Lucene search
K
PatchstackMost viewed

46681 matches found

Patchstack
Patchstack
•added 2015/03/09 12:0 a.m.•19 views

WordPress Custom Community Theme <= 2.0.24 - Stored XSS

Because of this vulnerability, any user can perform a stored XSS attack. Solution Update the theme...

2.2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/03/03 12:0 a.m.•19 views

WordPress Audio Player Plugin <= 2.0 - Multiple SQL Injection

Because of these vulnerabilities, the administrators can execute arbitrary SQL commands via the "itemid" parameter in the wonderpluginaudioshowitem. Also, an authenticated user can execute arbitrary SQL commands via the "itemid" parameter in a wonderpluginaudiosaveitem action to...

6.5CVSS6.3AI score0.02582EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/01/13 12:0 a.m.•19 views

WordPress JS Multi Hotel Plugin <= 2.2.1 - XSS

Because of this cross site scripting vulnerability in includes/deleteimg.php, the attackers can inject arbitrary web script or HTML via the "path" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.02041EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/01/13 12:0 a.m.•19 views

WordPress Unconfirmed Plugin <= 1.2.4 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the plugin...

4.3CVSS2.9AI score0.02023EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/01/09 12:0 a.m.•19 views

WordPress JS Multi Hotel Plugin <= 2.2.1 - XSS

Because of this vulnerability in includes/refreshDate.php, the attackers can inject arbitrary web script or HTML via the "roomid" parameter. Solution Update the plugin...

4.3CVSS2.8AI score0.01917EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/01/08 12:0 a.m.•19 views

WordPress All In One WP Security & Firewall Plugin <= 3.8.9 - CSRF

Because of this vulnerability, attacker can hijack the authentication of administrators for requests that delete logs of 404 HTTP status codes. Solution Update the plugin...

6.8CVSS2.2AI score0.01076EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/01/08 12:0 a.m.•19 views

WordPress All In One WP Security & Firewall Plugin <= 3.8.7 - SQL Injection

Because of this SQL Injection vulnerability, attackers can execute arbitrary SQL commands via unspecified vectors. Solution Upgrade the plugin...

6CVSS6.1AI score0.01539EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/01/02 12:0 a.m.•19 views

WordPress Cart66 Lite Plugin <= 1.5.3 - SQL Injection

This vulnerability allows authenticated users to execute arbitrary SQL commands via the "q" parameter in a promotionProductSearch action to wp-admin/admin-ajax.php. Solution Update the plugin...

6.5CVSS6.5AI score0.01756EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/12/17 12:0 a.m.•19 views

WordPress Twitter LiveBlog Plugin <= 1.1.2 - CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...

6.8CVSS3.6AI score0.01001EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/12/17 12:0 a.m.•19 views

WordPress TweetScribe Plugin <= 1.1 - CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...

6.8CVSS3.8AI score0.01001EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/12/07 12:0 a.m.•19 views

WordPress wpCommentTwit Plugin <= 0.5 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...

6.8CVSS3.4AI score0.01001EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/12/05 12:0 a.m.•19 views

WordPress Captcha Plugin <= 4.0.6 - BYPASS

Because of this vulnerability, remote attackers can bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. Solution Update the plugin...

5CVSS6.8AI score0.02351EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/11/24 12:0 a.m.•19 views

WordPress WPDataTables Plugin 1.5.3 - SQL Injection

This WordPress WPDataTables plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

7.5CVSS3.6AI score0.04737EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/11/20 12:0 a.m.•19 views

WordPress <= 4.0.0 - XSS #3

Because of this vulnerability in the "media-playlists" function, the attackers can inject arbitrary web script or HTML via unspecified vectors. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-xss...

4.3CVSS2.4AI score0.02839EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/10/20 12:0 a.m.•19 views

WordPress Spreadsheet Plugin <= 0.62 - XSS

Because of this vulnerability in sshandler.php, the attackers can inject arbitrary web script or HTML via the "ssid" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.01633EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/10/02 12:0 a.m.•19 views

WordPress Enfold Theme <= 3.0.0 - Unspecified Vulnerability

Because of this vulnerability in the folder framework, this theme has unknown impact and attack vectors. Solution Update the theme...

