Lucene search
K
PatchstackMost viewed

46571 matches found

Patchstack
Patchstack
added 2022/03/31 12:0 a.m.39 views

WordPress WP YouTube Live plugin <= 1.7.21 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress WP YouTube Live plugin versions = 1.7.21. Solution Update the WordPress WP YouTube Live plugin to the latest available version at least 1.7.22...

6.1CVSS2AI score0.01265EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2022/03/16 12:0 a.m.39 views

WordPress iQ Block Country plugin <= 1.2.12 - Arbitrary File Deletion vulnerability via Zip Slip

Arbitrary File Deletion vulnerability via Zip Slip discovered by Ceylan Bozogullarindan in WordPress iQ Block Country plugin versions = 1.2.12. Solution Update WordPress iQ Block Country plugin to the latest available version at least 1.2.13...

4.9CVSS3.8AI score0.03407EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2022/02/21 12:0 a.m.39 views

WordPress 5 Stars Rating Funnel plugin <= 1.2.49 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress 5 Stars Rating Funnel plugin versions = 1.2.49. Solution Update the WordPress 5 Stars Rating Funnel plugin to the latest available version at least 1.2.50...

9.8CVSS3.2AI score0.01743EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/16 12:0 a.m.39 views

WordPress WP Statistics plugin <= 13.1.5 - Unauthenticated Blind SQL Injection (SQLi) vulnerability

Unauthenticated Blind SQL Injection SQLi vulnerability via currentpagetype discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress WP Statistics plugin versions = 13.1.5. Solution Update the WordPress WP Statistics plugin to the latest available version at least 13.1.6...

9.8CVSS3.3AI score0.3298EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/01/24 12:0 a.m.39 views

WordPress Ad Inserter Pro premium plugin <= 2.7.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Ad Inserter Pro premium plugin versions = 2.7.8. Solution Update the WordPress Ad Inserter Pro premium plugin to the latest available version at least 2.7.10...

6.1CVSS2.4AI score0.02389EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/16 12:0 a.m.39 views

WordPress BulletProof Security plugin <= 5.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered by Vincent Rakotomanga in WordPress BulletProof Security plugin versions = 5.1. Solution Update the WordPress BulletProof Security plugin to the latest available version at least 5.2...

5.3CVSS2.5AI score0.7233EPSS
Exploits7References3Affected Software1
Patchstack
Patchstack
added 2015/01/02 12:0 a.m.39 views

WordPress WP ViperGB Plugin <= 1.3.10 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...

6.8CVSS3.6AI score0.01151EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.39 views

WordPress Repagent Plugin <= 2.2.2 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability in dewplayer-vinyl.swf xml and dewplayer-vinyl-en.swf xml parameters. Solution Update the plugin...

2.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2013/02/06 12:0 a.m.39 views

WordPress CommentLuv Plugin - Cross Site Scripting

WordPress CommentLuv plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...

4.3CVSS3.4AI score0.04546EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2025/07/28 9:13 p.m.38 views

WordPress Magical Addons For Elementor plugin <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Attributes vulnerability discovered by zer0gh0st in WordPress Plugin Magical Addons For Elementor versions = 1.3.8...

6.4CVSS5.5AI score0.00218EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/12/06 12:0 a.m.38 views

WordPress Elementor Website Builder Plugin 3.3.0-3.18.1 is vulnerable to Arbitrary File Upload

Software Elementor Website Builder Type Plugin Vulnerable versions 3.3.0-3.18.1 Fixed in 3.18.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48777 Patch priority High CVSS severity High 9.9 Developer Elementor PSID 64baf5c2aab5 Credits Hồng Quân luk6785 at VNPT-VCI...

9.9CVSS6.7AI score0.041EPSS
Exploits3References2Affected Software1
Patchstack
Patchstack
added 2023/10/16 12:0 a.m.38 views

WordPress Serial Numbers for WooCommerce – License Manager Plugin <= 1.6.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Serial Numbers for WooCommerce – License Manager Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46078 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID...

8.8CVSS6.6AI score0.00208EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/08/18 12:0 a.m.38 views

WordPress All In One Video Gallery Plugin 2.5.8 to 2.6.0 - Unauthenticated Arbitrary File Download & SSRF vulnerability

Unauthenticated Arbitrary File Download & SSRF vulnerability discovered by Gabriele Zuddas in All-in-One Video Gallery Plugin versions 2.5.8 to 2.6.0 Solution Update the WordPress All-in-One Video Gallery plugin to the latest available version at least 2.6.1...

