Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2021/04/19 12:0 a.m.20 views

WordPress Contact Form by Supsystic plugin <= 1.7.14 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Contact Form by Supsystic plugin versions = 1.7.14. Solution Update the WordPress Contact Form by Supsystic plugin to the latest available version at least 1.7.15...

6.1CVSS2.3AI score0.16044EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2021/04/16 12:0 a.m.20 views

WordPress QIWI for WooCommerce plugin <= 0.0.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Frank Liauw in WordPress QIWI for WooCommerce plugin versions = 0.0.9. Solution This plugin has been closed as of April 12, 2021 and is not available for download. This closure is temporary, pending a full review...

3AI score0.01261EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/04/13 12:0 a.m.20 views

WordPress HT Mega plugin <= 1.5.5 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by WordFence in WordPress HT Mega plugin versions = 1.5.5. Solution Update the WordPress HT Mega plugin to the latest available version at least 1.5.7...

5.4CVSS1.2AI score0.00663EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/04/02 12:0 a.m.20 views

WordPress Business Hours Pro plugin <= 5.5.0 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Harald Eilertsen in WordPress Business Hours Pro plugin versions = 5.5.0. Solution No patched version is available. Deactivate and delete...

9.8CVSS3.9AI score0.03037EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2021/03/30 12:0 a.m.20 views

WordPress Advanced Booking Calendar plugin <= 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Advanced Booking Calendar plugin versions = 1.6.7. Solution Update the WordPress Advanced Booking Calendar plugin to the latest available version at least 1.6.8...

5.4CVSS2.5AI score0.0062EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/03/29 12:0 a.m.20 views

WordPress Listeo premium theme <= 1.6.07 - Authenticated Multiple Insecure Direct Object References (IDOR) vulnerabilities

Multiple Insecure Direct Object References IDOR vulnerabilities discovered by m0ze Patchstack Red Team in the WordPress Listeo premium theme versions = 1.6.07. Solution Update the WordPress Listeo premium theme to the latest available version at least 1.6.11...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/03/29 12:0 a.m.20 views

WordPress WorkScout premium theme <= 2.0.31 - Cross-Frame Scripting (XFS) vulnerability

Cross-Frame Scripting XFS vulnerability discovered by m0ze Patchstack Red Team in WordPress WorkScout premium theme versions = 2.0.31. Solution Update the WordPress WorkScout premium theme to the latest available version at least 2.0.32...

2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/03/27 12:0 a.m.20 views

WordPress WP-Curriculo Vitae Free plugin <= 6.3 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Jin Huang in WordPress WP-Curriculo Vitae Free plugin versions = 6.3. Solution Plugin closed. Deactivate and delete...

9.8CVSS4.5AI score0.02426EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/03/26 12:0 a.m.20 views

WordPress Patreon WordPress plugin <= 1.6.9 - Cross-Site Request Forgery (CSRF) vulnerability allowing disconnection of the website from Patreon

Cross-Site Request Forgery CSRF vulnerability allowing disconnection of the website from Patreon discovered by Jetpack Scan team in WordPress Patreon WordPress plugin versions = 1.6.9. Solution Update the WordPress Patreon WordPress plugin to the latest available version at least 1.7.0...

6.5CVSS3.4AI score0.00575EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/03/21 12:0 a.m.20 views

WordPress WooCommerce Help Scout plugin <= 2.9 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Ville Korhonen in WordPress WooCommerce Help Scout plugin versions = 2.9. Solution Update the WordPress WooCommerce Help Scout plugin to the latest available version at least 2.9.1...

9.8CVSS4.1AI score0.07908EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/03/16 12:0 a.m.20 views

WordPress WP Super Cache plugin <= 1.7.1 - Authenticated Remote Code Execution (RCE) vulnerability

Authenticated Remote Code Execution RCE vulnerability settings page discovered by m0ze Patchstack Red Team in WordPress WP Super Cache plugin versions = 1.7.1. Solution Update the WordPress WP Super Cache plugin to the latest available version at least 1.7.2...

4.2AI score0.23844EPSS
Exploits3References2Affected Software1
Patchstack
Patchstack
added 2021/01/10 12:0 a.m.20 views

WordPress EasyBook premium theme <= 1.2.1 - Persistent Cross-Site Scripting (XSS) vulnerability

Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress EasyBook premium theme versions = 1.2.1. Solution Update the WordPress EasyBook premium theme to the latest available version at least 1.2.2...

