Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2009/03/17 12:0 a.m.20 views

WordPress fMoblog Plugin 2.1 - SQL Injection Vulnerability

SQL injection vulnerability found in fmoblog.php. An attacker can execute arbitrary SQL commands via the id parameter to index.php. Solution Upgrade plugin...

7.5CVSS4.8AI score0.03582EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2008/12/30 12:0 a.m.20 views

WordPress Page Flip Image Gallery Plugin <= 0.2.2 - Directory Traversal

Because of this vulnerability, the attackers can read arbitrary files via "bookid" parameter. Solution Update the plugin...

4.3CVSS4.6AI score0.05808EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/10/24 12:0 a.m.20 views

WordPress WP Comment Remix Plugin <= 1.4.3 - XSS

Because of this vulnerability in wpcommentremix.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS1.8AI score0.02142EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/05/02 12:0 a.m.20 views

WordPress <= 2.5 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update WordPress...

4.3CVSS3AI score0.02145EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2008/02/05 12:0 a.m.20 views

WordPress DMSGuestbook Plugin <= 1.8.0 - Directory Traversal

Because of this vulnerability in wp-admin/admin.php, the authenticated users can read arbitrary files. Solution Update the plugin...

4CVSS3.6AI score0.03476EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/02/05 12:0 a.m.20 views

WordPress DMSGuestbook Plugin <= 1.7.0 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.2AI score0.02662EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/01/31 12:0 a.m.20 views

WordPress WassUp Plugin <= 1.4.3 - Multiple SQL Injection

Because of these vulnerabilities in main.php, the attackers can execute arbitrary SQL commands. Solution Update the plugin...

7.5CVSS5.5AI score0.02851EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2008/01/30 12:0 a.m.20 views

WordPress fGallery Plugin <= 2.4.1 - SQL Injection

Because of this vulnerability in fimrss.php, the attackers can execute arbitrary SQL commands via the "album" parameter. Solution Update the plugin...

7.5CVSS6.8AI score0.05549EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/01/10 12:0 a.m.20 views

WordPress FileManager Plugin <= 1.2 - Arbitrary File Upload

Because of this vulnerability in ajaxfilemanager.php, the attackers can upload and execute arbitrary PHP code via unspecified vectors. Solution Update the plugin...

7.5CVSS6.8AI score0.07702EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2008/01/09 12:0 a.m.20 views

WordPress <= 2.0.11 - Multiple Vulnerabilities

Because of these vulnerabilities, the attackers can obtain sensitive information via an empty value of the "page" parameter to certain PHP scripts under wp-admin/. Solution Update WordPress...

5CVSS3.6AI score0.0331EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/01/09 12:0 a.m.20 views

WordPress <= 2.0.3 - Directory Traversal

Because of this vulnerability in wp-db-backup.php, the attackers can read arbitrary files, delete arbitrary files, and cause a denial of service in the "backup" parameter. Solution Update WordPress...

7.5CVSS4.9AI score0.0375EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/01/09 12:0 a.m.20 views

WordPress <= 2.0.9 - Multiple XSS

Because of these vulnerabilitie, the attackers can inject arbitrary web script or HTML. Solution Update WordPress...

4.3CVSS1.7AI score0.05072EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2007/11/02 12:0 a.m.20 views

WordPress BackUpWordPress Plugin <= 0.4.2 - Remote File Inclusion

Because og this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "bkpwppluginpath" parameter. Solution Update the plugin...

6.8CVSS6.5AI score0.36543EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2007/08/27 12:0 a.m.20 views

WordPress MU <= 1.0 - XSS

Because of this vulnerability in wp-newblog.php, the attackers can inject arbitrary web script or HTML via the "weblogid" parameter. Solution Update WordPress...

4.3CVSS2.8AI score0.00893EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2007/06/14 12:0 a.m.20 views

WordPress Default Theme <= 2.2 - XSS

Because of this vulnerability, the authenticated administrators can inject arbitrary web script or HTML. Solution Update the theme...

6CVSS1.5AI score0.02EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2007/06/14 12:0 a.m.20 views

WordPress AndyBlue Theme - XSS

Because of this vulnerability in searchform.php, the attackers can inject arbitrary web script or HTML. Solution Update the theme...

4.3CVSS1.7AI score0.03086EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2007/05/01 12:0 a.m.20 views

WordPress myGallery Plugin <= 1.4 - Remote File Inclusion

Because of this vulnerability in myfunctions/mygallerybrowser.php, the attackers can execute arbitrary PHP code via a URL in the "myPath" parameter. Solution Update the WordPress myGallery plugin to the latest available version at least 1.5...