10CVSS6.8AI score0.02101EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/09/23 12:0 a.m.•19 views

WordPress EWWW Image Optimizer Cloud Plugin <= 2.0.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2AI score
Exploits0Affected Software1
Patchstack
Patchstack
•added 2014/09/22 12:0 a.m.•19 views

WordPress Easy MailChimp Forms Plugin <= 5.0.6 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php. Solution Update the plugin...

4.3CVSS2.9AI score0.0195EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/09/22 12:0 a.m.•19 views

WordPress NEX-Forms Lite Plugin <= 2.1.0 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "formfields" parameter. Solution Update the plugin...

6.1CVSS2.9AI score0.01155EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/09/22 12:0 a.m.•19 views

WordPress Contact Form DB Plugin <= 2.8.15 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "form" or "enc" parameter. Solution Update the plugin...

4.3CVSS3AI score0.02041EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2014/09/16 12:0 a.m.•19 views

WordPress Titan Framework Plugin <= 1.5 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "t" parameter to iframe-googlefont-preview.php or the "text" parameter to iframe-font-preview.php. Solution Update the plugin...

6.1CVSS2.9AI score0.01154EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/09/02 12:0 a.m.•19 views

WordPress Huge IT Image Gallery Plugin 1.0.1 - Authenticated SQL Injection

An authenticated SQL injection allows an attacker to bypass a web application’s authentication mechanism and retrieve the contents of database. Solution Upgrade the plugin...

6.5CVSS3.3AI score0.02357EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/08/22 12:0 a.m.•19 views

WordPress Content Audit Plugin <= 1.6.0 - SQL Injection

SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php. Solution Update the plugin...

7.5CVSS7.4AI score0.02334EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2014/08/07 12:0 a.m.•19 views

WordPress SI CAPTCHA Plugin <= 2.7.4 - XSS

Because of this vulnerability in captcha-secureimage/test/index.php, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the plugin...

4.3CVSS2.8AI score0.02041EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/08/06 12:0 a.m.•19 views

WordPress Simple Retail Menus Plugin <= 4.0 - SQL Injection

Because of this vulnerability in includes/mode-edit.php, remote authenticated editors can execute arbitrary SQL commands in an edit action to wp-admin/admin.php via the "targetmenu" parameter. Solution Update the plugin...

6.5CVSS6.5AI score0.01594EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/08/06 12:0 a.m.•19 views

WordPress Quartz Plugin <= 1.01.1 - SQL Injection

Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands in an edit action in the quartz/quoteform.php page to wp-admin/edit.php via the "quote" parameter. Solution Update the plugin...

6CVSS6.6AI score0.01943EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/08/01 12:0 a.m.•19 views

WordPress ZooEffect Plugin <= 1.08 - Reflected XSS

This plugin is prone to a HTTP referer reflected cross site scripting vulnerability. Solution Update the plugin...

1.2AI score
Exploits0Affected Software1
Patchstack
Patchstack
•added 2014/07/28 12:0 a.m.•19 views

WordPress Vitamin Plugin <= 1.0.9 - Multiple Directory Traversal

Because of these vulnerabilities, the attackers can access arbitrary files in the "path" parameter. Solution Update the plugin...

5CVSS4.9AI score0.03217EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/07/28 12:0 a.m.•19 views

WordPress FB Gorilla Plugin - SQL Injection

This WordPress FB Gorilla plugin's "gameplay.php" is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

7.5CVSS3.9AI score0.04358EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/07/18 12:0 a.m.•19 views

WordPress Gallery Objects Plugin 0.4 - SQL Injection

This WordPress Gallery Objects plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

7.5CVSS3.7AI score0.04594EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•19 views

WordPress WP Ultimate Email Marketer Plugin <= 1.1.0 - XSS

Because of these vulnerabilities in contact/edit.php, the attackers can inject arbitrary web script or HTML via the "contact" or "listname"parameter. Solution Update the plugin...

4.3CVSS3.1AI score0.01618EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•19 views

WordPress Silverlight Media Player Plugin <= 0.8 - XSS

Because of this vulnerability in uploader.php, the attackers can inject arbitrary web script or HTML via the "postid" parameter. Solution Update the plugin...