6.1CVSS2.1AI score0.02582EPSS
Exploits4References2Affected Software1
Patchstack
Patchstack
added 2021/01/10 12:0 a.m.20 views

WordPress Name Directory plugin <= 1.17.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Yuta in WordPress Name Directory plugin versions = 1.17.4. Solution Update the WordPress Name Directory plugin to the latest available version at least 1.18...

8.8CVSS4AI score0.0084EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2020/12/07 12:0 a.m.20 views

WordPress Easy WP SMTP plugin <= 1.4.2 - Unauthenticated Admin Password Reset

Unauthenticated Admin Password Reset vulnerability found by mathieg2 in WordPress Easy WP SMTP plugin versions = 1.4.2. Solution Update the WordPress Easy WP SMTP plugin to the latest available version at least 1.4.3. Attention! Please make sure you have a directory listing disabled since it coul...

1.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/10/08 12:0 a.m.20 views

WordPress Dynamic Content for Elementor premium plugin <= 1.9.5.6 - Authenticated Remote Code Execution (RCE) vulnerability

Authenticated Remote Code Execution RCE vulnerability found by CompuNet in WordPress Dynamic Content for Elementor premium plugin versions = 1.9.5.6. Solution Update the WordPress Dynamic Content for Elementor premium plugin to the latest available version at least 1.9.6...

9CVSS5.4AI score0.05648EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2020/10/01 12:0 a.m.20 views

WordPress NewsMag theme <= 2.4.1 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet WordPress NewsMag theme versions = 2.4.1. Solution Update the WordPress NewsMag theme to the latest available version at least 2.4.2...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/09/28 12:0 a.m.20 views

WordPress WP Courses LMS plugin <= 2.0.28 - Broken Access Controls leading to Courses Content Disclosure vulnerability

Broken Access Controls leading to Courses Content Disclosure vulnerability found by Marco Ortisi redtimmysec in WordPress WP Courses LMS plugin versions = 2.0.28. Solution Update the WordPress WP Courses LMS plugin to the latest available version at least 2.0.29...

7.5CVSS2.4AI score0.09199EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2020/06/21 12:0 a.m.20 views

WordPress Advanced Custom Fields plugin <= 5.8.11 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Advanced Custom Fields plugin versions = 5.8.11. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 5.8.12...

6.1CVSS1.7AI score0.00896EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/04/28 12:0 a.m.20 views

WordPress LearnPress plugin <= 3.2.6.8 - Authenticated Page Creation and Status Modification vulnerability

Authenticated Page Creation and Status Modification vulnerability discovered by WordFence in WordPress LearnPress plugin versions = 3.2.6.8. Solution Update the WordPress LearnPress plugin to the latest available version at least 3.2.6.9...

3AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2020/04/13 12:0 a.m.20 views

WordPress Media Library Assistant plugin <= 2.81 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Daniel Monzón stark0de in WordPress Media Library Assistant plugin versions = 2.81. Solution Update the WordPress Media Library Assistant plugin to the latest available version at least 2.82...

6.1CVSS3.7AI score0.01154EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2020/03/24 12:0 a.m.20 views

WordPress Abstract Submission plugin <= 0.6 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability discovered by Random Robbie in WordPress Abstract Submission plugin versions = 0.6. Solution Plugin closed. Deactivate and delete...

6.8CVSS2.9AI score0.39374EPSS
Exploits6References2Affected Software1
Patchstack
Patchstack
added 2020/01/31 12:0 a.m.20 views

WordPress Login by Auth0 plugin <= 3.11.2 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Muhamad Visat in WordPress Login by Auth0 plugin versions = 3.11.2. Solution Update the WordPress Login by Auth0 plugin to the latest available version at least 3.11.3...

6.1CVSS1.9AI score0.02462EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2020/01/16 12:0 a.m.20 views

WordPress Chained Quiz plugin <= 1.1.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ben Armstrong in WordPress Chained Quiz plugin versions = 1.1.8.1. Solution Update the WordPress Chained Quiz plugin to the latest available version at least 1.1.8.2...

6.1CVSS2.1AI score0.01607EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/01/10 12:0 a.m.20 views

WordPress EasyBook premium theme <= 1.2.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress EasyBook premium theme versions = 1.2.1. Solution Update the WordPress EasyBook premium theme to the latest available version at least 1.2.2...

