organizer for WooCommerce plugin versions = 1.1. Solution No patched version is available. We were unable to contact the vendor...

9.1CVSS2.7AI score0.00713EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/07/18 12:0 a.m.•20 views

WordPress Crowdsignal Polls & Ratings plugin <= 3.0.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu SuJrXnm of WuHan University in WordPress Crowdsignal Polls & Ratings plugin versions = 3.0.7. Solution Update the WordPress Polldaddy Polls & Ratings plugin to the latest available version at least 3.0.8...

6.1CVSS3AI score0.0051EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/07/18 12:0 a.m.•20 views

WordPress mTouch Quiz plugin <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress mTouch Quiz plugin versions = 3.1.3. Solution Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for download. This...

4.8CVSS1.2AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/07/07 12:0 a.m.•20 views

WordPress Invitation Based Registrations plugin <= 2.2.84 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by FengTao in WordPress Invitation Based Registrations plugin versions = 2.2.84. Solution Deactivate and delete. This plugin has been closed as of June 27, 2022 and is not available for download. This closure is temporary,...

4.8CVSS2.5AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/07/07 12:0 a.m.•20 views

WordPress Copyright Proof plugin <= 4.16 - Reflected Cross-Site-Scripting (XSS) vulnerability

Reflected Cross-Site-Scripting XSS vulnerability discovered by cydave in WordPress Copyright Proof plugin versions = 4.16 Solution Deactivate and delete. This plugin has been closed as of June 14, 2022 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3AI score0.00922EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/07/07 12:0 a.m.•20 views

WordPress Progressive License plugin <= 1.1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Daniel Ruf in WordPress Progressive License plugin versions = 1.1.0. Solution Deactivate and delete. This plugin has been closed as of June 22, 2022 and is not available for download. This closu...

5.4CVSS1.4AI score0.00256EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2022/06/20 12:0 a.m.•20 views

WordPress WP Duplicate Page plugin <= 1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sachin Bahl eSec Forte Technologies Pvt Ltd in WordPress WP Duplicate Page plugin versions = 1.2. Solution Update the WordPress WP Duplicate Page plugin to the latest available version at least 1.3...

4.8CVSS1.8AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/06/16 12:0 a.m.•20 views

WordPress Button Widget Smartsoft plugin <= 1.0.1 - Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability to Cross-Site Scripting XSS was discovered by Ryo Onodera Cryptography Laboratory Tokyo Denki University in the WordPress Button Widget Smartsoft plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of June 8, 2022 a...

8.8CVSS1.8AI score0.00503EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2022/06/14 12:0 a.m.•20 views

WordPress Custom Popup Builder plugin <= 1.3.1 - Improper Access Control vulnerability leading to multiple Authenticated Stored XSS

Improper Access Control vulnerability leading to multiple Authenticated Stored XSS discovered by Ngo Van Thien Patchstack Alliance in WordPress Custom Popup Builder plugin versions = 1.3.1. Solution Deactivate and delete. This plugin has been closed as of May 26, 2022 and is not available for...

5.4CVSS1.5AI score0.0046EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/06/08 12:0 a.m.•20 views

WordPress Copify plugin <= 1.3.0 - Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability to Cross-Site Scripting XSS was discovered by Yuki Hoshi Cryptography Laboratory in Tokyo Denki University in the WordPress Copify plugin versions = 1.3.0 Solution Deactivate and delete. This plugin has been closed as of May 27, 2022 and is not...

8.8CVSS1.5AI score0.00573EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2022/06/06 12:0 a.m.•20 views

WordPress WordPress Security plugin <= 4.2.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Niraj Mahajan in WordPress WordPress Security plugin versions = 4.2.0. Solution Update the WordPress WordPress Security plugin to the latest available version at least 4.2.1...

4.8CVSS1.6AI score0.00548EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/06/06 12:0 a.m.•20 views

WordPress miniOrange's Malware Scanner plugin <= 4.5.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Niraj Mahajan in WordPress miniOrange's Malware Scanner plugin versions = 4.5.1. Solution Update the WordPress Malware Scanner plugin to the latest available version at least 4.5.2...

