Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
•added 2014/09/09 12:0 a.m.•20 views

WordPress WP Support Plus Responsive Ticket System Plugin 2.0 - Multiple Vulnerabilities

There are 4 multiple vulnerabilities in this plugin. 1. SQL injection. 2. Full path disclosure. With this vulnerability full path to the file will be shown to the user after the file has been uploaded. 3. Directory traversal that allows download any file from the server. 4. Broken authentication...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/09/04 12:0 a.m.•20 views

WordPress WP Ban Plugin <= 1.6.3 - BYPASS

Because of this vulnerability, the attackers can bypass the IP blacklist via a crafted X-Forwarded-For header. Solution Update the plugin...

4.3CVSS4.3AI score0.0244EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2014/09/02 12:0 a.m.•20 views

WordPress Huge IT Image Gallery Plugin 1.0.1 - Authenticated SQL Injection

An authenticated SQL injection allows an attacker to bypass a web application’s authentication mechanism and retrieve the contents of database. Solution Upgrade the plugin...

6.5CVSS3.3AI score0.02357EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/08/18 12:0 a.m.•20 views

WordPress Mobile Pack Plugin <= 2.0.1 - Information Disclosure

Because of this vulnerability, the attackers can obtain sensitive information via an exportarticles action to export/content.php. Solution Update the plugin...

5CVSS4.6AI score0.16988EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/08/14 12:0 a.m.•20 views

WordPress Disqus Plugin 2.7.5 - Admin Stored CSRF and XSS

Disqus plugin is prone to an admin stored CSRF and XSS vulnerabilities. Solution Update the plugin...

4.3CVSS2.9AI score0.06095EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/08/01 12:0 a.m.•20 views

WordPress Zedity Plugin <= 2.4.0 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Upgrade the plugin...

6.8CVSS2.1AI score0.04805EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/07/28 12:0 a.m.•20 views

WordPress FB Gorilla Plugin - SQL Injection

This WordPress FB Gorilla plugin's "gameplay.php" is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

7.5CVSS3.9AI score0.04358EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/07/28 12:0 a.m.•20 views

WordPress Vitamin Plugin <= 1.0.9 - Multiple Directory Traversal

Because of these vulnerabilities, the attackers can access arbitrary files in the "path" parameter. Solution Update the plugin...

5CVSS4.9AI score0.03217EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/07/10 12:0 a.m.•20 views

WordPress Meta Slider Plugin <= 2.5 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "id" parameter to wp-admin/admin.php. Solution Update the plugin...

4.3CVSS3AI score0.01618EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/07/09 12:0 a.m.•20 views

WordPress BSK PDF Manager Plugin - Multiple SQL Injection Vulnerabilities

BSK PDF Manager plugin's "wp-admin/admin.php" is prone to multiple SQL injection vulnerabilities that allow to compromise the application, modify or access data. Also, exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

6.5CVSS2.6AI score0.03553EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2014/06/27 12:0 a.m.•20 views

WordPress Simple Share Buttons Adder Plugin 4.4 - Multiple Vulnerabilities

Simple Share Buttons Adder plugin is prone to multiple vulnerabilities CSRF and XSS that allow an attacker to convince an admin to visit a link of their choosing. Solution Update to version 4.5...

6.8CVSS4.6AI score0.02805EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•20 views

WordPress Malware Finder Plugin <= 1.1 - XSS

Because of this vulnerability in process.php, the attackers can inject arbitrary web script or HTML via the "query" parameter. Solution Update the plugin...

4.3CVSS3.1AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•20 views

WordPress OMFG Mobile Pro Plugin <= 1.1.26 - XSS

Because of this vulnerability in shortcode-generator/preview-shortcode-external.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.2AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•20 views

WordPress Silverlight Media Player Plugin <= 0.8 - XSS

Because of this vulnerability in uploader.php, the attackers can inject arbitrary web script or HTML via the "postid" parameter. Solution Update the plugin...

4.3CVSS2.8AI score0.01618EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•20 views

WordPress WP Plugin Manager Plugin <= 1.6.4.b - XSS

Because of this vulnerability in wp-plugins-net/index.php, the attackers can inject arbitrary web script or HTML via the "filter" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•20 views

WordPress WP Ultimate Email Marketer Plugin <= 1.1.0 - XSS

Because of these vulnerabilities in contact/edit.php, the attackers can inject arbitrary web script or HTML via the "contact" or "listname"parameter. Solution Update the plugin...

