Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2022/04/07 12:0 a.m.20 views

WordPress Plausible Analytics plugin <= 1.2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera Patchstack Alliance in WordPress Plausible Analytics plugin versions = 1.2.2. Solution Update the WordPress Plausible Analytics plugin to the latest available version at least 1.2.3...

4.8CVSS3.1AI score0.00821EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/06 12:0 a.m.20 views

WordPress Events Shortcodes For The Events Calendar plugin <= 1.9 - Arbitrary Plugin Installation vulnerability

Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Events Shortcodes For The Events Calendar plugin versions = 1.9. Solution Update the WordPress Events Shortcodes For The Events Calendar plugin to the latest available version at least 2.0...

2.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/03/28 12:0 a.m.20 views

WordPress Good & Bad Comments plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Vaibhav Nitin Gaikwad in WordPress Good & Bad Comments plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of March 25, 2022 and is not available for download. This closure is temporary, pending a full...

4.8CVSS2.1AI score0.00577EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/28 12:0 a.m.20 views

WordPress Text Hover plugin <= 4.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Rohan Chaudhari in WordPress Text Hover plugin versions = 4.1. Solution Update the WordPress Text Hover plugin to the latest available version at least 4.2...

4.8CVSS1.1AI score0.00788EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/21 12:0 a.m.20 views

WordPress Favicon by RealFaviconGenerator plugin <= 1.3.22 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Favicon by RealFaviconGenerator plugin version = 1.3.22. Solution Update the WordPress Favicon by RealFaviconGenerator plugin to the latest available version at least 1.3.23...

6.1CVSS2.3AI score0.00863EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/14 12:0 a.m.20 views

WordPress Amelia plugin <= 1.0.47 - SMS Service Abuse and Sensitive Data Disclosure vulnerability

SMS Service Abuse and Sensitive Data Disclosure vulnerability discovered by Huli Cymetrics in WordPress Amelia plugin versions = 1.0.47. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.48...

5.5CVSS3.3AI score0.00609EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/14 12:0 a.m.20 views

WordPress Mark Posts plugin <= 2.0.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Mark Posts plugin versions = 2.0.0. Solution Update the WordPress Mark Posts plugin to the latest available version at least 2.0.1...

4.8CVSS1.9AI score0.00644EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/07 12:0 a.m.20 views

WordPress Menu Image, Icons made easy plugin <= 3.0.7 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Menu Image, Icons made easy plugin versions = 3.0.7. Solution Update the WordPress Menu Image, Icons made easy plugin to the latest available version at least 3.0.8...

5.4CVSS2.1AI score0.00595EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.20 views

WordPress Contact Form 7 Multi-Step Forms plugin < 4.1.91 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Contact Form 7 Multi-Step Forms plugin versions 4.1.91. Solution Update the WordPress Contact Form 7 Multi-Step Forms plugin to the latest available version at least 4.1.91...

2.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.20 views

WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin < 1.4.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin versions 1.4.2. Solution Update the WordPress Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin to the latest available version at...

3.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.20 views

WordPress Premmerce Permalink Manager for WooCommerce plugin <= 2.3.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Premmerce Permalink Manager for WooCommerce plugin versions = 2.3.4. Solution Update the WordPress Premmerce Permalink Manager for WooCommerce plugin to the latest available version at least 2.3.5...

2.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.20 views

WordPress "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)" plugin < 1.5.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress "Unlimited Elements For Elementor Free Widgets, Addons, Templates" plugin versions 1.5.3. Solution Update the WordPress "Unlimited Elements For Elementor Free Widgets, Addons, Templates" plugin to the latest available version ...

2.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.20 views

WordPress WordApp Mobile App Plugin – Convert your WordPress Site to a Mobile App plugin <= 2.0.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WordApp Mobile App Plugin – Convert your WordPress Site to a Mobile App plugin versions = 2.0.3. Solution No patched version available...

