Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2024/05/27 12:0 a.m.19 views

WordPress KKProgressbar2 Free Plugin <= 1.1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software KKProgressbar2 Free Type Plugin Vulnerable versions = 1.1.4.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4535 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1928f58a695a Credits Bob Matyas...

6.6AI score0.00324EPSS
Exploits3References4Affected Software1
Patchstack
Patchstack
added 2024/05/24 12:0 a.m.19 views

WordPress LuckyWP Table of Contents Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software LuckyWP Table of Contents Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2218 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f253e02e4fa4 Credits Sławomir...

4.6CVSS5.7AI score0.00342EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2024/05/22 12:0 a.m.19 views

WordPress LearnPress Plugin <= 4.2.6.6 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.6 Fixed in 4.2.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4971 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fe1ff054c167 Credits stealthcopter Required...

6.4CVSS5.8AI score0.00295EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/05/09 12:0 a.m.19 views

WordPress Porto Theme <= 7.1.0 is vulnerable to Local File Inclusion

Software Porto Type Theme Vulnerable versions = 7.1.0 Fixed in 7.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3806 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 98785fd04b6f Credits István Márton Required privilege Unauthenticated...

9.8CVSS6.8AI score0.02687EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/08 12:0 a.m.19 views

WordPress Mesmerize Companion Plugin <= 1.6.148 is vulnerable to Cross Site Scripting (XSS)

Software Mesmerize Companion Type Plugin Vulnerable versions = 1.6.148 Fixed in 1.6.149 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3494 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a79965937956 Credits stealthcopter...

6.4CVSS5.8AI score0.00333EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/05/07 12:0 a.m.19 views

WordPress Form Maker by 10Web Plugin <= 1.15.24 is vulnerable to Cross Site Scripting (XSS)

Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.24 Fixed in 1.15.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34437 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bccbcab6c64f Credits Huynh Tien Si Required privile...

5.9CVSS6.6AI score0.00447EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/07 12:0 a.m.19 views

WordPress Stockholm Core Plugin <= 2.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Stockholm Core Type Plugin Vulnerable versions = 2.4.1 Fixed in 2.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34553 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ee301c14ad2 Credits Rafie Muhammad Patchstack Require...

7.1CVSS6.5AI score0.00271EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/07 12:0 a.m.19 views

WordPress Magical Addons For Elementor Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS)

Software Magical Addons For Elementor Type Plugin Vulnerable versions = 1.1.34 Fixed in 1.1.35 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34547 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 74ccb66566e9 Credits Khalid Yusuf Required...

6.5CVSS6.6AI score0.0027EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/29 12:0 a.m.19 views

WordPress Print-O-Matic Plugin <= 2.1.10 is vulnerable to Cross Site Scripting (XSS)

Software Print-O-Matic Type Plugin Vulnerable versions = 2.1.10 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33936 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5b4761232408 Credits Ngô Thiên An ancorn from VNPT-VCI Require...

6.5CVSS6.6AI score0.00314EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/29 12:0 a.m.19 views

WordPress PB MailCrypt Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software PB MailCrypt Type Plugin Vulnerable versions = 3.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33935 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 63739ecce421 Credits Ngô Thiên An ancorn from VNPT-VCI Required...

6.5CVSS6.6AI score0.00305EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/26 12:0 a.m.19 views

WordPress Social Media & Share Icons Plugin <= 2.8.6 is vulnerable to Broken Access Control

Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1a7903f770f4 Credits Dhabaleshwar Das...

6.2AI score0.00208EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.19 views

WordPress WZone Plugin <= 14.0.33 is vulnerable to Privilege Escalation

Software WZone Type Plugin Vulnerable versions = 14.0.33 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33549 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a1d74d6dfe5c Credits Rafie Muhammad...

8.8CVSS6.5AI score0.00512EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.19 views

WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.5.3 is vulnerable to Broken Access Control

Software Barcode Scanner with Inventory & Order Manager Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.5.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33565 Patch priority High CVSS severity High 9.1 Developer DMitry PSID 256e9c100507 Credits Rafie...

