Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
added 2023/07/20 12:0 a.m.19 views

WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to SQL Injection

Software Subscribe to Category Type Plugin Vulnerable versions = 2.7.4 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32590 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2968f51bb060 Credits Mika Required privilege Unauthenticated...

9.3CVSS6.8AI score0.01646EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.19 views

WordPress WP News and Scrolling Widgets Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software WP News and Scrolling Widgets Type Plugin Vulnerable versions = 3.3.4 Fixed in 4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c0214c70fb9b Credits Rafie Muhammad Patchstac...

6.1AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/17 12:0 a.m.19 views

WordPress WPBulky Plugin < 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Software WPBulky Type Plugin Vulnerable versions 1.0.10 Fixed in 1.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30482 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f12e0267c313 Credits Abde Ouabala Required privilege...

6.5CVSS5.7AI score0.0031EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/17 12:0 a.m.19 views

WordPress Rank Math SEO Plugin <= 1.0.119 is vulnerable to Cross Site Scripting (XSS)

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.119 Fixed in 1.0.119.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32600 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fbe17eef0220 Credits Rafie Muhammad...

6.5CVSS5.7AI score0.00332EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/05 12:0 a.m.19 views

WordPress Coming Soon Plugin <= 1.5.9 is vulnerable to SQL Injection

Software Coming Soon Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46849 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0a93f0e48b26 Credits Le Ngoc Anh Required privilege Administrator Publishe...

9.8CVSS6.8AI score0.00547EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/07/04 12:0 a.m.19 views

WordPress HTTP Headers Plugin < 1.18.11 is vulnerable to Remote Code Execution (RCE)

Software HTTP Headers Type Plugin Vulnerable versions 1.18.11 Fixed in 1.18.11 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-1208 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID d18b01c455ff Credits qerogramat Kakao Style Corp. Required...

7.2CVSS7.2AI score0.0132EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/06/27 12:0 a.m.19 views

WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software NOO Timetable Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45821 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d615de5bc83f Credits Cat Required privilege...

6.5CVSS5.8AI score0.0031EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.19 views

WordPress Simple Iframe Plugin < 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Simple Iframe Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2964 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0a6a1d288d08 Credits Jihoon Lee Required...

5.4CVSS5.6AI score0.00452EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.19 views

WordPress USM Premium Plugin < 16.3 is vulnerable to Cross Site Scripting (XSS)

Software USM Premium Type Plugin Vulnerable versions 16.3 Fixed in 16.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1166 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2fffba6c645d Credits Mohamed Selim Required privilege...

4.8CVSS5.7AI score0.00477EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/05/18 12:0 a.m.19 views

WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software UpdraftPlus Type Plugin Vulnerable versions = 1.23.3 Fixed in 1.23.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32960 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID d64e914c934f Credits Rafie Muhammad...

7.1CVSS6.7AI score0.00208EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/09 12:0 a.m.19 views

WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Order Your Posts Manually Type Plugin Vulnerable versions = 2.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32510 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fdf3da041b8c Credits minhtuana...

7.1CVSS5.6AI score0.00379EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/04/28 12:0 a.m.19 views

WordPress AJAX Thumbnail Rebuild Plugin <= 1.13 is vulnerable to Broken Access Control

Software AJAX Thumbnail Rebuild Type Plugin Vulnerable versions = 1.13 Fixed in 1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-47604 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b90f03667897 Credits Justiice Required...

4.3CVSS6.9AI score0.00526EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/04/24 12:0 a.m.19 views

WordPress Updraft Plugin <= 0.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Updraft Type Plugin Vulnerable versions = 0.6.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26530 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bc1184571b44 Credits Nguyen Xuan Hoa Required...

7.1CVSS5.9AI score0.00382EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/04/07 12:0 a.m.19 views

WordPress Spiffy Calendar Plugin <= 4.9.1 is vulnerable to SQL Injection

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.1 Fixed in 4.9.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46859 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 127ff2924c25 Credits Justiice Required privilege Subscriber Publishe...

9.8CVSS7.2AI score0.0055EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/04/06 12:0 a.m.19 views

WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.5.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions = 6.5.13 Fixed in 6.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4938 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 825435f567d9...

8.8CVSS7AI score0.00248EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/03/22 12:0 a.m.19 views

WordPress eRoom – Zoom Meetings & Webinar Plugin <= 1.4.6 is vulnerable to Broken Access Control

Software eRoom – Zoom Meetings & Webinar Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-43472 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5064cfd61ac8 Credits István...

6.3AI score0.00552EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.19 views

WordPress Dark Mode Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Dark Mode Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9e4920fdc820 Credits István Márton Required...

5.9AI score0.00113EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.19 views

WordPress WP VR Plugin <= 8.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP VR Type Plugin Vulnerable versions = 8.2.5 Fixed in 8.2.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer WPFunnels Team PSID 93df9c4109e0 Credits István Márton Required privile...