8.2CVSS4.1AI score0.24542EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/08/12 12:0 a.m.38 views

WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability via malicious SVG file upload discovered by Universe Patchstack Alliance in WordPress Uploading SVG, WEBP and ICO files plugin versions = 1.0.1. Solution No patched version available...

5.4CVSS2.3AI score0.00445EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/08 12:0 a.m.38 views

WordPress String Locator plugin <= 2.5.0 - Authenticated PHAR Deserialization vulnerability

Authenticated PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress String Locator plugin versions = 2.5.0. Solution Update the WordPress String locator plugin to the latest available version at least 2.6.0...

8.8CVSS3.1AI score0.01207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/05/17 12:0 a.m.38 views

WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Persistent Cross-Site Scripting XSS was discovered by BEE-K Patchstack in WordPress Code Snippets Extended plugin versions = 1.4.7. Solution Deactivate and delete. No patched version is available. No reply from the vendor...

6.1CVSS1.9AI score0.00358EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/05/16 12:0 a.m.38 views

WordPress Discy premium theme < 5.2 - Restore Default Settings via Cross-Site Request Forgery (CSRF) vulnerability

Restore Default Settings via Cross-Site Request Forgery CSRF vulnerability discovered by Bikram Kharal in WordPress Discy premium theme versions 5.2. Solution Update the WordPress Discy premium theme to the latest available version at least 5.2...

6.5CVSS3.8AI score0.00513EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/05/09 12:0 a.m.38 views

WordPress Change wp-admin login plugin <= 1.0.9 - Unauthenticated Arbitrary Settings Update vulnerability

Unauthenticated Arbitrary Settings Update vulnerability discovered by Daniel Ruf in WordPress Change wp-admin login plugin versions = 1.0.9. Solution Update the WordPress Change wp-admin login plugin to the latest available version at least 1.1.0...

7.5CVSS3.2AI score0.00578EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/28 12:0 a.m.38 views

WordPress EXMAGE plugin <= 1.0.6 - Blind Server-Side Request Forgery (SSRF) vulnerability

Blind Server-Side Request Forgery SSRF vulnerability discovered by Luan Pedersini in WordPress EXMAGE plugin versions = 1.0.6. Solution Update the WordPress EXMAGE plugin to the latest available version at least 1.0.7...

7.2CVSS3.4AI score0.0133EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/03/14 12:0 a.m.38 views

WordPress Ad Inserter Pro premium plugin <= 2.7.11 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Ad Inserter Pro premium plugin versions = 2.7.11. Solution Update the WordPress Ad Inserter Pro premium plugin to the latest available version at least 2.7.12...

6.1CVSS2.5AI score0.03557EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2022/03/14 12:0 a.m.38 views

WordPress Amelia plugin <= 1.0.48 - Arbitrary Appointments Status Update vulnerability

Arbitrary Appointments Status Update vulnerability discovered by Huli from Cymetrics in WordPress Amelia plugin versions = 1.0.48. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.49...

5.5CVSS3.3AI score0.00788EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/01 12:0 a.m.38 views

WordPress OSMapper plugin <= 2.1.5 - Unauthenticated Arbitrary Post Deletion vulnerability

Unauthenticated Arbitrary Post Deletion vulnerability discovered by dc11 in WordPress OSMapper plugin versions = 2.1.5. Solution Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review...

5.3CVSS3.6AI score0.00519EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.38 views

WordPress Widget Detector for Elementor plugin < 1.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Widget Detector for Elementor plugin versions 1.2.0. Solution Update the WordPress Widget Detector for Elementor plugin to the latest available version at least 1.2.0...

3.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.38 views

WordPress Infographic Maker – iList plugin <= 4.3.7 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Infographic Maker – iList plugin versions = 4.3.7. Solution Update the WordPress Infographic Maker – iList plugin to the latest available version at least 4.3.8...

9.8CVSS3.1AI score0.15254EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/02 12:0 a.m.38 views

WordPress WP Time Slots Booking Form plugin <= 1.1.62 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Rubina Shaikh in WordPress WP Time Slots Booking Form plugin versions = 1.1.62. Solution Update the WordPress WP Time Slots Booking Form plugin to the latest available version at least 1.1.63...

4.8CVSS1.4AI score0.00588EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/14 12:0 a.m.38 views

WordPress All in One SEO plugin <= 4.1.5.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Marc Montpas in WordPress All in One SEO plugin versions = 4.1.5.2. Solution Update the WordPress All in One SEO plugin to the latest available version at least 4.1.5.3...

