Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2024/10/24 12:0 a.m.19 views

WordPress wpDiscuz Plugin <= 7.6.24 is vulnerable to Broken Authentication

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.24 Fixed in 7.6.25 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9488 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c3cf059c4b56 Credits wesley wcraf...

9.8CVSS6.5AI score0.0081EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.19 views

WordPress WPS Telegram Chat Plugin <= 4.5.4 is vulnerable to Broken Access Control

Software WPS Telegram Chat Type Plugin Vulnerable versions = 4.5.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9630 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9cb16fad33b1 Credits István Márton Required privile...

5.4CVSS6.5AI score0.00263EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/21 12:0 a.m.19 views

WordPress Mega Elements Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Mega Elements Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49693 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d1a9c6f9c436 Credits João Pedro S Alcântara Kinorth Required...

6.5CVSS6.3AI score0.00254EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/21 12:0 a.m.19 views

WordPress 3D Work In Progress Plugin <= 1.0.3 is vulnerable to Arbitrary File Deletion

Software 3D Work In Progress Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-49657 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 209728d5f5a9 Credits stealthcopter Required privilege...

7.7CVSS6.8AI score0.00387EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/21 12:0 a.m.19 views

WordPress News Kit Elementor Addons Plugin <= 1.2.1 is vulnerable to Sensitive Data Exposure

Software News Kit Elementor Addons Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9541 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1aff69c2a359 Credits Nishiv Required...

4.3CVSS6.5AI score0.00335EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.19 views

WordPress Photo Gallery Slideshow & Masonry Tiled Gallery Plugin <= 1.0.3 is vulnerable to SQL Injection

Software Photo Gallery Slideshow & Masonry Tiled Gallery Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2019-25218 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6b8bcb14a865 Credits Ala Arfaoui...

4.9CVSS6.8AI score0.0047EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.19 views

WordPress Click to Chat – WP Support All-in-One Floating Widget Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Click to Chat – WP Support All-in-One Floating Widget Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10055 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

6.4CVSS5.8AI score0.00306EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/16 12:0 a.m.19 views

WordPress Timetics Plugin <= 1.0.25 is vulnerable to Privilege Escalation

Software Timetics Type Plugin Vulnerable versions = 1.0.25 Fixed in 1.0.26 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-9263 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9e7b0505f08b Credits wesley wcraft Required privilege...

9.8CVSS6.5AI score0.01146EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.19 views

WordPress File Manager Pro Plugin <= 8.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Pro Type Plugin Vulnerable versions = 8.3.9 Fixed in 8.3.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8507 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID caf0adb29b86 Credits TANG Cheuk Hei...

8.8CVSS8.8AI score0.00229EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/09 12:0 a.m.19 views

WordPress Telecash Ricaricaweb Plugin <= 2.2 is vulnerable to PHP Object Injection

Software Telecash Ricaricaweb Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-48030 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7743976bb673 Credits LVT-tholv2k Required privilege...

9.8CVSS6.8AI score0.00513EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/08 12:0 a.m.19 views

WordPress Limit Login Attempts Plugin <= 5.3 is vulnerable to Bypass Vulnerability

Software Limit Login Attempts Type Plugin Vulnerable versions = 5.3 Fixed in 5.4 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2022-4534 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 03e4ff962fd9 Credits rezaduty Required privilege Publishe...

5.3CVSS5.6AI score0.00332EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/04 12:0 a.m.19 views

WordPress Advanced Custom Fields Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20866 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c61745fb42a Credits Keitaro Yamazaki Required...

6.5CVSS6.4AI score0.01662EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2024/10/04 12:0 a.m.19 views

WordPress Popularis Extra Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Popularis Extra Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9353 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a36990b7c214 Credits vgo0 Required...

6.1CVSS5.9AI score0.00355EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/04 12:0 a.m.19 views

WordPress Advanced Custom Fields PRO Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20865 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 148c8b46d288 Credits Keitaro Yamazaki...

7.5CVSS7.5AI score0.02462EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.19 views

WordPress Payflex Payment Gateway Plugin <= 2.6.1 is vulnerable to Open Redirection

Software Payflex Payment Gateway Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2024-47646 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID ac682bcd42a4 Credits Muhamad Agil Fachrian Required privile...