9.1CVSS6.5AI score0.00413EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.19 views

WordPress XStore Theme <= 9.3.8 is vulnerable to Local File Inclusion

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33560 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 6dff12fe54af Credits Rafie Muhammad Patchstack Required privilege...

9CVSS6.8AI score0.00597EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/24 12:0 a.m.19 views

WordPress Elements kit Elementor addons Plugin <= 3.1.0 is vulnerable to Local File Inclusion

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3499 Patch priority Low CVSS severity Low 8.5 Developer Wpmet PSID 43728e112e86 Credits Webbernaut Required privilege Contribut...

8.8CVSS6.8AI score0.01063EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/23 12:0 a.m.19 views

WordPress rtMedia for WordPress, BuddyPress and bbPress Plugin <= 4.6.18 is vulnerable to SQL Injection

Software rtMedia for WordPress, BuddyPress and bbPress Type Plugin Vulnerable versions = 4.6.18 Fixed in 4.6.19 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3293 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 7b7bd27ebebe Credits Krzysztof Zając...

8.8CVSS6.8AI score0.01405EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/04/22 11:36 a.m.19 views

WordPress StreamWeasels Twitch Integration plugin <= 1.7.8 - API Sensitive Data Exposure vulnerability

API Sensitive Data Exposure vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin StreamWeasels Twitch Integration versions = 1.7.8...

5.3CVSS7AI score0.00547EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/18 12:0 a.m.19 views

WordPress Newspaper Theme <= 12.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Newspaper Type Theme Vulnerable versions = 12.6.5 Fixed in 12.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3815 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7fb86a187abf Credits István Márton Required...

5.5CVSS5.8AI score0.00279EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/17 12:0 a.m.19 views

WordPress WP Show Posts Plugin <= 1.1.5 is vulnerable to Sensitive Data Exposure

Software WP Show Posts Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6731 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0bc24cb2903a Credits Lucio Sá Required privilege...

4.3CVSS6.5AI score0.00375EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.19 views

WordPress Paid Memberships Pro Plugin <= 3.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Paid Memberships Pro Type Plugin Vulnerable versions = 3.0.1 Fixed in 3.0.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3215 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 707f90cd781b Credits Whit Taylor...

5.3CVSS5.3AI score0.00297EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.19 views

WordPress Real Media Library Lite Plugin <= 4.22.11 is vulnerable to Cross Site Scripting (XSS)

Software Real Media Library Lite Type Plugin Vulnerable versions = 4.22.11 Fixed in 4.22.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2328 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e373234a026c Credits stealthcopte...

6.4CVSS5.8AI score0.00404EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.19 views

WordPress Ultimate Member Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Member Type Plugin Vulnerable versions = 2.8.4 Fixed in 2.8.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4af1ffb7c063 Credits tiborisaak Require...

5.4CVSS5.9AI score0.00502EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/10 12:0 a.m.19 views

WordPress Default Mag Theme <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Default Mag Type Theme Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38907f8269e6 Credits Dhabaleshwar Das Require...

4.3CVSS4.3AI score0.00368EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/10 12:0 a.m.19 views

WordPress Extra Product Options Builder for WooCommerce Plugin <= 1.2.104 is vulnerable to Cross Site Request Forgery (CSRF)

Software Extra Product Options Builder for WooCommerce Type Plugin Vulnerable versions = 1.2.104 Fixed in 1.2.105 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31940 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

4.3CVSS6.7AI score0.002EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/10 12:0 a.m.19 views

WordPress Redirect Redirection Plugin <= 1.1.9 is vulnerable to Broken Access Control

Software Redirect Redirection Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 083a31c079c9 Credits Dhabaleshwar Das Require...