2.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.20 views

WordPress Impexium Single Sign On plugin <= 1.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Impexium Single Sign On plugin versions = 1.1. Solution No patched version available...

2.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.20 views

WordPress "Really Simple Featured Video – Featured video support for Posts, Pages & WooCommerce Products" plugin <= 0.5.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress "Really Simple Featured Video – Featured video support for Posts, Pages & WooCommerce Products" plugin versions = 0.5.1. Solution Update the WordPress Really Simple Featured Video – Featured video support for Posts, Pages &...

2.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.20 views

WordPress RSS Control plugin < 2.0.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress RSS Control plugin versions 2.0.8. Solution Update the WordPress RSS Control plugin to the latest available version at least 2.0.8...

4.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.20 views

WordPress Product Size Charts Plugin for WooCommerce plugin <= 2.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Product Size Charts Plugin for WooCommerce plugin versions = 2.2.2. Solution Update the WordPress Product Size Charts Plugin for WooCommerce plugin to the latest available version at least 2.2.3...

4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.20 views

WordPress Smart Protect plugin <= 1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Smart Protect plugin versions = 1.1. Solution No patched version available...

4.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.20 views

WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.0.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin versions = 1.0.7. Solution Update the WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin to the latest available version at leas...

4.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/21 12:0 a.m.20 views

WordPress Patreon WordPress plugin <= 1.8.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress Patreon WordPress plugin versions = 1.8.1. Solution Update the WordPress Patreon WordPress plugin to the latest available version at least 1.8.2...

5.5CVSS1.6AI score0.00689EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/17 12:0 a.m.20 views

WordPress Simple Quotation plugin <= 1.3.2 - Quote Creation/Edition via CSRF vulnerability leading to Stored Cross-Site Scripting (XSS)

Quote Creation/Edition via CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Abhishek Bhoir in WordPress Simple Quotation plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of January 7, 2022 and is not available for download. This...

6.1CVSS2.7AI score0.00788EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/17 12:0 a.m.20 views

WordPress ARI Fancy Lightbox plugin <= 1.3.8 - Reflected Cross-Site Scripting (XSS) vulnerabilities

Reflected Cross-Site Scripting XSS vulnerabilities discovered by Krzysztof Zając in WordPress ARI Fancy Lightbox plugin versions = 1.3.8. Solution Update the WordPress ARI Fancy Lightbox plugin to the latest available version at least 1.3.9...

6.1CVSS1.8AI score0.00863EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/16 12:0 a.m.20 views

WordPress WP Voting Contest plugin <= 2.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Brandon James Roldan in WordPress WP Voting Contest plugin versions = 2.1. Solution Update the WordPress WP Voting Contest plugin to the latest available version at least 3.0...

6.1CVSS2.3AI score0.00783EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/16 12:0 a.m.20 views

WordPress Powerkit plugin <= 2.5.8 - Post Views Settings Update/Reset via Cross-Site Request Forgery (CSRF) vulnerability

Post Views Settings Update/Reset via Cross-Site Request Forgery CSRF vulnerability discovered by Jan w Oleju in WordPress Powerkit plugin versions = 2.5.8. Solution Update the WordPress Powerkit plugin to the latest available version at least 2.5.9...

4.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/02 12:0 a.m.20 views

WordPress CP Blocks plugin <= 1.0.14 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Shweta Mahajan in WordPress CP Blocks plugin versions = 1.0.14. Solution Update the WordPress CP Blocks plugin to the latest available version at least 1.0.15...

4.8CVSS1.8AI score0.0575EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2022/01/31 12:0 a.m.20 views

WordPress WS Form Pro premium plugin <= 1.8.175 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez in WordPress WS Form Pro premium plugin versions = 1.8.175. Solution Update the WordPress WS Form Pro premium plugin to the latest available version at least 1.8.176...

