Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2021/09/10 12:0 a.m.20 views

WordPress Appointment Hour Booking plugin <= 1.3.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress Appointment Hour Booking plugin versions = 1.3.16. Solution Update the WordPress Appointment Hour Booking plugin to the latest available version at least 1.3.17...

5.4CVSS1.3AI score0.00604EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/10 12:0 a.m.20 views

WordPress StopBadBots plugin <= 6.59 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Martin Vierula Trustwave in WordPress StopBadBots plugin versions = 6.59. Solution Update the WordPress StopBadBots plugin to the latest available version at least 6.60...

8.8CVSS3.4AI score0.01659EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.20 views

WordPress Post Title Counter plugin <= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Post Title Counter plugin versions = 1.1. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.4AI score0.00866EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.20 views

WordPress MoolaMojo plugin <= 0.7.4.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress MoolaMojo plugin versions = 0.7.4.1. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.7AI score0.00757EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.20 views

WordPress InviteBox Plugin for viral Refer-a-Friend Promotions <= 1.4.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress InviteBox Plugin for viral Refer-a-Friend Promotions versions = 1.4.1. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.9AI score0.00793EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/09/01 12:0 a.m.20 views

WordPress Easy Social Icons plugin <= 3.0.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ram Gall WordFence in WordPress Easy Social Icons plugin versions = 3.0.8. Solution Update the WordPress Easy Social Icons plugin to the latest available version at least 3.0.9...

6.1CVSS2.6AI score0.0236EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/24 12:0 a.m.20 views

WordPress Booster for WooCommerce plugin <= 5.4.3 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Chloe Chamberland WordFence in WordPress Booster for WooCommerce plugin versions = 5.4.3. Solution Update the WordPress Booster for WooCommerce plugin to the latest available version at least 5.4.4...

9.8CVSS2.8AI score0.50869EPSS
Exploits8References3Affected Software1
Patchstack
Patchstack
added 2021/08/23 12:0 a.m.20 views

WordPress Comment Link Remove and Other Comment Tools plugin <= 2.1.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to bulk comment deletion

Cross-Site Request Forgery CSRF vulnerability leading to bulk comment deletion discovered by Martin Vierula Trustwave in WordPress Comment Link Remove and Other Comment Tools plugin versions = 2.1.4. Solution Update the WordPress Comment Link Remove and Other Comment Tools plugin to the latest...

4.3CVSS3.6AI score0.00471EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/22 12:0 a.m.20 views

WordPress Page Contact plugin <= 1.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress Page Contact plugin versions = 1.0. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...

7.2CVSS3.4AI score0.01467EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/16 12:0 a.m.20 views

WordPress WordPress Advanced Ticket System plugin <= 1.0.63 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Tri Wanda Septian in WordPress WordPress Advanced Ticket System plugin versions = 1.0.63. Solution Update the WordPress WordPress Advanced Ticket System plugin to the latest available version at least 1.0.64...

4.8CVSS2.8AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/16 12:0 a.m.20 views

WordPress SEOPress, on-site SEO plugin 5.0.0 – 5.0.3 - Stored Cross-Site Scripting (XSS) vulnerability via REST-API

Stored Cross-Site Scripting XSS vulnerability via REST-API discovered by Chloe Chamberland WordFence in WordPress SEOPress, on-site SEO plugin versions 5.0.0 – 5.0.3. Solution Update the WordPress SEOPress, on-site SEO plugin to the latest available version at least 5.0.4...

6.4CVSS2.6AI score0.00651EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2021/08/13 12:0 a.m.20 views

WordPress WP Fountain plugin <= 1.5.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress WP Fountain plugin versions = 1.5.9. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.9AI score0.00884EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/08/13 12:0 a.m.20 views

WordPress WP SEO Tags plugin <= 2.2.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress WP SEO Tags plugin versions = 2.2.7. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.7AI score0.00844EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/08/02 12:0 a.m.20 views

WordPress Business Hours Indicator plugin <= 2.3.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Business Hours Indicator plugin versions = 2.3.4. Solution Update the WordPress Business Hours Indicator plugin to the latest available version at least 2.3.5...

