Lucene search
K
PatchstackMost viewed

46681 matches found

Patchstack
Patchstack
added 2021/09/20 12:0 a.m.19 views

WordPress Essential Content Types plugin <= 1.8.6 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Essential Content Types plugin versions = 1.8.6. Solution Update the WordPress Essential Content Types plugin to the latest available version at least 1.9...

5.7CVSS3.5AI score0.00408EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/15 12:0 a.m.19 views

WordPress DearFlip plugin <= 1.7.9 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress DearFlip plugin versions = 1.7.9. Solution Update the WordPress DearFlip plugin to the latest available version at least 1.7.10...

5.4CVSS1.8AI score0.00629EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/13 12:0 a.m.19 views

WordPress Support Board plugin <= 3.3.3 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities

Multiple Unauthenticated SQL Injection SQLi vulnerabilities were discovered by John Jefferson Li in the WordPress Support Board plugin versions = 3.3.3. Solution Update the WordPress Support Board plugin to the latest available version at least 3.3.4...

9.8CVSS2.4AI score0.05516EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2021/09/10 12:0 a.m.19 views

WordPress StopBadBots plugin <= 6.59 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Martin Vierula Trustwave in WordPress StopBadBots plugin versions = 6.59. Solution Update the WordPress StopBadBots plugin to the latest available version at least 6.60...

8.8CVSS3.4AI score0.01659EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.19 views

WordPress Post Title Counter plugin <= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Post Title Counter plugin versions = 1.1. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.4AI score0.00866EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/09/07 12:0 a.m.19 views

WordPress Chained Quiz plugin <= 1.2.7.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress Chained Quiz plugin versions = 1.2.7.1. Solution Update the WordPress Chained Quiz plugin to the latest available version at least 1.2.7.1...

5.4CVSS1.9AI score0.00604EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/25 12:0 a.m.19 views

WordPress Nested Pages plugin <= 3.1.15 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Post Deletion and Modification

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Post Deletion and Modification discovered by Ramuel Gall WordFence in WordPress Nested Pages plugin versions = 3.1.15. Solution Update the WordPress Nested Pages plugin to the latest available version at least 3.1.16...

8.1CVSS3.2AI score0.00492EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/08/25 12:0 a.m.19 views

WordPress Nested Pages plugin <= 3.1.15 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Ram Gall WordFence in WordPress Nested Pages plugin versions = 3.1.15. Solution Update the WordPress Nested Pages plugin to the latest available version at least 3.1.16...

6.1CVSS2.6AI score0.00826EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/08/23 12:0 a.m.19 views

WordPress Comment Link Remove and Other Comment Tools plugin <= 2.1.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to bulk comment deletion

Cross-Site Request Forgery CSRF vulnerability leading to bulk comment deletion discovered by Martin Vierula Trustwave in WordPress Comment Link Remove and Other Comment Tools plugin versions = 2.1.4. Solution Update the WordPress Comment Link Remove and Other Comment Tools plugin to the latest...

4.3CVSS3.6AI score0.00471EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/23 12:0 a.m.19 views

WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.1 - Unauthorized Event TimeSlot Update vulnerability

Unauthorized Event TimeSlot Update vulnerability discovered by dc11 in WordPress Timetable and Event Schedule by MotoPress plugin versions = 2.4.1. Solution Update the WordPress Timetable and Event Schedule by MotoPress plugin to the latest available version at least 2.4.2...

5.4CVSS3.4AI score0.00489EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/22 12:0 a.m.19 views

WordPress The Sorter plugin <= 1.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress The Sorter plugin versions = 1.0. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...

7.2CVSS3.2AI score0.01467EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/17 12:0 a.m.19 views

WordPress Icegram plugin <= 2.0.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Icegram plugin versions = 2.0.2. Vulnerable at "Headline" &messagedata16headline input. Solution Update the WordPress Icegram plugin to the latest available version at least 2.0.3...

