Lucene search
K
PatchstackMost viewed

46684 matches found

Patchstack
Patchstack
•added 2022/09/21 12:0 a.m.•19 views

WordPress Passster plugin <= 3.5.5.5.1 - Insecure Storage of Password vulnerability

Insecure Storage of Password vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Passster plugin versions = 3.5.5.5.1. Solution Update the WordPress Passster – Password Protection plugin to the latest available version at least 3.5.5.5.2...

5.9CVSS1.6AI score0.00452EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2022/09/15 12:0 a.m.•19 views

WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress CPO Shortcodes plugin versions = 1.5.0 . Solution Deactivate and delete. This plugin has been closed as of September 14, 2022 and is not available for download. This closure is...

4.8CVSS2.5AI score0.00437EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/09/14 12:0 a.m.•19 views

WordPress Integration for Szamlazz.hu & Gravity Forms plugin <= 1.2.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Code in WordPress Integration for Szamlazz.hu & Gravity Forms plugin versions = 1.2.6. Solution Update the WordPress Integration for Szamlazz.hu & Gravity Forms plugin to the latest available version at least 1.2.7...

7.1CVSS3.5AI score0.00337EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/09/14 12:0 a.m.•19 views

WordPress Cryptocurrency Pricing list and Ticker plugin <= 1.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Jeremie Amsellem in WordPress Cryptocurrency Pricing list and Ticker plugin versions = 1.5. Solution Deactivate and delete. This plugin has been closed as of September 8, 2022 and is not available for download. This closure is...

6.1CVSS2AI score0.00486EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2022/09/14 12:0 a.m.•19 views

WordPress Enable Media Replace plugin <= 3.6.3 - Auth. Path Traversal vulnerability

Auth. Path Traversal vulnerability discovered by Raad Haddad Cloudyrion GmbH in the WordPress Enable Media Replace plugin versions = 3.6.3. Solution Update the WordPress Enable Media Replace plugin to the latest available version at least 4.0.0...

4.9CVSS2.8AI score0.00781EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/09/07 12:0 a.m.•19 views

WordPress Wordfence Security – Firewall & Malware Scan plugin <= 7.6.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ori Gabriel in WordPress Wordfence Security – Firewall & Malware Scan plugin versions = 7.6.0. Solution Update the WordPress Wordfence plugin to the latest available version at least 7.6.1...

4.8CVSS1.8AI score0.00613EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2022/09/05 12:0 a.m.•19 views

WordPress NinjaForms plugin <= 3.6.12 - Authenticated PHP Objection Injection vulnerability

Authenticated PHP Objection Injection vulnerability discovered by Alessio Santoru in WordPress NinjaForms plugin versions = 3.6.12. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.13...

7.2CVSS2.9AI score0.0108EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/08/29 12:0 a.m.•19 views

WordPress WPvivid Backup plugin 0.9.76 - Authenticated Arbitrary File Deletion vulnerability

Authenticated Arbitrary File Deletion vulnerability discovered by WPScan in WordPress WPvivid Backup plugin versions 0.9.76. Solution Update the WordPress WPvivid Backup and Migration plugin to the latest available version at least 0.9.77...

3.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2022/08/25 12:0 a.m.•19 views

WordPress Launcher: Coming Soon & Maintenance Mode plugin <= 1.0.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Launcher: Coming Soon & Maintenance Mode plugin versions = 1.0.11. Solution No patched version is available. Ignored by the vendor...

4.8CVSS3.6AI score0.00457EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/08/16 12:0 a.m.•19 views

WordPress Affiliates Manager Plugin <= 2.9.13 - CSV Injection vulnerability

CSV Injection vulnerability discovered by WPScan in Affiliates Managers versions = 2.9.13 Solution Update the WordPress Affiliates Manager plugin to the latest available version at least 2.9.14...

8CVSS4AI score0.0095EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/08/01 12:0 a.m.•19 views

WordPress Yotpo Reviews for WooCommerce (Unofficial) plugin <= 2.0.4 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Johannes Gangsö in WordPress Yotpo Reviews for WooCommerce Unofficial plugin versions = 2.0.4. Solution Deactivate and delete. This plugin has been closed as of July 27, 2022 and is not available for downloa...

6.5CVSS2.5AI score0.00369EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2022/07/26 12:0 a.m.•19 views

WordPress Feed Them Social plugin <= 2.9.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Feed Them Social plugin versions = 2.9.9. Solution Update the WordPress Feed Them Social plugin to the latest available version at least 3.0.1...