6.1CVSS2.3AI score0.03243EPSS
Exploits4References2Affected Software1
Patchstack
Patchstack
added 2020/01/06 12:0 a.m.20 views

WordPress Awesome Support plugin <= 5.8.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by 0xPablito in WordPress Awesome Support plugin versions = 5.8.2. Solution Update the WordPress Awesome Support plugin to the latest available version at least 6.0.0...

4.8CVSS1.9AI score0.00717EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2019/11/14 12:0 a.m.20 views

WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <=5.127.3 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin versions =5.127.3. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version at least 5.127.4...

6.1CVSS2.5AI score0.01307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/10/31 12:0 a.m.20 views

WordPress YITH WooCommerce Advanced Reviews plugin <= 1.3.9 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Advanced Reviews plugin versions = 1.3.9. Solution Update the WordPress YITH WooCommerce Advanced Reviews plugin to the latest available version at least 1.4.0...

4.3CVSS3.6AI score0.00948EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/10/31 12:0 a.m.20 views

WordPress YITH WooCommerce Cart Messages plugin <=1.4.4 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Cart Messages plugin versions =1.4.4. Solution Update the WordPress YITH WooCommerce Cart Messages plugin to the latest available version at least 1.4.5...

4.3CVSS3AI score0.00948EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/10/31 12:0 a.m.20 views

WordPress YITH WooCommerce Waiting List plugin <=1.3.10 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Waiting List plugin versions =1.3.10. Solution Update the WordPress YITH WooCommerce Waiting List plugin to the latest available version at least 1.3.11...

4.3CVSS3.1AI score0.00948EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/08/23 12:0 a.m.20 views

WordPress Easy Forms for Mailchimp plugin <= 6.5.2 - Code Injection vulnerability

Code Injection vulnerability found by Henri Salo in WordPress Easy Forms for Mailchimp plugin versions = 6.5.2. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.5.3...

9.8CVSS1.8AI score0.02177EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/07/29 12:0 a.m.20 views

WordPress Custom Simple RSS plugin <= 2.0.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by rubyman in WordPress Custom Simple RSS plugin versions = 2.0.6. Solution Update the WordPress Custom Simple RSS plugin to the latest available version at least 2.0.7...

6.5CVSS3.3AI score0.00623EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/05/29 12:0 a.m.20 views

WordPress WP Database Backup plugin <= 5.1.2 - Unauthenticated OS Command Injection vulnerability

Unauthenticated OS Command Injection vulnerability found by WordFence in WordPress WP Database Backup plugin versions = 5.1.2. Solution Update the WordPress WP Database Backup plugin to the latest available version at least 5.2...

3.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/05/22 12:0 a.m.20 views

WordPress WP Booking System <= 1.5.1.1 - CSRF vulnerability to Authenticated SQL Injection vulnerability

CSRF vulnerability to Authenticated SQL Injection vulnerability possible in WordPress WP Booking System versions = 1.5.1.1 found by Magnus K. Stubman. Solution Update the WordPress WP Booking System to the latest available version at least 1.5.2...

7.2CVSS3.1AI score0.00911EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/03/22 12:0 a.m.20 views

WordPress NextScripts plugin <= 4.2.7 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Tim Coen in WordPress NextScripts plugin versions = 4.2.7. Solution Update the WordPress NextScripts plugin to the latest available version at least 4.2.8...

6.1CVSS1.9AI score0.01253EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2019/01/17 12:0 a.m.20 views

WordPress Social Network Tabs premium plugin <=1.7.1 - Social Media API Key Leakage vulnerability

Social Media API Key Leakage vulnerability found by @fs0c131y in WordPress Social Network Tabs premium plugin versions =1.7.1. Solution 26 January 2019 - we were unable to find any information about the patched version of this plugin. We recommend to deactivate and delete this plugin from your...

9.8CVSS3.6AI score0.10401EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/12/04 12:0 a.m.20 views

WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability found by Larry W. Cashdollar in WordPress Arigato Autoresponder and Newsletter plugin versions = 2.5.1.8. Solution Update the WordPress Arigato Autoresponder and Newsletter plugin to the latest available version at least 2.5.2...

7.2CVSS3.2AI score0.04354EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2018/09/09 12:0 a.m.20 views

WordPress FV Flowplayer Video Player plugin <=6.6.4 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress FV Flowplayer Video Player plugin versions =6.6.4. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 6.6.5...