4.3CVSS2.8AI score0.01618EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•19 views

WordPress Video Posts Webcam Recorder Plugin <= 1.55.4 - XSS

Because of this vulnerability in posts/videowhisper/rlogout.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2AI score0.01618EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•19 views

WordPress CBI Referral Manager Plugin <= 1.2.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "searchString" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•19 views

WordPress BIC Media Widget Plugin <= 1.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "param" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•19 views

WordPress Verification Code for Comments Plugin <= 2.1.0 - Multiple XSS

Because of these vulnerabilities in vcc.js.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.3AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•19 views

WordPress WP Plugin Manager Plugin <= 1.6.4.b - XSS

Because of this vulnerability in wp-plugins-net/index.php, the attackers can inject arbitrary web script or HTML via the "filter" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•19 views

WordPress WP FaceThumb Plugin <= 1.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "ajaxurl" parameter to index.php. Solution Update the plugin...

4.3CVSS3AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/06/23 12:0 a.m.•19 views

WordPress Responsive Preview Plugin <= 1.1 - XSS

Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.4AI score0.02046EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/05/28 12:0 a.m.•19 views

WordPress Tera Charts Plugin - Remote Path Traversal File Disclosure

Tera Charts plugin's zoomabletreemap.php "fn" parameter is prone to remote path traversal file disclosure vulnerability that allow an attacker to get potentially sensitive information. Other attacks are also possible. Solution Update the plugin...

5CVSS4.8AI score0.18734EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/05/22 12:0 a.m.•19 views

WordPress Contact Bank Plugin <= 2.0.19 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the Label field, related to form layout configuration. Solution Update the plugin...

4.3CVSS2.3AI score0.01948EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2014/03/19 12:0 a.m.•19 views

WordPress File Gallery Plugin <= 1.7.9.1 - Arbitrary Code Execution

This plugin does not properly escape strings, which allows remote administrators to execute arbitrary PHP code. Solution Update the plugin...

6.5CVSS6.2AI score0.01746EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/01/20 12:0 a.m.•19 views

WordPress <= 3.0.0

A WordPress multi-site installation, permanently retains the "site administrators can add users" option once changed which might allow authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an "add" action after a temporary change. Solution Update...

2.1CVSS4AI score0.02206EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/01/16 12:0 a.m.•19 views

WordPress Newsletter Manager Plugin <= 1.0.1 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2AI score0.02058EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2014/01/08 12:0 a.m.•19 views

WordPress Recommend To a Friend Plugin <= 2.0.2 - XSS

Because of this vulnerability in inc/rafform.php, the attackers can inject arbitrary web script or HTML via the "currenturl" parameter. Solution Update the plugin...

4.3CVSS2.9AI score0.0238EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/12/17 12:0 a.m.•19 views

WordPress 2.0.11 - Cross Site Request Forgery

WordPress 2.0.11 version is prone to a cross site request forgery via "/wp-admin/options-discussion.php". It allows an attacker to perform certain unauthorized actions in the context of the affected application. Solution Update WordPress...

6.8CVSS5.5AI score0.0384EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/11/23 12:0 a.m.•19 views

WordPress Blue Wrench Video Widget Plugin - Cross Site Request Forgery

WordPress Blue Wrench Video Widget plugin is prone to a cross-site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session. Solution Upgrade the plugin...

6.8CVSS3.1AI score0.02884EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2013/04/22 12:0 a.m.•19 views

WordPress WP Photo Album Plus Plugin <= 5.0.2 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "commentid" parameter in a wppamanagecomments edit action. Solution Update the plugin...

4.3CVSS2.6AI score0.01601EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/03/26 12:0 a.m.•19 views

WordPress Dropdown Menu Widget Plugin <= 1.7.1 - CSRF and XSS

Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that insert cross-site scripting sequences. Solution Update the plugin...

6.8CVSS4.2AI score0.00954EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2013/03/22 12:0 a.m.•19 views

WordPress WP MailUp Plugin <= 1.3.1 - BYPASS

Because of this vulnerability, the attackers can modify plugin settings and conduct cross-site scripting attacks via unspecified vectors. Solution Update the plugin...

5CVSS4.8AI score0.02375EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000