6AI score0.00208EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/09 12:0 a.m.19 views

WordPress Slider Revolution Plugin <= 6.6.20 is vulnerable to Cross Site Scripting (XSS)

Software Slider Revolution Type Plugin Vulnerable versions = 6.6.20 Fixed in 6.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2306 Patch priority Low CVSS severity Low 5.9 Developer ThemePunch PSID 25a221b7c033 Credits wesley wcraft Nikolas - md...

6.4CVSS5.7AI score0.00336EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.19 views

WordPress Tracking Code Manager Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software Tracking Code Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31347 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 51665fb13771 Credits Abdi Pranata Required...

4.3CVSS6.8AI score0.00277EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/03 12:0 a.m.19 views

WordPress Oxygen Builder Plugin <= 4.9 is vulnerable to Remote Code Execution (RCE)

Software Oxygen Builder Type Plugin Vulnerable versions = 4.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-31380 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 4b3933c6a6e8 Credits Snicco Required privilege Contributo...

9.9CVSS7.3AI score0.00753EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/01 12:0 a.m.19 views

WordPress Essential Addons for Elementor Plugin <= 5.9.13 is vulnerable to Sensitive Data Exposure

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.13 Fixed in 5.9.14 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2974 Patch priority Low CVSS severity Low 5.3 Developer WPDeveloper PSID 724b318703c8 Credits Ankit Patel...

5.3CVSS6.5AI score0.00496EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/01 12:0 a.m.19 views

WordPress Ecwid Shopping Cart Plugin <= 6.12.10 is vulnerable to Cross Site Scripting (XSS)

Software Ecwid Shopping Cart Type Plugin Vulnerable versions = 6.12.10 Fixed in 6.12.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2456 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 58dc51eadb76 Credits Krzysztof Zając...

6.4CVSS5.8AI score0.00353EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/29 12:0 a.m.19 views

WordPress Ninja Forms Plugin <= 3.8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2113 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0a9480169593 Credits Tobias Weißhaar kun19...

4.3CVSS6.6AI score0.00237EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/28 12:0 a.m.19 views

WordPress Social Icons Widget & Block by WPZOOM Plugin <= 4.2.15 is vulnerable to Broken Access Control

Software Social Icons Widget & Block by WPZOOM Type Plugin Vulnerable versions = 4.2.15 Fixed in 4.2.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30464 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 49894ab6e8af Credits Rafie...

8.8CVSS6.6AI score0.01517EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/28 12:0 a.m.19 views

WordPress Web Icons Plugin <= 1.0.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Web Icons Type Plugin Vulnerable versions = 1.0.0.10 Fixed in 1.0.0.11 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-30445 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4f47e40e4725 Credits Steven Julian Required privilege...

6.5CVSS6.3AI score0.00351EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/28 12:0 a.m.19 views

WordPress OSS Aliyun Plugin <= 1.4.10 is vulnerable to SQL Injection

Software OSS Aliyun Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.11 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30494 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID f4acc3b1af32 Credits Majed Refaea Required privilege Administrator...

7.6CVSS6.8AI score0.00515EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/26 12:0 a.m.19 views

WordPress ARMember Plugin <= 4.0.26 is vulnerable to PHP Object Injection

Software ARMember Type Plugin Vulnerable versions = 4.0.26 Fixed in 4.0.27 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30223 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 8d16e0b0481c Credits LVT-tholv2k Required privilege Unauthenticated...

9.8CVSS6.8AI score0.00645EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/25 12:0 a.m.19 views

WordPress BuddyForms Plugin <= 2.8.5 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30198 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID f21da7d6bb61 Credits Dimas Maulana Required privilege...

5.8CVSS6.6AI score0.00312EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/25 12:0 a.m.19 views

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29763 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 835f8f6375ea Credits...

7.1CVSS6.8AI score0.00421EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/21 12:0 a.m.19 views

WordPress Avada Theme <= 7.11.6 is vulnerable to SQL Injection

Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2344 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 15fee136284a Credits Muhammad Zeeshan Xib3rR4dAr Required privilege Administrato...

