Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2019/11/14 12:0 a.m.20 views

WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <=5.127.3 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin versions =5.127.3. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version at least 5.127.4...

6.1CVSS2.5AI score0.01307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/10/31 12:0 a.m.20 views

WordPress YITH WooCommerce Advanced Reviews plugin <= 1.3.9 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Advanced Reviews plugin versions = 1.3.9. Solution Update the WordPress YITH WooCommerce Advanced Reviews plugin to the latest available version at least 1.4.0...

4.3CVSS3.6AI score0.00948EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/10/31 12:0 a.m.20 views

WordPress YITH WooCommerce Cart Messages plugin <=1.4.4 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Cart Messages plugin versions =1.4.4. Solution Update the WordPress YITH WooCommerce Cart Messages plugin to the latest available version at least 1.4.5...

4.3CVSS3AI score0.00948EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/10/31 12:0 a.m.20 views

WordPress YITH WooCommerce Waiting List plugin <=1.3.10 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Waiting List plugin versions =1.3.10. Solution Update the WordPress YITH WooCommerce Waiting List plugin to the latest available version at least 1.3.11...

4.3CVSS3.1AI score0.00948EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/08/23 12:0 a.m.20 views

WordPress Easy Forms for Mailchimp plugin <= 6.5.2 - Code Injection vulnerability

Code Injection vulnerability found by Henri Salo in WordPress Easy Forms for Mailchimp plugin versions = 6.5.2. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.5.3...

9.8CVSS1.8AI score0.02177EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/07/29 12:0 a.m.20 views

WordPress Custom Simple RSS plugin <= 2.0.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by rubyman in WordPress Custom Simple RSS plugin versions = 2.0.6. Solution Update the WordPress Custom Simple RSS plugin to the latest available version at least 2.0.7...

6.5CVSS3.3AI score0.00623EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/05/29 12:0 a.m.20 views

WordPress WP Database Backup plugin <= 5.1.2 - Unauthenticated OS Command Injection vulnerability

Unauthenticated OS Command Injection vulnerability found by WordFence in WordPress WP Database Backup plugin versions = 5.1.2. Solution Update the WordPress WP Database Backup plugin to the latest available version at least 5.2...

3.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/05/22 12:0 a.m.20 views

WordPress WP Booking System <= 1.5.1.1 - CSRF vulnerability to Authenticated SQL Injection vulnerability

CSRF vulnerability to Authenticated SQL Injection vulnerability possible in WordPress WP Booking System versions = 1.5.1.1 found by Magnus K. Stubman. Solution Update the WordPress WP Booking System to the latest available version at least 1.5.2...

7.2CVSS3.1AI score0.00911EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/03/22 12:0 a.m.20 views

WordPress NextScripts plugin <= 4.2.7 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Tim Coen in WordPress NextScripts plugin versions = 4.2.7. Solution Update the WordPress NextScripts plugin to the latest available version at least 4.2.8...

6.1CVSS1.9AI score0.01253EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/01/17 12:0 a.m.20 views

WordPress Social Network Tabs premium plugin <=1.7.1 - Social Media API Key Leakage vulnerability

Social Media API Key Leakage vulnerability found by @fs0c131y in WordPress Social Network Tabs premium plugin versions =1.7.1. Solution 26 January 2019 - we were unable to find any information about the patched version of this plugin. We recommend to deactivate and delete this plugin from your...

9.8CVSS3.6AI score0.10401EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/12/04 12:0 a.m.20 views

WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability found by Larry W. Cashdollar in WordPress Arigato Autoresponder and Newsletter plugin versions = 2.5.1.8. Solution Update the WordPress Arigato Autoresponder and Newsletter plugin to the latest available version at least 2.5.2...

7.2CVSS3.2AI score0.04354EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2018/09/09 12:0 a.m.20 views

WordPress FV Flowplayer Video Player plugin <=6.6.4 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress FV Flowplayer Video Player plugin versions =6.6.4. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 6.6.5...