5.4CVSS1.5AI score0.0062EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/07/26 12:0 a.m.20 views

WordPress Simple Banner plugin <= 2.10.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Simple Banner plugin versions = 2.10.3. Solution Update the WordPress Simple Banner plugin to the latest available version at least 2.10.4...

4.8CVSS2.1AI score0.00676EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/07/19 12:0 a.m.20 views

WordPress Wonder PDF Embed plugin <= 1.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Wonder PDF Embed plugin versions = 1.6. Solution Update the WordPress Wonder PDF Embed plugin to the latest available version at least 1.7...

5.4CVSS1.9AI score0.00624EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/30 12:0 a.m.20 views

WordPress Profile Builder plugin <= 3.4.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Profile Builder plugin versions = 3.4.7. Solution Update the WordPress Profile Builder plugin to the latest available version at least 3.4.8...

4.8CVSS2AI score0.00613EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/28 12:0 a.m.20 views

WordPress ProfilePress plugin 3.0 – 3.1.3 - Arbitrary File Upload in Image Uploader Component vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Chloe Chamberland WordFence in WordPress ProfilePress plugin versions 3.0 – 3.1.3. 06.29.2021 - WordFence updated the vulnerable version to 3.0 - 3.1.3. Solution Update the WordPress ProfilePress plugin to the latest version at leas...

9.8CVSS1.8AI score0.02101EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/21 12:0 a.m.20 views

WordPress Advanced Popups plugin <= 1.1.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Advanced Popups plugin versions = 1.1.1. Solution Update the WordPress Advanced Popups plugin to the latest available version at least 1.1.2...

2.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/06/21 12:0 a.m.20 views

WordPress Staff Directory Plugin: Company Directory <= 3.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Staff Directory Plugin: Company Directory versions = 3.6. Solution Update the WordPress Staff Directory Plugin: Company Directory to the latest available version at least 4.0...

3.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/06/07 12:0 a.m.20 views

WordPress WP Hardening plugin <= 1.2.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by dc11 in WordPress WP Hardening plugin versions = 1.2.1. Solution Update the WordPress WP Hardening plugin to the latest available version at least 1.2.2...

6.1CVSS1.1AI score0.00827EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/01 12:0 a.m.20 views

WordPress Fancy Product Designer premium plugin <= 4.6.8 - Unauthenticated Arbitrary File Upload and Remote Code Execution (RCE) vulnerabilities

Unauthenticated Arbitrary File Upload and Remote Code Execution RCE vulnerabilities discovered by WordFence in WordPress Fancy Product Designer premium plugin versions = 4.6.8. Solution Update the WordPress Fancy Product Designer premium plugin to the latest available version at least 4.6.9...

9.8CVSS5.1AI score0.47091EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/05/19 12:0 a.m.20 views

WordPress JobSearch premium plugin <= 1.7.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress JobSearch premium plugin versions = 1.7.3. Solution Update the WordPress JobSearch premium plugin to the latest available version at least 1.7.4...

5.4CVSS2AI score0.00633EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/05/13 12:0 a.m.20 views

WordPress External Media plugin <= 1.0.33 - Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Chloe Chamberland WordFence in WordPress External Media plugin versions = 1.0.33. Solution Update the WordPress External Media plugin to the latest available version at least 1.0.34...

8.8CVSS5.6AI score0.01775EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/04/29 12:0 a.m.20 views

WordPress Funnel Builder by CartFlows plugin <= 1.6.12 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Funnel Builder by CartFlows plugin versions = 1.6.12. Solution Update the WordPress Funnel Builder by CartFlows plugin to the latest available version at least 1.6.13...

4.8CVSS3.1AI score0.00652EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/04/19 12:0 a.m.20 views

WordPress Contact Form by Supsystic plugin <= 1.7.14 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Contact Form by Supsystic plugin versions = 1.7.14. Solution Update the WordPress Contact Form by Supsystic plugin to the latest available version at least 1.7.15...

6.1CVSS2.3AI score0.16044EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2021/04/16 12:0 a.m.20 views

WordPress QIWI for WooCommerce plugin <= 0.0.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Frank Liauw in WordPress QIWI for WooCommerce plugin versions = 0.0.9. Solution This plugin has been closed as of April 12, 2021 and is not available for download. This closure is temporary, pending a full review...