6.1CVSS2.4AI score0.00634EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/07/26 12:0 a.m.•19 views

WordPress Product Slider for WooCommerce plugin <= 2.5.6 - Authenticated Arbitrary Options Deletion vulnerability

Authenticated Arbitrary Options Deletion vulnerability discovered by Krzysztof ZajÄ…c in WordPress Product Slider for WooCommerce plugin versions = 2.5.6. Solution Update the WordPress Product Slider for WooCommerce plugin to the latest available version at least 2.5.7...

4.3CVSS3.4AI score0.00308EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/07/25 12:0 a.m.•19 views

WordPress Stockists Manager for Woocommerce plugin <= 1.0.2.1 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS by Yuta Kikuchi in WordPress Stockists Manager for Woocommerce plugin versions = 1.0.2.1. Solution Deactivate and delete. This plugin has been closed as of July 12, 2022 and is not available for download. Thi...

8.8CVSS1.7AI score0.00408EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2022/07/12 12:0 a.m.•19 views

WordPress Discy premium theme <= 4.9 - Broken Access Control to change settings vulnerability

Broken Access Control to change settings vulnerability discovered by Veshraj Ghimire in WordPress Discy premium theme versions = 4.9. Solution Update the WordPress Discy theme to the latest available version at least 5.0...

6.5CVSS2.5AI score0.00623EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
•added 2022/07/11 12:0 a.m.•19 views

WordPress CAPTCHA 4WP plugin <= 7.0.6.1 - Local File Inclusion (LFI) via Cross-Site Request Forgery (CSRF) vulnerability

Local File Inclusion LFI via Cross-Site Request Forgery CSRF vulnerability was discovered by ZhongFu Su JrXnm in the WordPress CAPTCHA 4WP plugin versions = 7.0.6.1. Solution Update the WordPress CAPTCHA 4WP plugin to the latest available version at least 7.1.0...

8.8CVSS3.6AI score0.00489EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/07/04 12:0 a.m.•19 views

WordPress Name Directory plugin <= 1.25.3 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Donato Di Pasquale in WordPress Name Directory plugin versions = 1.25.3. Solution Update the WordPress Name Directory plugin to the latest available version at least 1.25.4...

6.1CVSS3.3AI score0.00284EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/07/04 12:0 a.m.•19 views

WordPress Shareaholic <= 9.7.5 - Information Disclosure vulnerability

Information Disclosure vulnerability discovered by Brandon James Roldan in WordPress Shareaholic versions = 9.7.5. Solution Update the WordPress Shareaholic plugin to the latest available version at least 9.7.6...

5.3CVSS1.6AI score0.01633EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/07/01 12:0 a.m.•19 views

WordPress Download Manager <= 3.2.46 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered by Andrea Bocchetti in WordPress Download Manager versions = 3.2.46. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.47...

6.4CVSS2.9AI score0.00846EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2022/06/28 12:0 a.m.•19 views

WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability

Authenticated Arbitrary Code Execution vulnerability discovered by Universe Patchstack Alliance in WordPress Import any XML or CSV File to WordPress plugin versions = 3.6.7. Solution Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version at least 3.6.8...

9.1CVSS4.5AI score0.01078EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/06/23 12:0 a.m.•19 views

WordPress Loading Page with Loading Screen plugin <= 1.0.82 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Nikhil Kapoor in WordPress Loading Page with Loading Screen plugin versions = 1.0.82. Solution Update the WordPress Loading Page with Loading Screen plugin to the latest available version at least 1.0.83...

4.8CVSS1.5AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/06/22 12:0 a.m.•19 views

WordPress Data Tables Generator by Supsystic plugin <= 1.10.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Data Tables Generator by Supsystic plugin versions = 1.10.19. Solution Update the WordPress Data Tables Generator by Supsystic plugin to the latest available version at least 1.10.20...

4.8CVSS2.2AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/06/21 12:0 a.m.•19 views

WordPress Brizy Page Builder plugin <= 2.4.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Element URL

Authenticated Stored Cross-Site Scripting XSS vulnerability via Element URL discovered by Vishnupriya Ilango in WordPress Brizy Page Builder plugin versions = 2.4.1. Solution Update the WordPress Brizy – Page Builder plugin to the latest available version at least 2.4.2...

5.4CVSS2.6AI score0.00644EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/06/20 12:0 a.m.•19 views

WordPress LinkedIn Company Updates plugin <= 1.5.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress LinkedIn Company Updates plugin versions = 1.5.3. Solution Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for...