5.8AI score0.00113EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/16 12:0 a.m.19 views

WordPress Contact Form Email Plugin <= 1.3.31 is vulnerable to Other Vulnerability Type

Software Contact Form Email Type Plugin Vulnerable versions = 1.3.31 Fixed in 1.3.32 OWASP Top 10 A5: Broken Access Control Classification Other Vulnerability Type CVE CVE-2023-28494 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1b66482cfee4 Credits István Márton Require...

4.3CVSS6.6AI score0.00313EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/13 12:0 a.m.19 views

WordPress Formidable Forms Plugin < 6.1 is vulnerable to Bypass Vulnerability

Software Formidable Forms Type Plugin Vulnerable versions 6.1 Fixed in 6.1 OWASP Top 10 A1: Injection Classification Bypass Vulnerability CVE CVE-2023-0816 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9879bb5c0709 Credits Daniel Ruf Required privilege Unauthenticated...

6.5CVSS6.8AI score0.00498EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/03/01 12:0 a.m.19 views

WordPress GN Publisher Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Software GN Publisher Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1080 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 791c76b450de Credits Marco Wotschka Required...

6.1CVSS5.9AI score0.0126EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/02/20 12:0 a.m.19 views

WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF)

Software CSS JS Manager Type Plugin Vulnerable versions = 2.4.49 Fixed in 2.4.49.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47154 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d901e9767d13 Credits rezaduty Require...

8.8CVSS7AI score0.0026EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/20 12:0 a.m.19 views

WordPress The Post Grid Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software The Post Grid Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46853 Patch priority Low CVSS severity Low 4.3 Developer Mamunur Rashid PSID b0d360a29dab Credits Muhammad Daffa Require...

8.8CVSS7AI score0.00256EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/20 12:0 a.m.19 views

WordPress Publish to Schedule Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Publish to Schedule Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.5.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25994 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 196402e1491d Credits Rio Darmawan...

8.8CVSS7AI score0.00306EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/15 12:0 a.m.19 views

WordPress Upload File Type Settings Plugin Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Upload File Type Settings Plugin Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25781 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1b1468ec7ed1 Credits Rio Darmaw...

5.9CVSS5.7AI score0.00369EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/01/27 12:0 a.m.19 views

WordPress ChatBot Plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software ChatBot Type Plugin Vulnerable versions = 4.2.8 Fixed in 4.2.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24415 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 56586a24f6dd Credits Rafshanzani Suhada Required...

8.8CVSS6.7AI score0.00264EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/24 12:0 a.m.19 views

WordPress WP Helper Premium Plugin < 4.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Helper Premium Type Plugin Vulnerable versions 4.3 Fixed in 4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0448 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c74257beed9d Credits Joshua Martinelle Required...

6.1CVSS5.9AI score0.44513EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.19 views

WordPress WP TripAdvisor Review Slider Plugin < 10.8 is vulnerable to SQL Injection

Software WP TripAdvisor Review Slider Type Plugin Vulnerable versions 10.8 Fixed in 10.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0261 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dcd0212f495a Credits István Márton Required privilege...

8.8CVSS6.8AI score0.04356EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.19 views

WordPress Customer Reviews for WooCommerce Plugin < 5.16.0 is vulnerable to Local File Inclusion

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions 5.16.0 Fixed in 5.16.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0080 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 2a336810763e Credits István Márton Required...

8.8CVSS6.9AI score0.01125EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.19 views

WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.1.7.3.2 Fixed in 4.2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-45808 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID c30856175358 Credits Fadilah Agung Nugraha Required privilege...

9.9CVSS7.2AI score0.04269EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.19 views

WordPress WP Time Slots Booking Form Plugin <= 1.1.81 is vulnerable to Cross Site Scripting (XSS)

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.1.81 Fixed in 1.1.82 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23971 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e04532f2022b Credits Rio Darmaw...

5.9CVSS6AI score0.00392EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/18 12:0 a.m.19 views

WordPress WP Customer Area Plugin < 8.1.4 is vulnerable to Remote Code Execution (RCE)

Software WP Customer Area Type Plugin Vulnerable versions 8.1.4 Fixed in 8.1.4 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2022-4745 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID fc8e26b37a92 Credits rezaduty Required privilege...

7.1CVSS7.3AI score0.00276EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/01/06 12:0 a.m.19 views

WordPress CPO Companion Plugin < 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software CPO Companion Type Plugin Vulnerable versions 1.1.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4837 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 47c87ffd82d9 Credits István Márton Required...

5.4CVSS5.9AI score0.00534EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/01/06 12:0 a.m.19 views

WordPress Social Warfare Plugin <= 4.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Social Warfare Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.4.0 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE CVE-2023-0403 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2ad0dd31224b Credits Marco...

5.4CVSS7.1AI score0.00374EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/12/29 12:0 a.m.19 views

WordPress club-theme Theme < 10 is vulnerable to Arbitrary File Upload

Software club-theme Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c1148e89d858 Credits Joshua Small Required privilege...

