Lucene search
K
PatchstackMost viewed

46677 matches found

Patchstack
Patchstack
added 2026/06/17 4:48 p.m.18 views

WordPress Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Meher Sudhakar Abbireddi in WordPress Plugin Orbit Fox by ThemeIsle versions = 3.0.6...

4.4CVSS5.2AI score0.00203EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/02 8:26 a.m.18 views

WordPress Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution vulnerability

Authenticated Contributor+ Remote Code Execution vulnerability discovered by kai63001 in WordPress Plugin Spectra versions = 2.19.25...

8.8CVSS5.8AI score0.01174EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2026/05/29 1:33 p.m.18 views

WordPress LiteSpeed Cache plugin <= 7.7 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin LiteSpeed Cache versions = 7.7...

7.2CVSS5.8AI score0.00359EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/18 4:22 p.m.18 views

NPM: brace-expansion: Large numeric range defeats documented `max` DoS protection

NPM: brace-expansion: Large numeric range defeats documented max DoS protection vulnerability discovered by ? in WordPress Npm brace-expansion versions = 5.0.0, 5.0.6...

6.5CVSS5.8AI score0.00278EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/11 3:56 p.m.18 views

NPM: Next.js has a Denial of Service in the Image Optimization API

NPM: Next.js has a Denial of Service in the Image Optimization API vulnerability discovered by ? in WordPress Npm next versions = 10.0.0, 15.5.16...

5.9CVSS5.8AI score0.00657EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2026/01/12 9:41 p.m.18 views

WordPress Quiz Maker plugin < 6.7.0.89 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bakir Tuči in WordPress Plugin Quiz Maker versions 6.7.0.89...

4.8CVSS6.1AI score0.00185EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/24 5:45 a.m.18 views

WordPress Flex Store Users plugin <= 1.1.0 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by シルAsuna in WordPress Plugin Flex Store Users versions = 1.1.0...

9.8CVSS6.7AI score0.00317EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/07 7:47 a.m.18 views

WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin Site Chat on Telegram versions = 1.0.4...

9.8CVSS6.9AI score0.00503EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/06/05 1:44 a.m.18 views

WordPress SEPA Girocode plugin <= 0.5.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin SEPA Girocode versions = 0.5.1...

6.5CVSS5.9AI score0.00174EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/05/21 8:14 p.m.18 views

WordPress Digits plugin < 8.4.6.1 - Auth Bypass via OTP Bruteforcing vulnerability

Auth Bypass via OTP Bruteforcing vulnerability discovered by Saleh Tarawneh in WordPress Plugin Digits versions 8.4.6.1...

9.8CVSS8.7AI score0.16444EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
added 2025/05/19 7:38 p.m.18 views

WordPress All in One SEO Pack plugin <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Meta Description and Canonical URL vulnerability discovered by Ivan Kuzymchak in WordPress Plugin All In One SEO Pack versions = 4.8.1.1...

6.4CVSS6.3AI score0.00265EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/04/30 1:18 p.m.18 views

WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Denver Jackson Patchstack Alliance in WordPress Plugin OttoKit versions = 1.0.82...

9.8CVSS9.4AI score0.5088EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2025/04/21 4:22 p.m.18 views

WordPress Greenshift plugin 11.4-11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by mikemyers in WordPress Plugin Greenshift versions 11.4-11.4.5...

8.8CVSS8.9AI score0.02027EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/11/27 12:0 a.m.18 views

WordPress Contest Gallery Plugin <= 24.0.7 is vulnerable to Privilege Escalation

Software Contest Gallery Type Plugin Vulnerable versions = 24.0.7 Fixed in 24.0.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11103 Patch priority High CVSS severity High 9.8 Developer Wasiliy Strecker PSID 917060960355 Credits...

6.5AI score0.00747EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/26 12:0 a.m.18 views

WordPress ProfilePress Plugin <= 4.15.18 is vulnerable to Sensitive Data Exposure

Software ProfilePress Type Plugin Vulnerable versions = 4.15.18 Fixed in 4.15.19 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-11083 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e80f39bc400e Credits Francesco Carlucci...