4.3CVSS3.1AI score0.01618EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•20 views

WordPress Video Posts Webcam Recorder Plugin <= 1.55.4 - XSS

Because of this vulnerability in posts/videowhisper/rlogout.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2AI score0.01618EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/05/28 12:0 a.m.•20 views

WordPress Tera Charts Plugin - Remote Path Traversal File Disclosure

Tera Charts plugin's zoomabletreemap.php "fn" parameter is prone to remote path traversal file disclosure vulnerability that allow an attacker to get potentially sensitive information. Other attacks are also possible. Solution Update the plugin...

5CVSS4.8AI score0.18734EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/05/23 12:0 a.m.•20 views

WordPress iMember360 Plugin <= 3.9.001 - Disclosure of Database Credentials

Because of this vulnerability, the attackers can obtain database credentials via the "i4wdbinfo" parameter. Solution Update the plugin...

5CVSS3.9AI score0.09149EPSS
Exploits1Affected Software1
Patchstack
Patchstack
•added 2014/05/22 12:0 a.m.•20 views

WordPress Search Everything Plugin <= 8.1.0 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of unspecified victims via unknown vectors. Solution Update the plugin...

6.8CVSS6.4AI score0.00952EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/05/22 12:0 a.m.•20 views

WordPress TinyMCE Color Picker Plugin <= 1.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. Solution Update the plugin...

6.8CVSS5.4AI score0.00952EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/12/17 12:0 a.m.•20 views

WordPress 2.0.11 - Cross Site Request Forgery

WordPress 2.0.11 version is prone to a cross site request forgery via "/wp-admin/options-discussion.php". It allows an attacker to perform certain unauthorized actions in the context of the affected application. Solution Update WordPress...

6.8CVSS5.5AI score0.0384EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/11/23 12:0 a.m.•20 views

WordPress Blue Wrench Video Widget Plugin - Cross Site Request Forgery

WordPress Blue Wrench Video Widget plugin is prone to a cross-site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session. Solution Upgrade the plugin...

6.8CVSS3.1AI score0.02884EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/10/03 12:0 a.m.•20 views

WordPress Comment Attachment Plugin <= 1.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "Attachment field title." Solution Update the plugin...

4.3CVSS3AI score0.02041EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/03/26 12:0 a.m.•20 views

WordPress One Webmaster Plugin <= 8.2.3 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that insert cross site scripting sequences. Solution Update the plugin...

6.8CVSS3AI score0.00954EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/03/26 12:0 a.m.•20 views

WordPress Facebook Members Plugin <= 5.0.4 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that modify this plugin's settings. Solution Update the plugin...

6.8CVSS5.3AI score0.0097EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/03/26 12:0 a.m.•20 views

WordPress Simple Paypal Shopping Cart Plugin <= 3.5 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that change plugin settings. Solution Update the plugin...

6.8CVSS3.5AI score0.01076EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/03/15 12:0 a.m.•20 views

WordPress LeagueManager Plugin 3.8 - SQL Injection

LeagueManager plugin is prone to an SQL injection that exists in the "leagueid" parameter of a function call made by the leaguemanagerexport page. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit...

7.5CVSS2.3AI score0.05231EPSS
Exploits8References1Affected Software1
Patchstack
Patchstack
•added 2013/01/19 12:0 a.m.•20 views

WordPress Ripe HD FLV Player Plugin - SQL Injection

WordPress Ripe HD FLV Player plugin is prone to an SQL injection vulnerability. It allows an attacker to get access to the database, get username, password and disclosure the full path. Solution Update the plugin...

2.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/01/11 12:0 a.m.•20 views

WordPress Connections Plugin <= 0.7.1.5 - Unspecified vulnerability

Because of this vulnerability, this plugin has unknown impact and attack vectors. Solution Update the plugin...

10CVSS8.1AI score0.02607EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/01/02 12:0 a.m.•20 views

WordPress Mingle Forum Plugin <= 1.0.34 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.3AI score0.02132EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/10/25 12:0 a.m.•20 views

WordPress SCORM Cloud Plugin <= 1.0.6 - SQL Injection

Because of this vulnerability in ajax.php, the attackers can execute arbitrary SQL commands via the "active" parameter. Solution Update the plugin...

7.5CVSS6.1AI score0.02431EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/10/09 12:0 a.m.•20 views

WordPress Pay With Tweet Plugin <= 1.1 - SQL Injection

Because of this vulnerability, the authenticated users can execute arbitrary SQL commands via the "id" parameter. Solution Update the plugin...

6CVSS5.7AI score0.02385EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/10/08 12:0 a.m.•20 views

WordPress Mingle Forum Plugin <= 1.0.32 - Multiple SQL Injection #1

Because of these vulnerabilities, the authenticated users can execute arbitrary SQL commands via the "editforumid parameter" in an editsaveforum action, "id" parameter to fs-admin/fs-admin.php or "memberid" parameter in a removemember action. Solution Update the plugin...