5.4CVSS1.7AI score0.00552EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/08/16 12:0 a.m.19 views

WordPress Smash Balloon Social Post Feed plugin <= 2.19.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by dc11 in WordPress Smash Balloon Social Post Feed plugin versions = 2.19.1. Solution Update the WordPress Smash Balloon Social Post Feed plugin to the latest available version at least 2.19.2...

6.1CVSS2.5AI score0.01322EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/13 12:0 a.m.19 views

WordPress Scribble Maps plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Scribble Maps plugin versions = 1.2. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3.1AI score0.00895EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/08/13 12:0 a.m.19 views

WordPress Simple Behance Portfolio plugin <= 0.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Simple Behance Portfolio plugin versions = 0.2. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.7AI score0.00895EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/08/13 12:0 a.m.19 views

WordPress Custom Post Type Relations plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Custom Post Type Relations plugin = 1.0. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS1.8AI score0.00895EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/08/11 12:0 a.m.19 views

WordPress Software License Manager plugin <= 4.4.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Software License Manager plugin versions = 4.4.7. Solution Update the WordPress Software License Manager plugin to the latest available version at least 4.4.8...

6.1CVSS2.4AI score0.00702EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/08/09 12:0 a.m.19 views

WordPress W3SCloud Contact Form 7 to Zoho CRM plugin <= 1.1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress W3SCloud Contact Form 7 to Zoho CRM plugin versions = 1.1.0. Solution Update the WordPress W3SCloud Contact Form 7 to Zoho CRM plugin to the latest available version at least 2.1.0...

2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/07/30 12:0 a.m.19 views

WordPress youForms plugin <= 1.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by xiahao in WordPress youForms plugin versions = 1.0.5. Solution This plugin has been closed as of July 30, 2021 and is not available for download. This closure is temporary, pending a full review...

4.8CVSS2.8AI score0.02678EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/07/30 12:0 a.m.19 views

WordPress Nifty Newsletters plugin <= 4.0.23 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Kohei Hino Cryptography Laboratory - Tokyo Denki University in WordPress Nifty Newsletters plugin versions = 4.0.23. Solution This plugin has been closed as of July 29, 2021 and is not available...

8.8CVSS0.7AI score0.007EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/07/27 12:0 a.m.19 views

WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

4.3CVSS4.3AI score0.00423EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2021/07/26 12:0 a.m.19 views

WordPress Simple Banner plugin <= 2.10.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Simple Banner plugin versions = 2.10.3. Solution Update the WordPress Simple Banner plugin to the latest available version at least 2.10.4...

4.8CVSS2.1AI score0.00676EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/07/24 12:0 a.m.19 views

WordPress Paytm plugin <= 1.3.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Paytm plugin versions = 1.3.2. Solution This plugin has been closed as of June 3, 2021 and is not available for download. Reason: Security Issue...

7.2CVSS3.4AI score0.05691EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/07/07 12:0 a.m.19 views

WordPress WP Upload Restriction plugin <= 2.2.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Angelo Righi in WordPress WP Upload Restriction plugin versions = 2.2.3. Solution Update the WordPress WP Upload Restriction plugin to the latest available version at least 2.2.4...

6.4CVSS2.3AI score0.00634EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/07/02 12:0 a.m.19 views

WordPress Workreap premium theme <= 2.2.1 - Missing authorization checks in AJAX actions vulnerability

Missing authorization checks in AJAX actions vulnerability discovered by Harald Eilertsen Jetpack in WordPress Workreap premium theme versions = 2.2.1. Solution Update the WordPress Workreap premium theme to the latest available version at least 2.2.2...

8.1CVSS2.2AI score0.01251EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/29 12:0 a.m.19 views

WordPress Portfolio Responsive Gallery plugin <= 1.1.7 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Portfolio Responsive Gallery plugin versions = 1.1.7. Solution Update the WordPress Portfolio Responsive Gallery plugin to the latest available version at least 1.1.8...