4.7CVSS5.2AI score0.00308EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/26 12:0 a.m.19 views

WordPress JupiterX Core Plugin <= 4.6.5 is vulnerable to Arbitrary File Upload

Software JupiterX Core Type Plugin Vulnerable versions = 4.6.5 Fixed in 4.6.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7772 Patch priority High CVSS severity High 10 Developer Claim ownership PSID ab3838034ebf Credits Geo Void Required privilege Unauthenticated...

9.8CVSS6.8AI score0.01516EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.19 views

WordPress REST API TO MiniProgram Plugin <= 4.7.1 is vulnerable to SQL Injection

Software REST API TO MiniProgram Type Plugin Vulnerable versions = 4.7.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8484 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a9593ec18e0a Credits wesley wcraft Required privilege...

7.5CVSS9.5AI score0.03792EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/09/16 12:0 a.m.19 views

WordPress Backuply – Backup, Restore, Migrate and Clone Plugin <= 1.3.4 is vulnerable to SQL Injection

Software Backuply – Backup, Restore, Migrate and Clone Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8669 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID ca125ceee6e2 Credits bart Required...

9.1CVSS6.9AI score0.16709EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/13 12:0 a.m.19 views

WordPress Exit Notifier Plugin <= 1.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Exit Notifier Type Plugin Vulnerable versions = 1.9.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8730 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f179ddd5b3e3 Credits vgo0 Required privileg...

6.1CVSS5.7AI score0.00381EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/12 12:0 a.m.19 views

WordPress Adicon Server Plugin <= 1.2 is vulnerable to SQL Injection

Software Adicon Server Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7766 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID c65c942c260c Credits Sumit Patel Required privilege Administrator Published 1...

7.2CVSS6.9AI score0.00582EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/09/10 12:0 a.m.19 views

WordPress Starbox Plugin < 3.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions 3.5.2 Fixed in 3.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7955 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8d336cf2178c Credits Krugov Artyom Required privilege...

4.8CVSS5.8AI score0.00375EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2024/09/06 12:0 a.m.19 views

WordPress WP-Recall Plugin <= 16.26.8 is vulnerable to Insecure Direct Object References (IDOR)

Software WP-Recall Type Plugin Vulnerable versions = 16.26.8 Fixed in 16.26.9 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-8292 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 49cff2ea1861 Credits wesley wcraft...

9.8CVSS6.5AI score0.00603EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/05 12:0 a.m.19 views

WordPress RD Station Plugin <= 5.3.2 is vulnerable to Cross Site Scripting (XSS)

Software RD Station Type Plugin Vulnerable versions = 5.3.2 Fixed in 5.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6894 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 32a1d7bae015 Credits Webbernaut Required privilege...

6.4CVSS5.8AI score0.00313EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/04 12:0 a.m.19 views

WordPress PixelYourSite PRO Plugin <= 10.4.2 is vulnerable to Sensitive Data Exposure

Software PixelYourSite PRO Type Plugin Vulnerable versions = 10.4.2 Fixed in 10.4.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7870 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c3722df4917d Credits Xetnus Required...

7.5CVSS6.4AI score0.0045EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/29 12:0 a.m.19 views

WordPress WP Accessibility Helper (WAH) Plugin <= 0.6.2.8 is vulnerable to Broken Access Control

Software WP Accessibility Helper WAH Type Plugin Vulnerable versions = 0.6.2.8 Fixed in 0.6.2.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5987 Patch priority Low CVSS severity Low 5.4 Developer Alexander Volkov PSID d7cc8b0ae32e Credits Lucio Sá...

5.4CVSS6.6AI score0.00264EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/29 12:0 a.m.19 views

WordPress Popup Builder Plugin <= 4.3.4 is vulnerable to Sensitive Data Exposure

Software Popup Builder Type Plugin Vulnerable versions = 4.3.4 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2541 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6c83b1e3c00b Credits Tim Coen Required privilege...

7.5CVSS6.6AI score0.00564EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/26 12:0 a.m.19 views

WordPress Z Y N I T H Plugin <= 7.4.9 is vulnerable to Settings Change

Software Z Y N I T H Type Plugin Vulnerable versions = 7.4.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43939 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7f62f3b06158 Credits Dave Jong Patchstack Required...