4.8CVSS1.1AI score0.00493EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/06/16 12:0 a.m.•19 views

WordPress BuddyPress Group Reviews plugin <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass

Unauthorized AJAX Actions due to Nonce Bypass discovered by Marco Wotschka / Wordfence in WordPress BuddyPress Group Reviews plugin versions = 2.8.3. Solution Update the WordPress BuddyPress Group Reviews plugin to the latest available version at least 2.8.4...

6.5CVSS3.1AI score0.00671EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2022/06/14 12:0 a.m.•19 views

WordPress Custom Popup Builder plugin <= 1.3.1 - Improper Access Control vulnerability leading to multiple Authenticated Stored XSS

Improper Access Control vulnerability leading to multiple Authenticated Stored XSS discovered by Ngo Van Thien Patchstack Alliance in WordPress Custom Popup Builder plugin versions = 1.3.1. Solution Deactivate and delete. This plugin has been closed as of May 26, 2022 and is not available for...

5.4CVSS1.5AI score0.00449EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2022/06/07 12:0 a.m.•19 views

WordPress SAML Single Sign On – SAML SSO Login plugin <= 4.9.20 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress SAML Single Sign On – SAML SSO Login plugin versions = 4.9.20. Solution Update the WordPress SAML Single Sign On – SAML SSO Login plugin to the latest available version at least 4.9.21...

2.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2022/06/06 12:0 a.m.•19 views

WordPress Limit Login Attempts plugin <= 4.0.71 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Niraj Mahajan in WordPress Limit Login Attempts plugin versions = 4.0.71. Solution Update the WordPress Limit Login Attempts plugin to the latest available version at least 4.0.72...

4.8CVSS2.3AI score0.00848EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/06/02 12:0 a.m.•19 views

WordPress WP Ultimate CSV Importer plugin <= 6.5.2 - Authenticated Blind Server-Side Request Forgery (SSRF) vulnerability

Authenticated Blind Server-Side Request Forgery SSRF vulnerability discovered by Luan Pedersini in WordPress WP Ultimate CSV Importer plugin versions = 6.5.2. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.5.3...

7.2CVSS2.7AI score0.0126EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2022/05/26 12:0 a.m.•19 views

WordPress Image Slider by NextCode plugin <= 1.1.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by BEE-K Patchstack in the WordPress Image Slider by NextCode plugin versions = 1.1.2. Solution Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download. This closure is...

8.8CVSS2.8AI score0.00414EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/05/23 12:0 a.m.•19 views

WordPress LaTeX plugin <= 3.4.10 - Arbitrary Settings Update via CSRF leading to Stored XSS vulnerability

Arbitrary Settings Update via CSRF leading to Stored XSS vulnerability discovered by Daniel Ruf in WordPress LaTeX plugin versions = 3.4.10. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary, pending a full...

5.4CVSS3.4AI score0.00292EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/23 12:0 a.m.•19 views

WordPress RB Internal Links plugin <= 2.0.16 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress RB Internal Links plugin versions = 2.0.16. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure is...

5.4CVSS2.3AI score0.00292EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/23 12:0 a.m.•19 views

WordPress Peter’s Collaboration E-mails plugin <= 2.2.0 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Peter’s Collaboration E-mails plugin versions = 2.2.0. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure i...

6.5CVSS3.3AI score0.00502EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/23 12:0 a.m.•19 views

WordPress Appointment Hour Booking plugin <= 1.3.55 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Bruno Halltari in WordPress Appointment Hour Booking plugin versions = 1.3.55. Solution Update the WordPress Appointment Hour Booking plugin to the latest available version at least 1.3.56...

4.8CVSS1.4AI score0.00565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/23 12:0 a.m.•19 views

WordPress Sticky Popup plugin <= 1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Saeed Alzahrani in WordPress Sticky Popup plugin versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure is temporary, pending a full...

5.5CVSS2AI score0.00526EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2022/05/23 12:0 a.m.•19 views

WordPress Newsletter plugin <= 7.4.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Phyo Win Shein in WordPress Newsletter plugin versions = 7.4.4. Solution Update the WordPress Newsletter plugin to the latest available version at least 7.4.5...

6.1CVSS1.8AI score0.01785EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/20 12:0 a.m.•19 views

WordPress Export any WordPress data to XML/CSV plugin <= 1.3.4 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Asif Nawaz Minhas in WordPress Export any WordPress data to XML/CSV plugin versions = 1.3.4. Solution Update the WordPress Export any WordPress data to XML/CSV plugin to the latest available version at least 1.3.5...