6.5CVSS2.5AI score0.01291EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/07/08 12:0 a.m.38 views

WordPress Astra Pro premium plugin <= 3.5.1 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Ngoc Nguyen in WordPress Astra Pro premium plugin versions = 3.5.1. Solution Update the WordPress Astra Pro premium plugin to the latest available version at least 3.5.2...

9.8CVSS3.3AI score0.11302EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/04/10 12:0 a.m.38 views

WordPress Master Slider plugin <= 3.7.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vulnerability-Lab in WordPress Master Slider plugin versions = 3.7.0. Solution Update the WordPress Master Slider plugin to the latest available version at least 3.7.1...

5.4CVSS2AI score0.00705EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2020/04/03 12:0 a.m.38 views

WordPress OneTone theme <= 3.0.6 - Unauthenticated options change vulnerability

Unauthenticated options change vulnerability discovered by NinTechNet in WordPress OneTone theme versions = 3.0.6. Solution No patched version is available...

5.3CVSS2.5AI score0.02362EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.38 views

WordPress Super Cache Plugin <= 1.3 - XSS

This plugin is prone to: trunk/plugins/wptouch.php URI XSS, trunk/plugins/searchengine.php URI XSS, trunk/plugins/domain-mapping.php URI XSS, trunk/plugins/badbehaviour.php URI XSS, trunk/plugins/awaitingmoderation.php URI XSS, trunk/wp-cache.php wpnonceurl Function URI XSS vulnerability. Solutio...

6.1CVSS2AI score0.01523EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/12/01 12:0 a.m.38 views

WordPress <=4.0.1 - Denial of Service Attacks

WordPress 4.0.1 is prone to a denial of service vulnerability that allows an attacker to send specially crafted requests. These requests resulting in CPU and memory exhaustion and in that way the site becomes unavailable. Solution Update WordPress...

5CVSS4.3AI score0.83162EPSS
Exploits7Affected Software1
Patchstack
Patchstack
added 2014/05/21 12:0 a.m.38 views

WordPress Booking Calendar Plugin - SQL Injection

This WordPress Booking Calendar plugin's "bookingformid" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

6.5CVSS3.4AI score0.03588EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2012/12/06 12:0 a.m.38 views

WordPress <= 3.5.0 - SSRF

Because of The XMLRPC API, the attackers can send HTTP requests to intranet servers. Also, they can conduct port-scanning attacks by specifying a crafted source URL for a pingback. Solution Update WordPress...

6.4CVSS2AI score0.28857EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2012/04/27 12:0 a.m.38 views

WordPress 3.3.1 - Multiple CSRF Vulnerabilities

WordPress version 3.3.1 is prone to a multiple cross site request forgery vulnerabilities. These vulnerabilities are caused by a security flaw in anti-CSRF token wpnonce, wpnoncecreate-user, ajaxnonce, wpnonce-custom-background-upload, wpnonce-custom-header-upload generation. Multiple CSRF allow ...

6.8CVSS1.7AI score0.02879EPSS
Exploits7References1Affected Software1
Patchstack
Patchstack
added 2025/07/03 11:3 p.m.37 views

WordPress Migration, Backup, Staging – WPvivid Backup & Migration plugin <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin WPvivid Backup and Migration versions = 0.9.116...

7.2CVSS6.7AI score0.06479EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.37 views

WordPress JetMenu Plugin <= 2.4.1 is vulnerable to Broken Access Control

Software JetMenu Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48760 Patch priority Medium CVSS severity Medium 8.2 Developer Crocoblock PSID d2123458ae3d Credits Rafie Muhammad Patchstack Required...

9.8CVSS9.3AI score0.00445EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/04/14 12:0 a.m.37 views

WordPress Article Directory Redux Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Article Directory Redux Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30751 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1d10759d477b Credits Pavitra Tiwari...

5.9CVSS6AI score0.00369EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/09/01 12:0 a.m.37 views

WordPress GetResponse plugin <= 5.5.20 - Cross-Site Request Forgery (CSRF) vulnerability leading to API Key Update

Cross-Site Request Forgery CSRF vulnerability leading to API Key Update discovered by Rasi Afeef Patchstack Alliance in WordPress GetResponse plugin versions = 5.5.20. Solution Update the WordPress GetResponse for WordPress plugin to the latest available version at least 5.5.21...