6.5CVSS6.5AI score0.00334EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/26 12:0 a.m.19 views

WordPress YARPP Plugin <= 5.30.10 is vulnerable to Broken Access Control

Software YARPP Type Plugin Vulnerable versions = 5.30.10 Fixed in 5.30.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43919 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b08b40ebe1e3 Credits Rafie Muhammad Patchstack Required...

9.8CVSS5.2AI score0.43585EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/26 12:0 a.m.19 views

WordPress WP Armour Extended Plugin <= 1.26 is vulnerable to Cross Site Scripting (XSS)

Software WP Armour Extended Type Plugin Vulnerable versions = 1.26 Fixed in 1.32 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43948 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID eed4499d2f01 Credits Dave Jong Patchstack Required...

7.1CVSS6.6AI score0.0029EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/19 12:0 a.m.19 views

WordPress Bricks Builder Theme <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Bricks Builder Type Theme Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3408 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a8763892e84e Credits Ram Required privilege...

4.3CVSS6.7AI score0.00227EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.19 views

WordPress Ultimate Store Kit Elementor Addons Plugin <= 1.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Store Kit Elementor Addons Type Plugin Vulnerable versions = 1.6.4 Fixed in 2.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43342 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bae240e72e97 Credits 4rCanJ0x! Required...

6.5CVSS6.6AI score0.0024EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.19 views

WordPress e2pdf Plugin <= 1.25.05 is vulnerable to Cross Site Scripting (XSS)

Software e2pdf Type Plugin Vulnerable versions = 1.25.05 Fixed in 1.25.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43318 Patch priority Low CVSS severity Low 6.5 Developer E2Pdf.com PSID 618e2ecf6073 Credits LVT-tholv2k Required privilege Contributor Publish...

6.5CVSS6.9AI score0.00246EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.19 views

WordPress Cookie Notice & Compliance for GDPR / CCPA Plugin <= 2.4.17.1 is vulnerable to Cross Site Scripting (XSS)

Software Cookie Notice & Compliance for GDPR / CCPA Type Plugin Vulnerable versions = 2.4.17.1 Fixed in 2.4.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-3399 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1b0453de5cdc...

4.4CVSS5.8AI score0.00371EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.19 views

WordPress ReviewX Plugin <= 1.6.28 is vulnerable to Broken Access Control

Software ReviewX Type Plugin Vulnerable versions = 1.6.28 Fixed in 1.6.29 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43323 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID aac7e9823c91 Credits Manab Jyoti Dowarah Required...

9.8CVSS6.3AI score0.00472EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/01 12:0 a.m.19 views

WordPress WP User Frontend Plugin <= 4.0.7 is vulnerable to SQL Injection

Software WP User Frontend Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38693 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 008157994643 Credits Trương Hữu Phúc truonghuuphuc Required privilege...

7.6CVSS6.9AI score0.00438EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/01 12:0 a.m.19 views

WordPress Filter & Grids Plugin <= 2.8.33 is vulnerable to Broken Authentication

Software Filter & Grids Type Plugin Vulnerable versions = 2.8.33 Fixed in 2.8.34 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-39664 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID bac0e0da8bce Credits RE-ALTER Required privileg...

7.3CVSS6.3AI score0.00399EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/30 12:0 a.m.19 views

WordPress Zephyr Project Manager Plugin < 3.3.99 is vulnerable to Cross Site Scripting (XSS)

Software Zephyr Project Manager Type Plugin Vulnerable versions 3.3.99 Fixed in 3.3.99 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6536 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7446412b149f Credits Adrian Peña...

5.4CVSS5.8AI score0.0072EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/07/24 12:0 a.m.19 views

WordPress AMP for WP Plugin <= 1.0.96.1 is vulnerable to Cross Site Scripting (XSS)

Software AMP for WP Type Plugin Vulnerable versions = 1.0.96.1 Fixed in 1.0.97 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6896 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0ff929ad7ead Credits wesley wcraft Required...