6.1CVSS2.9AI score0.01044EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/08/28 12:0 a.m.20 views

WordPress Chained Quiz plugin <= 1.0.8 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by Qlirim Emini in WordPress Chained Quiz plugin versions = 1.0.8. Solution Update the WordPress Chained Quiz plugin to the latest available version at least 1.0.9...

9.8CVSS3AI score0.02686EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2018/04/09 12:0 a.m.20 views

WordPress File Upload plugin <=4.3.3 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability in WordPress File Upload plugin versions =4.3.3. Solution Update the WordPress File Upload plugin to the latest available version at least 4.3.4...

6.1CVSS1.9AI score0.03844EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
added 2018/03/28 12:0 a.m.20 views

WordPress Events Manager plugin <=5.8.1.1 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability found in WordPress Events Manager plugin versions =5.8.1.1. Solution Update the WordPress Events Manager plugin to the latest version at least 5.8.1.2...

5.4CVSS3AI score0.01058EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/03/13 12:0 a.m.20 views

WordPress WP Retina 2x plugin <=5.2.0 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress WP Retina 2x plugin versions =5.2.0. The vulnerability allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Solution Update the WordPress WP Retina 2x plugin to the latest available version at least 5.2.2...

6.1CVSS2.6AI score0.00918EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/03/02 12:0 a.m.20 views

WordPress NextGEN Gallery plugin <=2.2.46 - Gallery Paths Not Secured

Telefonica Cybersecurity Unit found an issue with insecure paths in WordPress NextGEN Gallery plugin versions =2.2.46. Solution Update the WordPress NextGEN Gallery plugin to the latest available version at least 2.2.50...

7.5CVSS2.7AI score0.02103EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/01/30 12:0 a.m.20 views

WordPress Social Media Widget by Acurax plugin <=3.2.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by Panagiotis Vagenas in WordPress Social Media Widget by Acurax plugin versions =3.2.5. Solution Update the WordPress Social Media Widget by Acurax plugin to the latest available version at least 3.2.6...

8.8CVSS3.2AI score0.00661EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/01/22 12:0 a.m.20 views

WordPress Booking calendar plugin <=2.1.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by d4wner in WordPress Booking calendar plugin versions =2.1.7. Solution Update the WordPress Booking calendar plugin to the latest available version at least 2.1.8...

8.8CVSS3.5AI score0.00768EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/01/09 12:0 a.m.20 views

WordPress GD Rating System plugin 2.3 - Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting XSS vulnerability found by d4wner in WordPress GD Rating System plugin version 2.3. Vulnerable via the wp-admin/admin.php panel parameter for the gd-rating-system-about page. Solution 1/9/2018 - we were unable to find a patched version of this plugin...

6.1CVSS2.8AI score0.01265EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/01/03 12:0 a.m.20 views

WordPress Smart Google Code Inserter plugin <=3.4 - Authorization bypass vulnerability

Authorization bypass vulnerability found by Benjamin Lim in WordPress Smart Google Code Inserter plugin versions =3.4. Solution Update the WordPress Smart Google Code Inserter plugin to the latest available version at least version 3.5...

9.8CVSS3.4AI score0.91477EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2017/11/07 12:0 a.m.20 views

WordPress WP Simple Booking Calendar Premium plugin 5.0–5.4 <= Unauthenticated Data leak

The booking notes are shown in the source code of the page. Solution Update the plugin to 5.5 version...

4.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2017/11/07 12:0 a.m.20 views

WordPress User Login History plugin <=1.5 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress User Login History plugin versions =1.5. Solution Update the WordPress User Login History plugin to the latest available version at least version 1.6...

6.1CVSS1.1AI score0.01041EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2017/10/11 12:0 a.m.20 views

WordPress WPHRM plugin <= 1.0 - Authenticated SQL Injection

WordPress WPHRM plugin Authenticated SQL Injection allows an attacker to inject SQL commands via the employeeid $GET param. Solution Update the plugin...

8.8CVSS5AI score0.03029EPSS
Exploits5References2Affected Software1
Patchstack
Patchstack
added 2017/08/08 12:0 a.m.20 views

WordPress Loginizer plugin <=1.3.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jonas Lejon WPScans in WordPress Loginizer plugin version 1.3.5 and earlier versions. The vulnerability exists in the init.php file of the "Blacklist and Whitelist IP Wizard." Solution Update the WordPress Loginizer plugin to the latest...

8.8CVSS2.4AI score0.00714EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000