8.8CVSS2.7AI score0.01373EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/28 12:0 a.m.19 views

WordPress ProfilePress plugin 3.0 – 3.1.3 - Arbitrary File Upload in Image Uploader Component vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Chloe Chamberland WordFence in WordPress ProfilePress plugin versions 3.0 – 3.1.3. 06.29.2021 - WordFence updated the vulnerable version to 3.0 - 3.1.3. Solution Update the WordPress ProfilePress plugin to the latest version at leas...

9.8CVSS1.8AI score0.02101EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/21 12:0 a.m.19 views

WordPress Sign-up Sheets plugin <= 1.0.13 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ajay Sandipan Thorbole in WordPress Sign-up Sheets plugin versions = 1.0.13. Solution Update the WordPress Sign-up Sheets plugin to the latest available version at least 1.0.14...

4.8CVSS2.1AI score0.00617EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/21 12:0 a.m.19 views

WordPress Contact Form 7 Style plugin <= 3.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Contact Form 7 Style plugin versions = 3.2. Solution This plugin has been closed as of February 1, 2021 and is not available for download. Reason: Security Issue...

3.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/06/21 12:0 a.m.19 views

WordPress simple sort&search plugin <= 0.0.3 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress simple sort&search plugin versions = 0.0.3. Solution This plugin has been closed as of May 19, 2021 and is not available for download. This closure is temporary, pending a full review...

2.2AI score0.00431EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/16 12:0 a.m.19 views

WordPress Request a Quote plugin <= 2.3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ajay Sandipan Thorbole in WordPress Request a Quote plugin versions = 2.3.0. Solution Update the WordPress Request a Quote plugin to the latest available version at least 2.3.4...

5.4CVSS2.9AI score0.00624EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/14 12:0 a.m.19 views

WordPress WP SVG images plugin <= 3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via uploaded SVG file

Authenticated Stored Cross-Site Scripting XSS vulnerability via uploaded SVG file discovered by Rasi in WordPress WP SVG images plugin versions = 3.3. Solution Update the WordPress WP SVG images plugin to the latest available version at least 3.4...

5.4CVSS2.8AI score0.00659EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/08 12:0 a.m.19 views

WordPress JoomSport plugin <= 5.1.5 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Bugbang in WordPress JoomSport plugin versions = 5.1.5. Solution Update the WordPress JoomSport plugin to the latest available version at least 5.1.8...

9.8CVSS2.5AI score0.02068EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/05/31 12:0 a.m.19 views

WordPress Admin Columns PRO premium plugin <= 5.4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Daniel Elkabes WhiteSource in WordPress Admin Columns PRO premium plugin versions = 5.4.4. Solution Update the WordPress Admin Columns PRO premium plugin to the latest available version at least 5.5.1...

5.4CVSS2.2AI score0.00997EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/05/31 12:0 a.m.19 views

WordPress FooGallery plugin <= 2.0.30 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by avolume in WordPress FooGallery plugin versions = 2.0.30. Solution Update the WordPress FooGallery plugin to the latest available version at least 2.0.35...

5.4CVSS2.3AI score0.00624EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/05/27 12:0 a.m.19 views

WordPress Easy Preloader plugin <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Kishore Hariram in WordPress Easy Preloader plugin versions = 1.0.0. Solution This plugin has been closed as of May 4, 2021 and is not available for download. This closure is temporary, pending a full review...

4.8CVSS1.3AI score0.00542EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/05/27 12:0 a.m.19 views

WordPress Sendit WP Newsletter plugin <= 2.5.1 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Sendit WP Newsletter plugin versions = 2.5.1. Solution This plugin has been closed as of April 29, 2021 and is not available for download. This closure is temporary, pending a full review...

6.6CVSS2.8AI score0.01338EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/05/23 12:0 a.m.19 views

WordPress Backup by 10Web – Backup and Restore plugin <= 1.0.20 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress Backup by 10Web – Backup and Restore plugin versions = 1.0.20. Solution This plugin has been closed as of June 2, 2021 and is not available for download. This closure is permanent...