6.4CVSS5.8AI score0.00332EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/07/22 12:0 a.m.19 views

WordPress Redux Framework Plugin <= 4.4.17 is vulnerable to Cross Site Scripting (XSS)

Software Redux Framework Type Plugin Vulnerable versions = 4.4.17 Fixed in 4.4.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6828 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3b2115820306 Credits villu164 Require...

7.2CVSS5.7AI score0.01028EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/07/11 12:0 a.m.19 views

WordPress FormFlow Plugin < 2.12.2 is vulnerable to Cross Site Scripting (XSS)

Software FormFlow Type Plugin Vulnerable versions 2.12.2 Fixed in 2.12.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3113 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 05bb1755ee18 Credits Dikshita Trivedi Cybersecdexter...

5.9CVSS5.8AI score0.0031EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/07/10 12:0 a.m.19 views

WordPress InstaWP Connect Plugin <= 0.1.0.44 is vulnerable to Privilege Escalation

Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.44 Fixed in 0.1.0.45 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-6397 Patch priority High CVSS severity High 9.8 Developer InstaWP PSID c8289fd0efb9 Credits Truoc Phan Required privilege...

9.8CVSS6.5AI score0.00706EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/28 12:0 a.m.19 views

WordPress PowerPack Lite for Beaver Builder Plugin <= 1.3.0.3 is vulnerable to Local File Inclusion

Software PowerPack Lite for Beaver Builder Type Plugin Vulnerable versions = 1.3.0.3 Fixed in 1.3.0.4 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37410 Patch priority Low CVSS severity Low 4.9 Developer IdeaBox Creations PSID 6c1f186fa5b1 Credits João...

7.2CVSS6.6AI score0.00557EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/27 12:0 a.m.19 views

WordPress DethemeKit For Elementor Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software DethemeKit For Elementor Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6283 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ca45127d50d0 Credits Webbernaut...

5.4CVSS5.8AI score0.00317EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/24 12:0 a.m.19 views

WordPress SEOPress Plugin < 7.8 is vulnerable to Open Redirection

Software SEOPress Type Plugin Vulnerable versions 7.8 Fixed in 7.8 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-4900 Patch priority Low CVSS severity Low 4.1 Developer Claim ownership PSID 872385ee96c3 Credits Dmitrii Ignatyev Required privilege Contributor Published 24...

7.2AI score0.00329EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2024/06/20 12:0 a.m.19 views

WordPress Tabs Plugin <= 4.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Tabs Type Plugin Vulnerable versions = 4.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37120 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cca26fed23f5 Credits Jean Tirstan T Required privilege Administrator...

5.9CVSS6.6AI score0.00276EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/19 12:0 a.m.19 views

WordPress JetWidgets For Elementor Plugin <= 1.0.17 is vulnerable to Cross Site Scripting (XSS)

Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.17 Fixed in 1.0.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4626 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8b1769bce3b2 Credits stealthcopter...

6.4CVSS5.8AI score0.00322EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/17 12:0 a.m.19 views

WordPress Easy Age Verify Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Easy Age Verify Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35757 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d39f735e9e41 Credits Huynh Tien Si Required privilege...

5.9CVSS6.6AI score0.0026EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/14 12:0 a.m.19 views

WordPress Video Gallery Plugin <= 1.3.13 is vulnerable to Local File Inclusion

Software Video Gallery Type Plugin Vulnerable versions = 1.3.13 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4258 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9418bfa5fb03 Credits WordFence Required privilege Unauthenticated...

9.8CVSS6.8AI score0.0077EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/11 12:0 a.m.19 views

WordPress DiviTorque – Divi Theme, Divi Builder and Extra Theme Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)

Software DiviTorque – Divi Theme, Divi Builder and Extra Theme Type Plugin Vulnerable versions = 3.6.6 Fixed in 4.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5892 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

6.4CVSS5.8AI score0.00346EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/07 12:0 a.m.19 views

WordPress Master Addons for Elementor Plugin <= 2.0.6.1 is vulnerable to Broken Access Control

Software Master Addons for Elementor Type Plugin Vulnerable versions = 2.0.6.1 Fixed in 2.0.6.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5382 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 62e303c589aa Credits Webberna...

6.5CVSS6.5AI score0.00319EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000