5.3CVSS6.6AI score0.00399EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/21 12:0 a.m.18 views

WordPress Ultimate Member Plugin <= 2.8.9 is vulnerable to Broken Access Control

Software Ultimate Member Type Plugin Vulnerable versions = 2.8.9 Fixed in 2.9.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10528 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 65aa5e86b9d5 Credits tiborisaak Required privilege...

4.3CVSS6.9AI score0.00564EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/21 12:0 a.m.18 views

WordPress System Dashboard Plugin < 2.8.15 is vulnerable to Path Traversal

Software System Dashboard Type Plugin Vulnerable versions 2.8.15 Fixed in 2.8.15 OWASP Top 10 A4: Insecure Design Classification Path Traversal CVE CVE-2024-10708 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 8350df71b2da Credits Dogus DEMIRKIRAN Required privilege...

6.5AI score0.01974EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/11/19 12:0 a.m.18 views

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9653 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership...

6.1CVSS5.6AI score0.00314EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/19 12:0 a.m.18 views

WordPress ProfileGrid Plugin <= 5.9.3.6 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.9.3.6 Fixed in 5.9.3.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10900 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e7fdd2a43e49 Credits 1337Wannabe Required...

8.1CVSS6.5AI score0.00464EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/18 12:0 a.m.18 views

WordPress Awesome Studio Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Awesome Studio Type Plugin Vulnerable versions = 2.4.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52456 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 83cb8daf8eb9 Credits Le Ngoc Anh Required privilege...

6.5AI score0.00339EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/15 12:0 a.m.18 views

WordPress Popup box Plugin <= 4.9.7 is vulnerable to Broken Access Control

Software Popup box Type Plugin Vulnerable versions = 4.9.7 Fixed in 4.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10861 Patch priority Low CVSS severity Low 5.2 Developer Claim ownership PSID bfd2e007cc0d Credits Trương Hữu Phúc truonghuuphuc...

5.3CVSS6.5AI score0.00378EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.18 views

WordPress WP Project Manager Plugin <= 2.6.13 is vulnerable to Insecure Direct Object References (IDOR)

Software WP Project Manager Type Plugin Vulnerable versions = 2.6.13 Fixed in 2.6.14 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-10174 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 6aaed61c0d51 Credits stealthcopt...

7.3CVSS6.5AI score0.00637EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.18 views

WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Privilege Escalation

Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2024-10800 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 90d7101cbd67 Credits Tonn Required privilege...

8.8CVSS6.5AI score0.00789EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.18 views

WordPress Exclusive Content Password Protect Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Exclusive Content Password Protect Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-52402 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID b722ce5d7201 Credits...

9.6CVSS6.6AI score0.00781EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/11/12 12:0 a.m.18 views

WordPress Relais 2FA Plugin <= 1.0 is vulnerable to Broken Authentication

Software Relais 2FA Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10245 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 461a7cd31084 Credits István Márton...

9.8CVSS6.8AI score0.01162EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.18 views

WordPress RSV 360 View Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software RSV 360 View Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51906 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 10130673798c Credits SOPROBRO Required privilege Contributor...

6.5CVSS6.6AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.18 views

WordPress Debug Tool Plugin <= 2.2 is vulnerable to Arbitrary File Upload

Software Debug Tool Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-10586 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 9bf09e1be202 Credits Francesco Carlucci Required privilege...

9.8CVSS7.2AI score0.02085EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.18 views

WordPress Provide Forex Signals Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Provide Forex Signals Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52344 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 641cced34713 Credits SOPROBRO Required privilege...

6.5CVSS6.9AI score0.00231EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.18 views

WordPress News Articles Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software News Articles Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51897 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b2e622b9d30c Credits SOPROBRO Required privilege Contributor...