7.5CVSS6.6AI score0.62871EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2007/02/21 12:0 a.m.20 views

WordPress <= 2.1.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "file" parameter. Solution Update the WordPress to the latest available version at least 2.1.1...

4.3CVSS2.5AI score0.06294EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2007/01/04 12:0 a.m.20 views

WordPress Enigma2 Plugin - Remote File Inclusion

Because of this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "boarddir" parameter. Solution Update the plugin...

10CVSS6.6AI score0.12733EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2005/07/01 12:0 a.m.20 views

WordPress <= 1.5.1.2 - Multiple Vulnerabilities #1

Because of these vulnerabilities in wp-login.php, the attackers can change the content of the forgotten password e-mail message via the message variable, that is not initialized before use. Solution Update the WordPress to the latest available version at least 1.5.1.3...

5CVSS4.6AI score0.02578EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/15 7:59 p.m.19 views

NPM: DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`

NPM: DOMPurify: Hook mutation of data.allowedTags / data.allowedAttributes permanently pollutes DEFAULTALLOWEDTAGS / DEFAULTALLOWEDATTR vulnerability discovered by ? in WordPress Npm dompurify versions 3.4.7...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/28 7:54 p.m.19 views

WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.4.9 - Unauthenticated Payment Bypass vulnerability

Unauthenticated Payment Bypass vulnerability discovered by Stranger825 in WordPress Plugin Contact Form 7 – PayPal & Stripe Add-on versions = 2.4.9...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 2:52 p.m.19 views

NPM: FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment

NPM: FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00195EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/11 7:6 p.m.19 views

WordPress Slek Gateway for WooCommerce plugin <= 1.0 - Unauthenticated Insufficiently Protected Credentials vulnerability

Unauthenticated Insufficiently Protected Credentials vulnerability discovered by KEVIN LEE crattack - OPCIA in WordPress Plugin Slek Gateway for WooCommerce versions = 1.0...

5.3CVSS5.8AI score0.00251EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/11 3:56 p.m.19 views

NPM: Next.js has a Denial of Service in the Image Optimization API

NPM: Next.js has a Denial of Service in the Image Optimization API vulnerability discovered by ? in WordPress Npm next versions = 10.0.0, 15.5.16...

5.9CVSS5.8AI score0.00657EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2026/04/29 1:22 a.m.19 views

WordPress WPPizza plugin <= 3.19.9 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Muhan Luo in WordPress Plugin WPPizza versions = 3.19.9...

5.2AI score0.00345EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/23 7:9 p.m.19 views

WordPress WP JobHunt plugin <= 7.7 - Authenticated (Candidate+) Insecure Direct Object Reference vulnerability

Authenticated Candidate+ Insecure Direct Object Reference vulnerability discovered by meghnine islem - CYBEARS in WordPress Plugin WP JobHunt versions = 7.7...

4.3CVSS6.8AI score0.00171EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:11 a.m.19 views

WordPress Elated Membership plugin <= 1.2 - Authentication Bypass via Social Login vulnerability

Authentication Bypass via Social Login vulnerability discovered by Foxyyy in WordPress Plugin Elated Membership versions = 1.2...

9.8CVSS6.8AI score0.00424EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/08 10:21 a.m.19 views

WordPress All-in-One Video Gallery plugin <= 4.5.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin All-in-One Video Gallery versions = 4.5.7...

8.8CVSS6.8AI score0.00446EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/08 6:45 a.m.19 views

WordPress Flex QR Code Generator plugin <= 1.2.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Flex QR Code Generator versions = 1.2.7...

9.8CVSS5.3AI score0.00631EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/07/18 4:18 a.m.19 views

WordPress MasterStudy LMS Pro plugin <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Thái An in WordPress Plugin MasterStudy LMS Pro versions = 4.7.9...

7.5CVSS6.8AI score0.00594EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/07 7:47 a.m.19 views

WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin Site Chat on Telegram versions = 1.0.4...

9.8CVSS6.9AI score0.00503EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/05/19 7:38 p.m.19 views

WordPress All in One SEO Pack plugin <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Meta Description and Canonical URL vulnerability discovered by Ivan Kuzymchak in WordPress Plugin All In One SEO Pack versions = 4.8.1.1...

6.4CVSS6.3AI score0.00265EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/21 4:22 p.m.19 views

WordPress Greenshift plugin 11.4-11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by mikemyers in WordPress Plugin Greenshift versions 11.4-11.4.5...