3AI score0.01261EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/04/13 12:0 a.m.20 views

WordPress HT Mega plugin <= 1.5.5 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by WordFence in WordPress HT Mega plugin versions = 1.5.5. Solution Update the WordPress HT Mega plugin to the latest available version at least 1.5.7...

5.4CVSS1.2AI score0.00663EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/04/02 12:0 a.m.20 views

WordPress Business Hours Pro plugin <= 5.5.0 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Harald Eilertsen in WordPress Business Hours Pro plugin versions = 5.5.0. Solution No patched version is available. Deactivate and delete...

9.8CVSS3.9AI score0.03037EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2021/03/30 12:0 a.m.20 views

WordPress Advanced Booking Calendar plugin <= 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Advanced Booking Calendar plugin versions = 1.6.7. Solution Update the WordPress Advanced Booking Calendar plugin to the latest available version at least 1.6.8...

5.4CVSS2.5AI score0.0062EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/03/29 12:0 a.m.20 views

WordPress Listeo premium theme <= 1.6.07 - Authenticated Multiple Insecure Direct Object References (IDOR) vulnerabilities

Multiple Insecure Direct Object References IDOR vulnerabilities discovered by m0ze Patchstack Red Team in the WordPress Listeo premium theme versions = 1.6.07. Solution Update the WordPress Listeo premium theme to the latest available version at least 1.6.11...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/03/29 12:0 a.m.20 views

WordPress WorkScout premium theme <= 2.0.31 - Cross-Frame Scripting (XFS) vulnerability

Cross-Frame Scripting XFS vulnerability discovered by m0ze Patchstack Red Team in WordPress WorkScout premium theme versions = 2.0.31. Solution Update the WordPress WorkScout premium theme to the latest available version at least 2.0.32...

2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/03/27 12:0 a.m.20 views

WordPress WP-Curriculo Vitae Free plugin <= 6.3 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Jin Huang in WordPress WP-Curriculo Vitae Free plugin versions = 6.3. Solution Plugin closed. Deactivate and delete...

9.8CVSS4.5AI score0.02426EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/03/26 12:0 a.m.20 views

WordPress Patreon WordPress plugin <= 1.6.9 - Cross-Site Request Forgery (CSRF) vulnerability allowing disconnection of the website from Patreon

Cross-Site Request Forgery CSRF vulnerability allowing disconnection of the website from Patreon discovered by Jetpack Scan team in WordPress Patreon WordPress plugin versions = 1.6.9. Solution Update the WordPress Patreon WordPress plugin to the latest available version at least 1.7.0...

6.5CVSS3.4AI score0.00575EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/03/21 12:0 a.m.20 views

WordPress WooCommerce Help Scout plugin <= 2.9 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Ville Korhonen in WordPress WooCommerce Help Scout plugin versions = 2.9. Solution Update the WordPress WooCommerce Help Scout plugin to the latest available version at least 2.9.1...

9.8CVSS4.1AI score0.07908EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/03/16 12:0 a.m.20 views

WordPress WP Super Cache plugin <= 1.7.1 - Authenticated Remote Code Execution (RCE) vulnerability

Authenticated Remote Code Execution RCE vulnerability settings page discovered by m0ze Patchstack Red Team in WordPress WP Super Cache plugin versions = 1.7.1. Solution Update the WordPress WP Super Cache plugin to the latest available version at least 1.7.2...

4.2AI score0.23844EPSS
Exploits3References2Affected Software1
Patchstack
Patchstack
added 2021/01/10 12:0 a.m.20 views

WordPress EasyBook premium theme <= 1.2.1 - Persistent Cross-Site Scripting (XSS) vulnerability

Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress EasyBook premium theme versions = 1.2.1. Solution Update the WordPress EasyBook premium theme to the latest available version at least 1.2.2...

6.1CVSS2.1AI score0.02582EPSS
Exploits4References2Affected Software1
Patchstack
Patchstack
added 2021/01/10 12:0 a.m.20 views

WordPress Name Directory plugin <= 1.17.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Yuta in WordPress Name Directory plugin versions = 1.17.4. Solution Update the WordPress Name Directory plugin to the latest available version at least 1.18...