6.1CVSS2.9AI score0.01044EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/08/28 12:0 a.m.20 views

WordPress Chained Quiz plugin <= 1.0.8 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by Qlirim Emini in WordPress Chained Quiz plugin versions = 1.0.8. Solution Update the WordPress Chained Quiz plugin to the latest available version at least 1.0.9...

9.8CVSS3AI score0.02686EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2018/04/09 12:0 a.m.20 views

WordPress File Upload plugin <=4.3.3 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability in WordPress File Upload plugin versions =4.3.3. Solution Update the WordPress File Upload plugin to the latest available version at least 4.3.4...

6.1CVSS1.9AI score0.03844EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
added 2018/03/28 12:0 a.m.20 views

WordPress Events Manager plugin <=5.8.1.1 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability found in WordPress Events Manager plugin versions =5.8.1.1. Solution Update the WordPress Events Manager plugin to the latest version at least 5.8.1.2...

5.4CVSS3AI score0.01058EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/03/13 12:0 a.m.20 views

WordPress WP Retina 2x plugin <=5.2.0 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress WP Retina 2x plugin versions =5.2.0. The vulnerability allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Solution Update the WordPress WP Retina 2x plugin to the latest available version at least 5.2.2...

6.1CVSS2.6AI score0.00918EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/03/02 12:0 a.m.20 views

WordPress NextGEN Gallery plugin <=2.2.46 - Gallery Paths Not Secured

Telefonica Cybersecurity Unit found an issue with insecure paths in WordPress NextGEN Gallery plugin versions =2.2.46. Solution Update the WordPress NextGEN Gallery plugin to the latest available version at least 2.2.50...

7.5CVSS2.7AI score0.02103EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/01/30 12:0 a.m.20 views

WordPress Social Media Widget by Acurax plugin <=3.2.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by Panagiotis Vagenas in WordPress Social Media Widget by Acurax plugin versions =3.2.5. Solution Update the WordPress Social Media Widget by Acurax plugin to the latest available version at least 3.2.6...

8.8CVSS3.2AI score0.00661EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/01/22 12:0 a.m.20 views

WordPress Booking calendar plugin <=2.1.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by d4wner in WordPress Booking calendar plugin versions =2.1.7. Solution Update the WordPress Booking calendar plugin to the latest available version at least 2.1.8...

8.8CVSS3.5AI score0.00768EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/01/09 12:0 a.m.20 views

WordPress GD Rating System plugin 2.3 - Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting XSS vulnerability found by d4wner in WordPress GD Rating System plugin version 2.3. Vulnerable via the wp-admin/admin.php panel parameter for the gd-rating-system-about page. Solution 1/9/2018 - we were unable to find a patched version of this plugin...

6.1CVSS2.8AI score0.01265EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/01/03 12:0 a.m.20 views

WordPress Smart Google Code Inserter plugin <=3.4 - Authorization bypass vulnerability

Authorization bypass vulnerability found by Benjamin Lim in WordPress Smart Google Code Inserter plugin versions =3.4. Solution Update the WordPress Smart Google Code Inserter plugin to the latest available version at least version 3.5...

9.8CVSS3.4AI score0.91477EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2017/11/07 12:0 a.m.20 views

WordPress WP Simple Booking Calendar Premium plugin 5.0–5.4 <= Unauthenticated Data leak

The booking notes are shown in the source code of the page. Solution Update the plugin to 5.5 version...

4.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/11/07 12:0 a.m.20 views

WordPress User Login History plugin <=1.5 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress User Login History plugin versions =1.5. Solution Update the WordPress User Login History plugin to the latest available version at least version 1.6...

6.1CVSS1.1AI score0.01041EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2017/10/11 12:0 a.m.20 views

WordPress WPHRM plugin <= 1.0 - Authenticated SQL Injection

WordPress WPHRM plugin Authenticated SQL Injection allows an attacker to inject SQL commands via the employeeid $GET param. Solution Update the plugin...