8.8CVSS8.9AI score0.02027EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/04/16 1:56 p.m.19 views

WordPress Travelfic Toolkit plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Travelfic Toolkit versions = 1.2.1...

6.5CVSS7.1AI score0.00254EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/27 12:0 a.m.19 views

WordPress Contest Gallery Plugin <= 24.0.7 is vulnerable to Privilege Escalation

Software Contest Gallery Type Plugin Vulnerable versions = 24.0.7 Fixed in 24.0.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11103 Patch priority High CVSS severity High 9.8 Developer Wasiliy Strecker PSID 917060960355 Credits...

6.5AI score0.00747EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/23 12:0 a.m.19 views

WordPress Blizzard Quotes Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Blizzard Quotes Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53729 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed471ac7b5ce Credits SOPROBRO Required...

6.9AI score0.00152EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/20 12:0 a.m.19 views

WordPress F4 Improvements Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)

Software F4 Improvements Type Plugin Vulnerable versions = 1.9.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9442 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 375a420bcdeb Credits Francesco Carlucci Require...

6.4CVSS5.7AI score0.0038EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/20 12:0 a.m.19 views

WordPress Pathomation Plugin <= 2.5.1 is vulnerable to Arbitrary File Upload

Software Pathomation Type Plugin Vulnerable versions = 2.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52490 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 9e87ceb4d934 Credits ghsinfosec Required privilege Unauthenticated...

6.8AI score0.00562EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/19 8:3 p.m.19 views

WordPress Sirv plugin <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Option Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Sirv versions = 7.3.0...

8.1CVSS7AI score0.00517EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/19 12:0 a.m.19 views

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9653 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...

6.1CVSS5.6AI score0.00314EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/19 12:0 a.m.19 views

WordPress HUSKY Plugin <= 1.3.6.3 is vulnerable to Cross Site Scripting (XSS)

Software HUSKY Type Plugin Vulnerable versions = 1.3.6.3 Fixed in 1.3.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11400 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID db9ff0ff3180 Credits Daniel Scheidt Required...

6.1CVSS5.6AI score0.00315EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/18 12:0 a.m.19 views

WordPress Xpresslane Fast Checkout Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Xpresslane Fast Checkout Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52440 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 2eaf53da7194 Credits LVT-tholv2k Required privilege...

9.8CVSS6.9AI score0.0054EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/18 12:0 a.m.19 views

WordPress Opal Woo Custom Product Variation Plugin <= 1.1.3 is vulnerable to Arbitrary File Deletion

Software Opal Woo Custom Product Variation Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Deletion CVE CVE-2024-52444 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID aa758dfd0ef1 Credits...

7.5CVSS6.5AI score0.006EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/15 12:0 a.m.19 views

WordPress Lis Video Gallery Plugin <= 0.2.1 is vulnerable to PHP Object Injection

Software Lis Video Gallery Type Plugin Vulnerable versions = 0.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52430 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a078bb126c5a Credits LVT-tholv2k Required privilege...

9.8CVSS7.2AI score0.0105EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/14 12:0 a.m.19 views

WordPress LearnPress Export Import Plugin <= 4.0.4 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Export Import Type Plugin Vulnerable versions = 4.0.4 Fixed in 4.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9609 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 496adf4dad4b Credits vgo0...

6.1CVSS5.9AI score0.00368EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.19 views

WordPress Push Notifications for WordPress by PushAssist Plugin <= 3.0.8 is vulnerable to Arbitrary File Upload

Software Push Notifications for WordPress by PushAssist Type Plugin Vulnerable versions = 3.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52408 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 1a2483f66c15 Credits...

9.9CVSS7.2AI score0.00478EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.19 views

WordPress CF7 Reply Manager Plugin <= 1.2.3 is vulnerable to Arbitrary File Upload

Software CF7 Reply Manager Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52404 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID ea9af17f6366 Credits stealthcopter Required privilege...

9.9CVSS7.2AI score0.00478EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.19 views

WordPress WP Project Manager Plugin <= 2.6.13 is vulnerable to Insecure Direct Object References (IDOR)

Software WP Project Manager Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.14 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-10174 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 6aaed61c0d51 Credits stealthcopt...

7.3CVSS6.5AI score0.00637EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/11 12:0 a.m.19 views

WordPress Devexhub Gallery Plugin <= 2.0.1 is vulnerable to Arbitrary File Upload

Software Devexhub Gallery Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52373 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 41326b5950fa Credits stealthcopter Required privilege...

10CVSS6.8AI score0.00496EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000