8.8CVSS3.9AI score0.00296EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/06/28 12:0 a.m.37 views

WordPress WP Meta SEO plugin <= 4.4.8 - Social Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Social Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress WP Meta SEO plugin versions = 4.4.8. Solution Update the WordPress WP Meta SEO plugin to the latest available version at least 4.4.9...

5.4CVSS3.9AI score0.00273EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.37 views

WordPress Member Hero plugin <= 1.0.9 - Unauthenticated Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution RCE vulnerability discovered by Harald Eilertsen in WordPress Member Hero plugin versions = 1.0.9. Solution Deactivate and delete. This plugin has been closed as of March 23, 2022 and is not available for download. This closure is temporary, pending a full...

9.8CVSS3.4AI score0.09105EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2022/05/17 12:0 a.m.37 views

WordPress Opal Hotel Room Booking plugin <= 1.2.7 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Opal Hotel Room Booking plugin versions = 1.2.7. Solution Deactivate and delete. No reply from the vendor...

5.4CVSS2.1AI score0.00504EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/18 12:0 a.m.37 views

WordPress Popup by Supsystic plugin <= 1.10.8 - Unauthenticated Subscriber Email Addresses Disclosure vulnerability

Unauthenticated Subscriber Email Addresses Disclosure vulnerability discovered by Felipe de Avila in WordPress Popup by Supsystic plugin versions = 1.10.8. Solution Update the WordPress Popup by Supsystic plugin to the latest available version at least 1.10.9...

5.3CVSS1.7AI score0.0269EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/29 12:0 a.m.37 views

WordPress Menubar plugin <= 5.7.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Menubar plugin versions = 5.7.2. Solution Update the WordPress Menubar plugin to the latest available version at least 5.8...

5.4CVSS2AI score0.0058EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/18 12:0 a.m.37 views

WordPress Essential Addons for Elementor plugin <= 5.0.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Pham Van Khanh rskvp93 from VCSLab of Viettel Cyber Security & Nguyen Dinh Bien biennd4 from VCSLab of Viettel Cyber Security in WordPress Essential Addons for Elementor plugin versions = 5.0.8. Solution Update the WordPress Essential...

6.1CVSS2.7AI score0.03193EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2022/02/01 12:0 a.m.37 views

WordPress Page View Count plugin <= 2.4.14 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Page View Count plugin versions = 2.4.14. Solution Update the WordPress Page View Count plugin to the latest available version at least 2.4.15...

9.8CVSS3.5AI score0.14783EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/14 12:0 a.m.37 views

WordPress WP Import Export Lite plugin <= 3.9.15 - Unauthenticated Sensitive Data Disclosure vulnerability

Unauthenticated Sensitive Data Disclosure vulnerability discovered by Karan Saini in WordPress WP Import Export Lite plugin versions = 3.9.15. Solution Update the WordPress WP Import Export Lite plugin to the latest available version at least 3.9.16...

7.5CVSS3AI score0.04284EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/03 12:0 a.m.37 views

WordPress Survey Maker plugin <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien in WordPress Survey Maker plugin versions = 2.0.6. Solution Update the WordPress Survey Maker plugin to the latest available version at least 2.0.7...

6.1CVSS2.3AI score0.0082EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2021/10/24 12:0 a.m.37 views

WordPress Logo Showcase with Slick Slider plugin <= 1.2.4 - Arbitrary Media Title/Description/Alt Text/URL Update vulnerability

Arbitrary Media Title/Description/Alt Text/URL Update vulnerability discovered by apple502j in WordPress Logo Showcase with Slick Slider plugin versions = 1.2.4. Solution Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version at least 1.2.5...

4.3CVSS4.6AI score0.00339EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/01 12:0 a.m.37 views

WordPress Jetpack plugin <= 9.7.1 - Attached Image Comment Leak For Non-Published Post And Pages in Carousel Feature

Page/Post Attachment Comment Leak Of Not Published Post And Pages in Carousel Feature discovered by nguyenhgvcs in WordPress Jetpack plugin versions = 9.7.1. Solution Update the WordPress Jetpack plugin to the latest available version at least 9.8...

5.3CVSS2.6AI score0.01494EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/05/25 12:0 a.m.37 views

WordPress SP Project & Document Manager plugin <= 4.21 - Authenticated Shell Upload vulnerability

Authenticated Shell Upload discovered by Viktor Markopoulos vict0ni in WordPress SP Project & Document Manager plugin versions = 4.21. Solution Update the WordPress SP Project & Document Manager plugin to the latest available version at least 4.22...

8.8CVSS2.4AI score0.52007EPSS
Exploits8References4Affected Software1
Total number of security vulnerabilities5000