9.8CVSS9.3AI score0.02084EPSS
Exploits12References2Affected Software1
Patchstack
Patchstack
added 2022/11/23 12:0 a.m.19 views

WordPress Countdown Widget plugin <= 3.1.9.1 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS discovered by Rasi Afeef Patchstack Alliance in the WordPress Countdown Widget plugin versions = 3.1.9.1. Solution Update the WordPress WordPress Countdown Widget plugin to the latest available version at least 3.1.9.3...

3.9AI score0.00229EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/15 12:0 a.m.19 views

WordPress OAuth Client by DigitialPixies plugin <= 1.1.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes in WordPress OAuth Client by DigitialPixies plugin versions = 1.1.0 Solution No patched version is available. This plugin has been closed as of October 21, 2022 and is not available for download. This closure is temporary,...

6.5CVSS3.8AI score0.0034EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/11 12:0 a.m.19 views

WordPress AdRotate Banner Manager plugin <= 5.9 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities leading to resetting some of the maintenance settings Reset tasks, Disable the third party, Update Database were discovered by Muhammad Daffa Patchstack Alliance in the WordPress AdRotate Banner Manager plugin versions = 5.9. Solution...

2AI score0.00264EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/11 12:0 a.m.19 views

WordPress Add Multiple Marker plugin <= 1.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Add Multiple Marker plugin versions = 1.2. Solution No patched version is available...

4.1AI score0.00264EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/09 12:0 a.m.19 views

WordPress User Blocker plugin <= 1.5.5 - Auth. CSV Injection vulnerability

Auth. CSV Injection vulnerability discovered by Mika in the WordPress User Blocker plugin versions = 1.5.5. Solution Update the WordPress User Blocker plugin to the latest available version at least 1.5.6...

3AI score0.0069EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/03 12:0 a.m.19 views

WordPress Find and Replace All plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Find and Replace All plugin versions = 1.2. Solution Update the WordPress Find and Replace All plugin to the latest available version at least 1.3...

1.5AI score0.00486EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.19 views

WordPress miniOrange's Google Authenticator plugin <= 5.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to Plugin Settings Change discovered by Lana Codes Patchstack Alliance in WordPress miniOrange's Google Authenticator plugin versions = 5.6.1. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at leas...

8.8CVSS3.8AI score0.00631EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/28 12:0 a.m.19 views

WordPress Easy Digital Downloads plugin <= 3.1.0.1.1 - Unauth. CSV Injection vulnerability

Unauth. CSV Injection vulnerability discovered by Francesco Carlucci in WordPress Easy Digital Downloads plugin versions = 3.1.0.1.1. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 3.1.0.2...

9.8CVSS3.7AI score0.01218EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/28 12:0 a.m.19 views

WordPress Modula plugin <= 2.6.9 - Unauth. Plugin Settings Change vulnerability

Unauth. Plugin Settings Change vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress Modula plugin versions = 2.6.9. Solution Update the WordPress Modula Image Gallery plugin to the latest available version at least 2.6.91...

6.5CVSS4.2AI score0.00454EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/28 12:0 a.m.19 views

WordPress Spacer plugin <= 3.0.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by gem in WordPress Spacer plugin versions = 3.0.6. Solution Update the WordPress Spacer plugin to the latest available version at least 3.0.7...

4.8CVSS2.2AI score0.0047EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/25 12:0 a.m.19 views

WordPress SEO Plugin by Squirrly SEO plugin <= 12.1.10 - Auth. Arbitrary File Upload vulnerability

Auth. Arbitrary File Upload vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress SEO Plugin by Squirrly SEO plugin versions = 12.1.10. Solution Update the WordPress SEO Plugin by Squirrly SEO plugin to the latest available version at least 12.1.11...

3.2AI score0.0072EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/24 12:0 a.m.19 views

WordPress IP Blacklist Cloud plugin <= 5.00 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Mika Patchstack Alliance in the WordPress IP Blacklist Cloud plugin versions = 5.00. Solution Deactivate and delete. This plugin has been closed as of September 28, 2022 and is not available for download. This closure is temporary, pending a fu...

3.5AI score0.00723EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/21 12:0 a.m.19 views

WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities

Multiple Insecure direct object references IDOR vulnerabilities were discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.6. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.7...

8.8CVSS3.1AI score0.00525EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/19 12:0 a.m.19 views

WordPress Webmaster Tools Verification plugin <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation vulnerability

Unauthenticated Arbitrary Plugin Deactivation vulnerability discovered by Daniel Ruf in WordPress Webmaster Tools Verification plugin versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of October 19, 2022 and is not available for download. This closure is temporary,...

6.5CVSS2.4AI score0.00349EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/18 12:0 a.m.19 views

WordPress core <= 6.0.2 - Sender’s Email Address Exposure vulnerability

Sender’s Email Address Exposure vulnerability via wp-mail.php was discovered by Toshitsugu Yoneyama Mitsui Bussan Secure Directions, Inc. via JPCERT in the WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...

2.7AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities5000