4.8CVSS2.4AI score0.00548EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/06/02 12:0 a.m.•20 views

WordPress Flower Delivery by Florist One plugin <= 3.5.15 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Flower Delivery by Florist One plugin versions = 3.5.15. Solution No fixed version is available...

4.8CVSS3.6AI score0.00552EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/06/01 12:0 a.m.•20 views

WordPress New User Approve plugin <= 2.3 - Arbitrary Settings Update & Invitation Code Creation via CSRF vulnerability

Arbitrary Settings Update & Invitation Code Creation via CSRF vulnerability discovered by Daniel Ruf in WordPress New User Approve plugin versions = 2.3. Solution Update the WordPress New User Approve plugin to the latest available version at least 2.4...

4.3CVSS4.2AI score0.00367EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
•added 2022/05/31 12:0 a.m.•20 views

WordPress OpenBook Book Data plugin <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability

Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress OpenBook Book Data plugin versions = 3.5.2. Solution Deactivate and delete. This plugin has been closed as of May 24, 2022 and is not available for download. This closure is temporary, pending a...

4.3CVSS2.8AI score0.00412EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/05/26 12:0 a.m.•20 views

WordPress underConstruction plugin <= 1.20 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress underConstruction plugin versions = 1.20. Solution Update the WordPress underConstruction plugin to the latest available version at least 1.21...

4.8CVSS2.8AI score0.00552EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/23 12:0 a.m.•20 views

WordPress RB Internal Links plugin <= 2.0.16 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress RB Internal Links plugin versions = 2.0.16. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure is...

5.4CVSS2.3AI score0.00292EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/23 12:0 a.m.•20 views

WordPress Quick Subscribe plugin <= 1.7.1 - Arbitrary Settings Update via CSRF leading to Stored XSS vulnerability

Arbitrary Settings Update via CSRF to Stored XSS vulnerability discovered by Daniel Ruf in WordPress Quick Subscribe plugin versions = 1.7.1. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary, pending a full...

5.4CVSS2.8AI score0.00292EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/23 12:0 a.m.•20 views

WordPress Newsletter plugin <= 7.4.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Phyo Win Shein in WordPress Newsletter plugin versions = 7.4.4. Solution Update the WordPress Newsletter plugin to the latest available version at least 7.4.5...

6.1CVSS1.8AI score0.01785EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/23 12:0 a.m.•20 views

WordPress Sideblog plugin <= 6.0 - Arbitrary Settings Update via CSRF to Stored XSS

Arbitrary Settings Update via CSRF to Stored XSS discovered by Daniel Ruf in WordPress Sideblog plugin versions = 6.0. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary, pending a full review...

5.4CVSS4.2AI score0.00292EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/18 12:0 a.m.•20 views

WordPress JupiterX premium theme <= 2.0.6 - Insufficient Access Control leading to Authenticated Arbitrary Plugin Deactivation and Settings Modification

Insufficient Access Control leading to Authenticated Arbitrary Plugin Deactivation and Settings Modification discovered by Ramuel Gall Wordfence in WordPress JupiterX premium theme versions = 2.0.6. Solution Update the WordPress JupiterX premium theme to the latest available version at least 2.0....

5.5CVSS4.1AI score0.00513EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2022/05/17 12:0 a.m.•20 views

WordPress iQ Block Country plugin <= 1.2.18 - Protection Bypass due to IP Spoofing vulnerability

Protection Bypass due to IP Spoofing vulnerability discovered by Daniel Ruf in WordPress iQ Block Country plugin versions = 1.2.18. Solution Deactivate and delete. This plugin has been closed as of April 20, 2022 and is not available for download. This closure is temporary, pending a full review...

7.5CVSS2.7AI score0.01191EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/17 12:0 a.m.•20 views

WordPress RSVPMaker plugin <= 9.3.2 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability was discovered by Muhammad Zeeshan Xib3rR4dAr in the WordPress RSVPMaker plugin versions = 9.3.2. Solution Update the WordPress RSVPMaker plugin to the latest available version at least 9.3.3...