6.5CVSS6.3AI score0.01512EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/09/23 12:0 a.m.•20 views

WordPress Pretty Link Lite Plugin <= 1.5.3 - XSS

Because of this vulnerability in pretty-bar.php, the attackers can inject arbitrary web script or HTML via the "slug" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.01668EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/09/14 12:0 a.m.•20 views

WordPress DVS Custom Notification Plugin <= 1.0.1 - Multiple CSRF and XSS

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks orchange application settings. Solution Update the plugin...

6.8CVSS3.1AI score0.00954EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/08/13 12:0 a.m.•20 views

WordPress 2 Click Social Media Buttons Plugin <= 0.33 - XSS

Because of this vulnerability in libs/xing.php, the attackers can inject arbitrary web script or HTML via the "xing-url" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.0578EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/07/21 12:0 a.m.•20 views

WordPress Chenpress Plugin - Arbitrary File Upload

WordPress Chenpress plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Update the plugin...

4.3CVSS3.7AI score0.01663EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/05/18 12:0 a.m.•20 views

WordPress Login With Ajax Plugin <= 3.0.4.0 - XSS #2

Because of this vulnerability in login-with-ajax.php, the attackers can inject arbitrary web script or HTML via the "callback" parameter. Solution Update the plugin...

4.3CVSS3AI score0.02152EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/05/15 12:0 a.m.•20 views

WordPress Soundcloud Is Gold 2.1 - Cross Site Scripting

WordPress Soundcloud Is Gold plugin's "width" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...

4.3CVSS2.9AI score0.0377EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2012/02/14 12:0 a.m.•20 views

WordPress Recent Comments Plugin <= 2.0.6 - XSS

Because of this vulnerability in the core.php, the attackers can inject arbitrary web script or HTML via the "page" parameter. Solution Update the plugin...

4.3CVSS2.8AI score0.0214EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2012/01/12 12:0 a.m.•20 views

WordPress Count per Day Plugin - Multiple Vulnerabilities

WordPress Count per Day plugin is prone to multiple vulnerabilities such as XSS and user could call a remote script to download arbitrary file from the target system. Solution Update the plugin...

4.3CVSS2.5AI score0.05523EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/09/27 12:0 a.m.•20 views

WordPress ZenLite Theme <= 4.3 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the theme...

4.3CVSS2.7AI score0.01512EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/09/19 12:0 a.m.•20 views

WordPress AllWebMenus Plugin 1.1.3 - Remote File Inclusion

AllWebMenus plugin is prone to remote file include vulnerability. It allows an attacker to include a remote file and get access to the server. Solution Update the plugin...

7.5CVSS4.3AI score0.10322EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2011/08/30 12:0 a.m.•20 views

WordPress Crawl Rate Tracker Plugin <= 2.0.2 - SQL Injection

Crawl Rate Tracker plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

3.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2011/08/10 12:0 a.m.•20 views

WordPress <= 3.1.2 - Clickjacking Attacks

This WordPress version does not prevent rendering for admin or login pages inside a frame in a third-party HTML document. It allows the attackers to conduct clickjacking attacks via a crafted web site. Solution Update WordPress...

5.8CVSS4.3AI score0.01525EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2011/04/05 12:0 a.m.•20 views

WordPress Custom Pages Plugin 0.5.0.1 - Local File Inclusion

This vulnerability can be exploited to include arbitrary files. Solution Update the plugin...

5CVSS2.8AI score0.22157EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2010/11/08 12:0 a.m.•20 views

WordPress FeedList Plugin 2.61.01 - Cross-Site Scripting Vulnerability

This FeedList plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication...

4.3CVSS3.3AI score0.01921EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2010/07/03 12:0 a.m.•20 views

WordPress cache_lastpostdate - Arbitrary Code Execution

WordPress version prior to 1.5.1.3 is remotely exploitable if the web server on which it runs has registerglobals enabled in the PHP configuration. Perl code exists to automatically exploit vulnerable WP 1.5.1.3 sites, allowing the attacker to try to execute code. Solution Update WordPress...

7.5CVSS6.4AI score0.38771EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
•added 2009/08/23 12:0 a.m.•20 views

WordPress Simple Forum Plugin - SQL Injection

Because of this vulnerability in ahah/sf-profile.php, the attackers can execute arbitrary SQL commands via the "u" parameter. Solution Update the plugin...

7.5CVSS6.7AI score0.02797EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000