8.8CVSS5AI score0.03029EPSS
Exploits5References2Affected Software1
Patchstack
Patchstack
added 2017/08/08 12:0 a.m.20 views

WordPress Loginizer plugin <=1.3.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jonas Lejon WPScans in WordPress Loginizer plugin version 1.3.5 and earlier versions. The vulnerability exists in the init.php file of the "Blacklist and Whitelist IP Wizard." Solution Update the WordPress Loginizer plugin to the latest...

8.8CVSS2.4AI score0.00714EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2017/07/03 12:0 a.m.20 views

WordPress WatuPRO plugin 5.5.1 - SQL Injection vulnerability

SQL Injection vulnerability found by Manich Koomsusi in WatuPRO 5.5.1 WordPress plugin. Data sent with “watuproquestions” parameter not sanitized before SQL statement. Solution Update the WatuPRO WordPress plugin to the latest available version at least 5.5.3.7...

3.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/01/10 12:0 a.m.20 views

WordPress plugin WP Support Plus Responsive Ticket System <= 7.1.3 - Privilege Escalation

WordPress plugin WP Support Plus Responsive Ticket System 7.1.3 earlier versions and 7.1.4 vulnerable to privilege escalation. It is possible to log in as any user without knowing password due to the incorrect usage of "wpsetauthcookie". Solution Update the plugin to the latest version atleast...

4.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2016/11/08 12:0 a.m.20 views

WordPress YITH WooCommerce Compare Plugin <= 2.0.9 - PHP Object injection

Because of this vulnerability, attackers can execute arbitrary PHP code. Solution Update the plugin...

5.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/07/20 12:0 a.m.20 views

WordPress Indexisto Plugin <= 1.0.5 - Reflected XSS

This plugin is prone to a cross site scripting vulnerability. Solution Upgrade the plugin...

6.1CVSS1.9AI score0.03432EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2016/06/22 12:0 a.m.20 views

WordPress Contus Video Comments Plugin - Remote File Upload

This plugin is prone to a remote file upload vulnerability, because any user can upload .jpg files to the WordPress installation. Solution Update the plugin...

9.4CVSS2.8AI score0.0863EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2016/04/12 12:0 a.m.20 views

WordPress Defa Online Image Protector Plugin <= 3.3 - XSS

This WordPress plugin is prone to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary script or HTML. Solution Update the plugin...

6.1CVSS4.1AI score0.03236EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2016/04/12 12:0 a.m.20 views

WordPress Tidio Gallery Plugin <= 1.1 - Cross Site Scripting (XSS)

This vulnerability is in the php code /tidio-gallery/popup-insert-help.php. Solution Update the plugin...

6.1CVSS1.6AI score0.04486EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2015/12/09 12:0 a.m.20 views

WordPress Wordfence Plugin <= 5.1.4 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...

6.1CVSS2.1AI score0.0119EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/07/16 12:0 a.m.20 views

WordPress Floating Social Bar Plugin <= 1.1.5 - XSS

This vulnerability allows an attacker to inject arbitrary web script or HTML via the "items" parameter in an fsbsaveorder action to wp-admin/admin-ajax.php. Solution Update the plugin...

4.3CVSS2.5AI score0.02067EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.20 views

WordPress WP Cumulus Plugin <= 1.22 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/05/12 12:0 a.m.20 views

WordPress Modern Theme <= 1.4.1 - Cross Site Scripting

This WordPress theme is prone to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary script or HTML. Solution Update the theme...

3.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/02/11 12:0 a.m.20 views

WordPress Spider Facebook Plugin <= 1.0.10 - Multiple XSS

Because of these vulnerabilities, some parameters are shown unsanitized. Solution Upgrade the plugin...