6.1CVSS1.9AI score0.02196EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/01/25 12:0 a.m.20 views

WordPress AP Custom Testimonial plugin <= 1.4.7 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Rafael Castilho in WordPress AP Custom Testimonial plugin versions = 1.4.7. Solution Update the WordPress AP Custom Testimonial plugin to the latest available version at least 1.4.8...

7.2CVSS3.6AI score0.01445EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/24 12:0 a.m.20 views

WordPress Duplicate Page or Post plugin <= 1.5.0 - Arbitrary Settings Update leading to Stored Cross-Site Scripting (XSS) vulnerability

Arbitrary Settings Update leading to Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Duplicate Page or Post plugin versions = 1.5.0. Solution Update the WordPress Duplicate Page or Post plugin to the latest available version at least 1.5.1...

3.5CVSS2.3AI score0.01582EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/17 12:0 a.m.20 views

WordPress CMP – Coming Soon & Maintenance plugin <= 4.0.18 - Unauthenticated Arbitrary CSS Update vulnerability

Unauthenticated Arbitrary CSS Update vulnerability discovered by Krzysztof Zając in WordPress CMP – Coming Soon & Maintenance plugin versions = 4.0.18. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version at least 4.0.19...

5.3CVSS3.4AI score0.02375EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/17 12:0 a.m.20 views

WordPress Noptin plugin <= 1.6.4 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Trang LKB in WordPress Noptin plugin versions = 1.6.4. Solution Update the WordPress Noptin plugin to the latest available version at least 1.6.5...

6.1CVSS2.8AI score0.02682EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/05 12:0 a.m.20 views

WordPress SupportCandy plugin <= 2.2.6 - Arbitrary Ticket Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Ticket Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Brandon Roldan in WordPress SupportCandy plugin versions = 2.2.6. Solution Update the WordPress SupportCandy plugin to the latest available version at least 2.2.7...

6.5CVSS4.1AI score0.00531EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/27 12:0 a.m.20 views

WordPress AF Companion plugin <= 1.1.2 - Arbitrary Plugin Installation and Activation via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Plugin Installation and Activation via Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress AF Companion plugin versions = 1.1.2. Solution Update the WordPress AF Companion plugin to the latest available version at least 1.2.0...

4.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/12/27 12:0 a.m.20 views

WordPress WebP Converter for Media plugin <= 4.0.2 - Unauthenticated Open redirect vulnerability

Unauthenticated Open redirect vulnerability discovered by Krzysztof Zając in WordPress WebP Converter for Media plugin versions = 4.0.2. Solution Update the WordPress WebP Converter for Media plugin to the latest available version at least 4.0.3...

6.1CVSS3.6AI score0.02505EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/24 12:0 a.m.20 views

WordPress Opstore theme <= 1.4.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Opstore theme versions = 1.4.3. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...

8.8CVSS2.6AI score0.01652EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/24 12:0 a.m.20 views

WordPress Brovy theme <= 1.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Brovy theme versions = 1.3. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores the...

8.8CVSS2.5AI score0.01652EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/23 12:0 a.m.20 views

WordPress PHP Everywhere plugin <= 2.0.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Rasi Afeef in WordPress PHP Everywhere plugin versions = 2.0.2. Solution Update the WordPress PHP Everywhere plugin to the latest available version at least 2.0.3...

8.8CVSS2.8AI score0.004EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/12/22 12:0 a.m.20 views

WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin <= 3.1.24 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin versions = 3.1.24. Solution Update the WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin to the latest available...

1.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/12/20 12:0 a.m.20 views

WordPress Contest Gallery plugin <= 13.1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien in WordPress Contest Gallery plugin versions = 13.1.0.9. Solution Update the WordPress Contest Gallery plugin to the latest available version at least 14.0.0...

4.8CVSS2.3AI score0.00499EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/12/13 12:0 a.m.20 views

WordPress True Ranker plugin <= 2.2.2 - Directory Traversal/Arbitrary File Read vulnerability

Directory Traversal/Arbitrary File Read vulnerability discovered by p7e4 in WordPress True Ranker plugin versions = 2.2.2. Solution Update the WordPress True Ranker plugin to the latest available version at least 2.2.4...