7.2CVSS3.3AI score0.01269EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/18 12:0 a.m.•19 views

WordPress Webriti SMTP Mail plugin <= 1.0 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Webriti SMTP Mail plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of May 13, 2022 and is not available for download. This closure is temporary,...

6.5CVSS2.8AI score0.00513EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/17 12:0 a.m.•19 views

WordPress Enqueue Anything plugin <= 1.0.1 - Arbitrary Asset/Post Deletion vulnerability

Arbitrary Asset/Post Deletion vulnerability discovered by Abhishek Bhoir in WordPress Enqueue Anything plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of April 26, 2022 and is not available for download. This closure is temporary, pending a full review...

6.5CVSS3.6AI score0.00408EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/17 12:0 a.m.•19 views

WordPress Bestbooks plugin <= 2.6.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Bestbooks plugin versions = 2.6.3. Solution Deactivate and delete. This plugin has been closed as of May 11, 2022 and is not available for download. This closure is temporary, pending a full review...

9.8CVSS3.6AI score0.09047EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/16 12:0 a.m.•19 views

WordPress FiboSearch plugin <= 1.17.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Dipak Panchal in the WordPress FiboSearch plugin versions = 1.17.0. Solution Update the WordPress FiboSearch plugin to the latest available version at least 1.18.0...

4.8CVSS1.5AI score0.00565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/16 12:0 a.m.•19 views

WordPress Throws SPAM Away plugin <= 3.3 - Comment Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Comment Deletion via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Throws SPAM Away plugin versions = 3.3. Solution Update the WordPress Throws SPAM Away plugin to the latest available version at least 3.3.1...

4.3CVSS4.8AI score0.00412EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/13 12:0 a.m.•19 views

WordPress Donations plugin <= 1.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance WordPress Donations plugin versions = 1.8. Solution Deactivate and delete. This plugin has been closed as of February 28, 2022 and is not available for download. Reason: Security Issue...

5.4CVSS3.1AI score0.00527EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/05/12 12:0 a.m.•19 views

WordPress WP Simple Adsense Insertion plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Ads and JavaScript injection

Cross-Site Request Forgery CSRF vulnerability leading to Ads and JavaScript injection discovered by Daniel Ruf in WordPress WP Simple Adsense Insertion plugin versions = 2.0. Solution Update the WordPress WP Simple Adsense Insertion plugin to the latest available version at least 2.1...

4.3CVSS2.6AI score0.00412EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/10 12:0 a.m.•19 views

WordPress Easy FAQ with Expanding Text plugin <= 3.2.8.3.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Easy FAQ with Expanding Text plugin versions = 3.2.8.3.1. Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is not available for...

4.8CVSS1.2AI score0.00565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/09 12:0 a.m.•19 views

WordPress Simple Real Estate Pack plugin <= 1.4.8 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Simple Real Estate Pack plugin versions = 1.4.8. Solution Deactivate and delete. This plugin has been closed as of April 14, 2022 and is not available for download...

4.8CVSS1.6AI score0.00565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/09 12:0 a.m.•19 views

WordPress Amazon Link plugin <= 3.2.10 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Amazon Link plugin versions = 3.2.10. Solution Deactivate and delete. This plugin has been closed as of April 14, 2022 and is not available for download. This closur...

4.8CVSS1.3AI score0.00565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/05/09 12:0 a.m.•19 views

WordPress Bulk Page Creator plugin <= 1.1.3 - Arbitrary Page Creation via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Page Creation via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Bulk Page Creator plugin versions = 1.1.3. Solution Update the WordPress Bulk Page Creator plugin to the latest available version at least 1.1.4...

8.8CVSS4.1AI score0.00609EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2022/05/04 12:0 a.m.•19 views

WordPress WP Slider Plugin <= 1.4.5 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability was discovered by Ngo Van Thien Patchstack Alliance in WordPress WP Slider Plugin versions = 1.4.5. Solution No patched version is available. No reply from the vendor...

4.8CVSS2.4AI score0.00489EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/05/03 12:0 a.m.•19 views

WordPress Enable SVG plugin <= 1.3.1 - Stored Cross-Site Scripting (XSS) vulnerability via SVG

Stored Cross-Site Scripting XSS vulnerability via SVG discovered by Luan Pedersini in WordPress Enable SVG plugin versions = 1.3.1. Solution Update the WordPress Enable SVG plugin to the latest available version at least 1.4.0...

5.4CVSS2.8AI score0.00571EPSS
Exploits2References3Affected Software1
Total number of security vulnerabilities5000