7.2CVSS7.2AI score0.00828EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/03/21 12:0 a.m.19 views

WordPress Avada Theme <= 7.11.6 is vulnerable to Server Side Request Forgery (SSRF)

Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-2343 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID b215d9a4cc5d Credits Muhammad Zeeshan Xib3rR4dAr Required...

6.4CVSS7.3AI score0.00517EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/03/21 12:0 a.m.19 views

WordPress Avada Theme <= 7.11.6 is vulnerable to Sensitive Data Exposure

Software Avada Type Theme Vulnerable versions = 7.11.6 Fixed in 7.11.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2340 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bc2cd20cbb75 Credits Muhammad Zeeshan Xib3rR4dAr Require...

5.3CVSS6.9AI score0.27997EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/03/19 12:0 a.m.19 views

WordPress PowerPack Lite for Beaver Builder Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software PowerPack Lite for Beaver Builder Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2289 Patch priority Low CVSS severity Low 6.5 Developer IdeaBox Creations PSID 9d2284f4a282 Credits...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/18 12:0 a.m.19 views

WordPress Simple Job Board Plugin <= 2.11.0 is vulnerable to PHP Object Injection

Software Simple Job Board Type Plugin Vulnerable versions = 2.11.0 Fixed in 2.11.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1813 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 0f7bf0484277 Credits Francesco Carlucci Required privilege...

9.8CVSS6.8AI score0.01106EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/03/16 12:0 a.m.19 views

WordPress Coupon Affiliates Plugin <= 5.12.7 is vulnerable to Cross Site Scripting (XSS)

Software Coupon Affiliates Type Plugin Vulnerable versions = 5.12.7 Fixed in 5.12.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29125 Patch priority Medium CVSS severity Medium 7.1 Developer RelyWP PSID 81253acd1aca Credits stealthcopter Required privilege...

7.1CVSS6.5AI score0.00402EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/08 12:0 a.m.19 views

WordPress Ultimate Member Plugin <= 2.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Member Type Plugin Vulnerable versions = 2.8.3 Fixed in 2.8.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2123 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4d51add86a5f Credits stealthcopter...

7.2CVSS5.7AI score0.26666EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/02/28 12:0 a.m.19 views

WordPress Download Manager Plugin <= 3.2.84 is vulnerable to Broken Access Control

Software Download Manager Type Plugin Vulnerable versions = 3.2.84 Fixed in 3.2.85 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6785 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 049e661b5aa7 Credits wesley wcraft Required...

5.3CVSS6.5AI score0.00546EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/02/26 12:0 a.m.19 views

WordPress User Shortcodes Plus Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)

Software User Shortcodes Plus Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6969 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cc1bdd35256f Credits Francesco...

5.3CVSS6.5AI score0.00472EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/02/14 12:0 a.m.19 views

WordPress Peach Payments Gateway Plugin <= 3.1.9 is vulnerable to Broken Access Control

Software Peach Payments Gateway Type Plugin Vulnerable versions = 3.1.9 Fixed in 3.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-25922 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4ed5c43af060 Credits Abdi Pranata Required...

5.4CVSS6.6AI score0.00364EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/02/12 12:0 a.m.19 views

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0984 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 35a4c2f10086 Credits Frances...

4.3CVSS6.5AI score0.00372EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/02/12 12:0 a.m.19 views

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to Cross Site Scripting (XSS)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.5 Fixed in 8.5.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25593 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 87e47cb4335f Credits Ngô Thiên An ancorn...

6.5CVSS6.6AI score0.00317EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/02/12 12:0 a.m.19 views

WordPress Canto Plugin <= 3.0.6 is vulnerable to Remote Code Execution (RCE)

Software Canto Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-25096 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 5a102fd4265b Credits Rodrigo Escobar ipax Required privilege...

10CVSS7.2AI score0.00687EPSS
Exploits2References2Affected Software1
Total number of security vulnerabilities5000