8.8CVSS4AI score0.0084EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2020/12/07 12:0 a.m.20 views

WordPress Easy WP SMTP plugin <= 1.4.2 - Unauthenticated Admin Password Reset

Unauthenticated Admin Password Reset vulnerability found by mathieg2 in WordPress Easy WP SMTP plugin versions = 1.4.2. Solution Update the WordPress Easy WP SMTP plugin to the latest available version at least 1.4.3. Attention! Please make sure you have a directory listing disabled since it coul...

1.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/10/08 12:0 a.m.20 views

WordPress Dynamic Content for Elementor premium plugin <= 1.9.5.6 - Authenticated Remote Code Execution (RCE) vulnerability

Authenticated Remote Code Execution RCE vulnerability found by CompuNet in WordPress Dynamic Content for Elementor premium plugin versions = 1.9.5.6. Solution Update the WordPress Dynamic Content for Elementor premium plugin to the latest available version at least 1.9.6...

9CVSS5.4AI score0.05648EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2020/10/01 12:0 a.m.20 views

WordPress NewsMag theme <= 2.4.1 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet WordPress NewsMag theme versions = 2.4.1. Solution Update the WordPress NewsMag theme to the latest available version at least 2.4.2...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/09/28 12:0 a.m.20 views

WordPress WP Courses LMS plugin <= 2.0.28 - Broken Access Controls leading to Courses Content Disclosure vulnerability

Broken Access Controls leading to Courses Content Disclosure vulnerability found by Marco Ortisi redtimmysec in WordPress WP Courses LMS plugin versions = 2.0.28. Solution Update the WordPress WP Courses LMS plugin to the latest available version at least 2.0.29...

7.5CVSS2.4AI score0.09199EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2020/06/21 12:0 a.m.20 views

WordPress Advanced Custom Fields plugin <= 5.8.11 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Advanced Custom Fields plugin versions = 5.8.11. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 5.8.12...

6.1CVSS1.7AI score0.00896EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/04/28 12:0 a.m.20 views

WordPress LearnPress plugin <= 3.2.6.8 - Authenticated Page Creation and Status Modification vulnerability

Authenticated Page Creation and Status Modification vulnerability discovered by WordFence in WordPress LearnPress plugin versions = 3.2.6.8. Solution Update the WordPress LearnPress plugin to the latest available version at least 3.2.6.9...

3AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2020/04/13 12:0 a.m.20 views

WordPress Media Library Assistant plugin <= 2.81 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Daniel Monzón stark0de in WordPress Media Library Assistant plugin versions = 2.81. Solution Update the WordPress Media Library Assistant plugin to the latest available version at least 2.82...

6.1CVSS3.7AI score0.01154EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2020/03/24 12:0 a.m.20 views

WordPress Abstract Submission plugin <= 0.6 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability discovered by Random Robbie in WordPress Abstract Submission plugin versions = 0.6. Solution Plugin closed. Deactivate and delete...

6.8CVSS2.9AI score0.39374EPSS
Exploits6References2Affected Software1
Patchstack
Patchstack
added 2020/01/31 12:0 a.m.20 views

WordPress Login by Auth0 plugin <= 3.11.2 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Muhamad Visat in WordPress Login by Auth0 plugin versions = 3.11.2. Solution Update the WordPress Login by Auth0 plugin to the latest available version at least 3.11.3...

6.1CVSS1.9AI score0.02462EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2020/01/16 12:0 a.m.20 views

WordPress Chained Quiz plugin <= 1.1.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ben Armstrong in WordPress Chained Quiz plugin versions = 1.1.8.1. Solution Update the WordPress Chained Quiz plugin to the latest available version at least 1.1.8.2...

6.1CVSS2.1AI score0.01607EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/01/10 12:0 a.m.20 views

WordPress EasyBook premium theme <= 1.2.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress EasyBook premium theme versions = 1.2.1. Solution Update the WordPress EasyBook premium theme to the latest available version at least 1.2.2...

6.1CVSS2.3AI score0.03243EPSS
Exploits4References2Affected Software1
Patchstack
Patchstack
added 2020/01/06 12:0 a.m.20 views

WordPress Awesome Support plugin <= 5.8.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by 0xPablito in WordPress Awesome Support plugin versions = 5.8.2. Solution Update the WordPress Awesome Support plugin to the latest available version at least 6.0.0...

4.8CVSS1.9AI score0.00717EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000