9.8CVSS3AI score0.12003EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
•added 2022/05/17 12:0 a.m.•20 views

WordPress WP Athletics plugin <= 1.1.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Wejdan Alomari in WordPress WP Athletics plugin versions = 1.1.7. Solution Deactivate and delete. This plugin has been closed as of April 28, 2022 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3.1AI score0.00757EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/16 12:0 a.m.•20 views

WordPress Discy premium theme < 5.2 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Bibek Neupane in WordPress Discy premium theme versions 5.2. Solution Update the WordPress Discy premium theme to the latest available version at least 5.2...

4.3CVSS4.1AI score0.01244EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/12 12:0 a.m.•20 views

WordPress amtyThumb plugin <= 4.2.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer Fraunhofer IESE, Germany and Shi Chen University of Kaiserslautern, Germany in the WordPress amtyThumb plugin versions = 4.2.0. Solution Deactivate and delete. This plugin has been closed as of May 12, 2022 and is not...

8.8CVSS2.3AI score0.0151EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/09 12:0 a.m.•20 views

WordPress hpb Dashboard plugin <= 1.3.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress hpb Dashboard plugin versions = 1.3.1. Solution Deactivate and delete. This plugin has been closed as of April 29, 2022 and is not available for download. This closu...

4.8CVSS1AI score0.00565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/06 12:0 a.m.•20 views

WordPress WP 2FA plugin <= 2.2.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Utkarsh Agrawal in WordPress WP 2FA plugin versions = 2.2.0. Solution Update the WordPress WP 2FA plugin to the latest available version at least 2.2.1...

6.1CVSS1.5AI score0.00815EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/05/04 12:0 a.m.•20 views

WordPress WP Slider Plugin <= 1.4.5 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability was discovered by Ngo Van Thien Patchstack Alliance in WordPress WP Slider Plugin versions = 1.4.5. Solution No patched version is available. No reply from the vendor...

4.8CVSS2.4AI score0.00489EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/04/26 12:0 a.m.•20 views

WordPress Tripetto plugin <= 5.1.4 - Unauthenticated Cross-Site Scripting (XSS) vulnerability via SVG image upload

Unauthenticated Cross-Site Scripting XSS vulnerability via SVG image upload discovered by Ngo Van Thien Patchstack Alliance in WordPress Tripetto plugin versions = 5.1.4. Solution Update the WordPress Tripetto plugin to the latest available version at least 5.2.0...

6.1CVSS3.4AI score0.00713EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/04/15 12:0 a.m.•20 views

WordPress MicroPayments plugin <= 1.9.5 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Kosuke Sakai in WordPress MicroPayments plugin versions = 1.9.5. Solution Update the WordPress MicroPayments plugin to the latest available version at least 1.9.6...

8.8CVSS4.5AI score0.00791EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
•added 2022/04/12 12:0 a.m.•20 views

WordPress CalderaWP License Manager plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Reflected Cross-Site Scripting XSS discovered by mirphak Patchstack Alliance in WordPress CalderaWP License Manager plugin versions = 1.2.11. Solution Deactivate and delete. The plugin is closed and no more maintained...

6.1CVSS2.8AI score0.0049EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/04/11 12:0 a.m.•20 views

WordPress eRoom plugin <= 1.3.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cache Deletion

Cross-Site Request Forgery CSRF vulnerability leading to Cache Deletion discovered by Ex.Mi Patchstack in WordPress eRoom plugin versions = 1.3.8. Solution Update the WordPress eRoom plugin to the latest available version at least 1.3.9...

4.3CVSS3.4AI score0.00432EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/04/07 12:0 a.m.•20 views

WordPress Visual Form Builder plugin <= 3.0.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Visual Form Builder plugin versions = 3.0.6. Solution Update the WordPress Visual Form Builder plugin to the latest available version at least 3.0.7...

4.8CVSS2.1AI score0.00577EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/04/07 12:0 a.m.•20 views

WordPress SiteGround Security plugin <= 1.2.5 - Authentication Bypass via 2-Factor Authentication Setup vulnerability

Authentication Bypass via 2-Factor Authentication Setup vulnerability discovered by Chloe Chamberland Wordfence in WordPress SiteGround Security plugin versions = 1.2.5. Solution Update the WordPress SiteGround Security plugin to the latest available version at least 1.2.6...

9.8CVSS4.1AI score0.02878EPSS
Exploits3References3Affected Software1
Total number of security vulnerabilities5000