4.8CVSS2.5AI score0.00626EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/05/10 12:0 a.m.19 views

WordPress Speed Booster Pack plugin <= 4.1.3 - Authenticated Remote Code Execution (RCE) vulnerability

Authenticated Remote Code Execution RCE vulnerability discovered by m0ze in WordPress Speed Booster Pack plugin versions = 4.1.3 to be more precise = 4.2.0-beta. Solution Update the WordPress Speed Booster Pack plugin to the latest available version at least 4.2.0...

7.2CVSS4.7AI score0.01721EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/05/07 12:0 a.m.19 views

WordPress Ultimate Member plugin <= 2.1.19 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Riki Aji in WordPress Ultimate Member plugin versions = 2.1.19. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.1.20...

5.4CVSS2.2AI score0.0062EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/04/27 12:0 a.m.19 views

WordPress Pods plugin <= 2.7.26 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WhiteSource in WordPress Pods plugin versions = 2.7.26. Solution Update the WordPress Pods plugin to the latest available version at least 2.7.27...

5.4CVSS1.8AI score0.00792EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/04/12 12:0 a.m.19 views

WordPress WPGraphQL plugin <= 1.3.5 - Denial of Service vulnerability

Denial of Service vulnerability discovered by Dolev Farhi in WordPress WPGraphQL plugin versions = 1.3.5. Solution Update the WordPress WPGraphQL plugin to the latest available version at least 1.3.6...

3AI score
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/04/09 12:0 a.m.19 views

WordPress Media File Renamer plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Ngo Van Thien Patchstack Red Team in the WordPress Media File Renamer plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...

5.4CVSS3.7AI score0.00423EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/04/08 12:0 a.m.19 views

WordPress WP Page Builder plugin <= 1.2.3 - Insecure Default Configuration vulnerability

Insecure Default Configuration vulnerability discovered by WordFence in WordPress WP Page Builder plugin versions = 1.2.3. Solution Update the WordPress WP Page Builder plugin to the latest available version at least 1.2.4...

4.3CVSS2.5AI score0.00689EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/03/29 12:0 a.m.19 views

WordPress WorkScout premium theme <= 2.0.31 - Cross-Frame Scripting (XFS) vulnerability

Cross-Frame Scripting XFS vulnerability discovered by m0ze Patchstack Red Team in WordPress WorkScout premium theme versions = 2.0.31. Solution Update the WordPress WorkScout premium theme to the latest available version at least 2.0.32...

2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/03/26 12:0 a.m.19 views

WordPress Patreon WordPress plugin <= 1.6.9 - Local File Disclosure vulnerability

Local File Disclosure vulnerability discovered by Jetpack Scan team in WordPress Patreon WordPress plugin versions = 1.6.9. Solution Update the WordPress Patreon WordPress plugin to the latest available version at least 1.7.0...

7.5CVSS1.8AI score0.05879EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/03/11 12:0 a.m.19 views

WordPress JH 404 Logger plugin <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ganesh Bagaria in WordPress JH 404 Logger plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of February 11, 2021 and is not available for download. Reason: Security Issue...

5.4CVSS3.4AI score0.02044EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/02/10 12:0 a.m.19 views

WordPress Map Block for Google Maps plugin <= 1.31 - Google API Key Manipulation vulnerability

Google API Key Manipulation vulnerability found in WordPress Map Block for Google Maps plugin versions = 1.31. Solution Update the WordPress Map Block for Google Maps plugin to the latest available version at least 1.32...

2.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/01/15 12:0 a.m.19 views

WordPress FV Flowplayer Video Player plugin <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by Arcangelo Saracino in WordPress FV Flowplayer Video Player plugin versions = 7.4.37.727. Solution Update the WordPress FV Flowplayer Video Player plugin to the latest available version at least 7.4.38.727...

5.4CVSS2.9AI score0.0092EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/01/10 12:0 a.m.19 views

WordPress Name Directory plugin <= 1.17.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Yuta in WordPress Name Directory plugin versions = 1.17.4. Solution Update the WordPress Name Directory plugin to the latest available version at least 1.18...

8.8CVSS4AI score0.0084EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000