7.5CVSS2.7AI score0.78431EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2021/12/13 12:0 a.m.20 views

WordPress Simple Image Gallery plugin <= 1.0.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Simple Image Gallery plugin versions = 1.0.6. Solution Deactivate and delete. This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.7AI score0.00757EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/12/07 12:0 a.m.20 views

WordPress 10Web Social Photo Feed plugin <= 1.4.28 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress 10Web Social Photo Feed plugin versions = 1.4.28. Solution Update the WordPress 10Web Social Photo Feed plugin to the latest available version at least 1.4.29...

6.1CVSS2.6AI score0.008EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/02 12:0 a.m.20 views

WordPress Post Duplicator plugin <= 2.26 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Cyber Security Works Pvt. Ltd in WordPress Post Duplicator plugin versions = 2.26. Solution Update the WordPress Post Duplicator plugin to the latest available version at least 2.27...

5.4CVSS1.6AI score0.00627EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/29 12:0 a.m.20 views

WordPress Contact Form With Captcha plugin <= 1.6.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Yuga Futatsuki Cryptography Laboratory in Tokyo Denki University in WordPress Contact Form With Captcha plugin versions = 1.6.7. Solution Update the WordPress Contact Form With Captcha plugin to...

8.8CVSS2.4AI score0.00605EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/11/29 12:0 a.m.20 views

WordPress Stetic plugin <= 1.0.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Naoki Ogawa Cryptography Laboratory in Tokyo Denki University in WordPress Stetic plugin versions = 1.0.8. Solution Update the WordPress Stetic plugin to the latest available version at least...

8.8CVSS2.3AI score0.00605EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/11/29 12:0 a.m.20 views

WordPress Download Manager plugin <= 3.2.21 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Download Manager plugin versions = 3.2.21. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.22...

5.4CVSS2.4AI score0.006EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/28 12:0 a.m.20 views

WordPress The Monday theme <= 1.4.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress The Monday theme versions = 1.4.1. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...

8.8CVSS2.7AI score0.01652EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/23 12:0 a.m.20 views

WordPress IDPay for Contact Form 7 plugin <= 2.1.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Jeremie Amsellem in WordPress IDPay for Contact Form 7 plugin versions = 2.1.2. Solution Deactivate and delete. This plugin has been closed as of November 23, 2021 and is not available for download. Reason: Security Issue...

6.1CVSS3.1AI score0.00788EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/22 12:0 a.m.20 views

WordPress Logo Carousel plugin <= 3.4.1 - Unauthorized Private Post Access vulnerability

Unauthorized Private Post Access vulnerability discovered by apple502j in WordPress Logo Carousel plugin versions = 3.4.1. Solution Update the WordPress Logo Carousel plugin to the latest available version at least 3.4.2...

8.1CVSS3.2AI score0.01006EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/18 12:0 a.m.20 views

WordPress Directorist plugin <= 7.0.6.1 - Cross-Site Request Forgery (CSRF) vulnerability leading to Remote File Upload

Cross-Site Request Forgery CSRF vulnerability leading to Remote File Upload discovered by lostbytes1 in WordPress Directorist plugin versions = 7.0.6.1. Solution Update the WordPress Directorist plugin to the latest available version at least 7.0.6.2...

7.5CVSS3.4AI score0.00811EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.20 views

WordPress Quotes Collection plugin <= 2.5.2 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by JrXnm in WordPress Quotes Collection plugin versions = 2.5.2. Solution Deactivate and delete. This plugin has been closed as of October 13, 2021 and is not available for download. This closure is temporary, pending a full review...

7.2CVSS3.6AI score0.01275EPSS
Exploits2References3Affected Software1
Total number of security vulnerabilities5000