4.3CVSS3.9AI score0.01651EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/02/09 12:0 a.m.20 views

WordPress WPLMS Learning Management System Theme <= 1.8.4.1 - Privilege Escalation

Because of this vulnerability, the attackers can have an administrator account on the target's website. Solution Update the theme...

4.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/01/27 12:0 a.m.20 views

WordPress Banner Effect Header Plugin <= 1.2.7 - XSS

This vulnerability allows an attacker to inject arbitrary web script or HTML via the "bannereffectdivid" parameter. Solution Update the plugin...

4.3CVSS2.2AI score0.02046EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2015/01/17 12:0 a.m.20 views

WordPress Holding Pattern Theme <= 0.6 - Unrestricted File Upload

This vulnerability allows an attacker to upload arbitrary files. The application uses limited validation which means unauthorized upload is allowed. Solution Update the theme...

7.5CVSS2.9AI score0.59254EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
added 2015/01/16 12:0 a.m.20 views

WordPress Pie Register Plugin 2.0.13 - Privilege Escalation

This vulnerability allows anyone to import CSV file and the plugin import users from this "pie-register\pie-register.php" file. Solution Update to version 2.0.14...

5CVSS5AI score0.07797EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
added 2015/01/13 12:0 a.m.20 views

WordPress April's Super Functions Pack Plugin <= 1.4.7 - XSS

Because of this vulnerability in readme.php, the attackers to inject arbitrary web script or HTML via the "page" parameter. Solution Update the plugin...

4.3CVSS3.1AI score0.01948EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/01/08 12:0 a.m.20 views

WordPress All in One SEO Pack Plugin <= 2.2.5 - Information Management

All in One SEO Pack plugin is prone to an information management vulnerability. The attackers can obtain sensitive information by reading HTML source code, because this plugin does not consider the presence of password protection during generation of the Meta Description field. Solution Update th...

5CVSS1.6AI score0.03029EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/01/08 12:0 a.m.20 views

WordPress All In One WP Security & Firewall Plugin <= 3.8.7 - SQL Injection

Because of this SQL Injection vulnerability, attackers can execute arbitrary SQL commands via unspecified vectors. Solution Upgrade the plugin...

6CVSS6.1AI score0.01539EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/01/05 12:0 a.m.20 views

WordPress Facebook Like Box Plugin <= 2.8.2 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...

6.8CVSS3.9AI score0.0117EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/01/02 12:0 a.m.20 views

WordPress Cart66 Lite Plugin <= 1.5.3 - SQL Injection

This vulnerability allows authenticated users to execute arbitrary SQL commands via the "q" parameter in a promotionProductSearch action to wp-admin/admin-ajax.php. Solution Update the plugin...

6.5CVSS6.5AI score0.01756EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/01/01 12:0 a.m.20 views

WordPress PhotoSmash Plugin <= 1.0.1 - XSS

Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML via the "action" parameter. Solution Update the plugin...

4.3CVSS3.4AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/12/02 12:0 a.m.20 views

WordPress Google Analytics Plugin <= 5.1.2 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "Manually enter your UA code" field in the General Settings. Solution Update the plugin...

4.3CVSS2.6AI score0.01959EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/11/24 12:0 a.m.20 views

WordPress Download Manager Plugin 2.7.2 - Privilege Escalation

Download Manager plugin is prone tu vulnerability that allows an attacker to take control of every group change name, description, avatar and settings. In this case, every registered user can update every WordPress options using basicsettings function. Solution Update to version 2.7.3...

8.8CVSS4.1AI score0.11059EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2014/11/04 12:0 a.m.20 views

WordPress XCloner Plugin <= 3.1.1 - Remote Database Download & Local File Permissions

The attackers can obtain sensitive information via a direct request to a backup file in administrators/backups/, because the plugin stores database backup files with predictable names under the web root with insufficient access control. Solution Update the plugin...

5CVSS5.1AI score0.07117EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities5000