6.5CVSS6.5AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.18 views

WordPress WooCommerce Support Ticket System Plugin <= 17.6 is vulnerable to Arbitrary File Deletion

Software WooCommerce Support Ticket System Type Plugin Vulnerable versions = 17.6 Fixed in 17.8 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-10625 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID b5c39d8368a0 Credits Tonn Required privile...

9.8CVSS6.8AI score0.00996EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.18 views

WordPress Plenigo Plugin <= 1.12.0 is vulnerable to Cross Site Scripting (XSS)

Software Plenigo Type Plugin Vulnerable versions = 1.12.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51832 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID be08c327ab53 Credits SOPROBRO Required privilege Contributor Publish...

6.5CVSS6.5AI score0.00374EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.18 views

WordPress Th Shop Mania Theme <= 1.4.9 is vulnerable to Arbitrary Code Execution

Software Th Shop Mania Type Theme Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary Code Execution CVE CVE-2024-10674 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 314680b4b995 Credits Sean...

8.8CVSS6.7AI score0.01683EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/11/05 12:0 a.m.18 views

WordPress Element Pack Elementor Addons Plugin <= 5.10.2 is vulnerable to Cross Site Scripting (XSS)

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.10.2 Fixed in 5.10.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9657 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fe1ff0e5049a Credits Webberna...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.18 views

WordPress Loginizer Plugin <= 1.9.2 is vulnerable to Broken Authentication

Software Loginizer Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10097 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 240cee809d7c Credits wesley wcraf...

8.1CVSS8AI score0.00666EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.18 views

WordPress CF7 WOW Styler Plugin <= 1.6.8 is vulnerable to Cross Site Scripting (XSS)

Software CF7 WOW Styler Type Plugin Vulnerable versions = 1.6.8 Fixed in 1.6.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51689 Patch priority Medium CVSS severity Medium 7.1 Developer Tobias PSID 34b5f0049a13 Credits Le Ngoc Anh Required privilege...

7.1CVSS7AI score0.00259EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/01 12:0 a.m.18 views

WordPress BBP Core - Expand bbPress powered forums with useful features Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software BBP Core - Expand bbPress powered forums with useful features Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9896 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownershi...

6.1CVSS5.7AI score0.00368EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/30 12:0 a.m.18 views

WordPress Multi Purpose Mail Form Plugin <= 1.0.2 is vulnerable to Arbitrary File Upload

Software Multi Purpose Mail Form Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50526 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 077c15d9e1a1 Credits stealthcopter Required privilege...

10CVSS6.9AI score0.00611EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2024/10/28 12:0 a.m.18 views

WordPress Contact Form 7 Telegram Plugin <= 0.8.5 is vulnerable to Broken Access Control

Software Contact Form 7 Telegram Type Plugin Vulnerable versions = 0.8.5 Fixed in 0.8.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9629 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc9031e15885 Credits István Márton Required...

5.4CVSS6.9AI score0.00372EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.18 views

WordPress Meetup Plugin <= 0.1 is vulnerable to Broken Authentication

Software Meetup Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-50483 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 6432286e77c7 Credits Bonds Required...

9.8CVSS6.8AI score0.02382EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.18 views

WordPress Uix Shortcodes Plugin <= 1.9.9 is vulnerable to Arbitrary Code Execution

Software Uix Shortcodes Type Plugin Vulnerable versions = 1.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9772 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID a42f828d9a99 Credits Francesco Carlucci Required privilege...

7.3CVSS7AI score0.01411EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.18 views

WordPress WPS Telegram Chat Plugin <= 4.5.4 is vulnerable to Broken Access Control

Software WPS Telegram Chat Type Plugin Vulnerable versions = 4.5.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9630 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9cb16fad33b1 Credits István Márton Required privile...

5.4CVSS6.5AI score0.00263EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.18 views

WordPress WP Booking System Plugin <= 2.0.19.10 is vulnerable to Broken Access Control

Software WP Booking System Type Plugin Vulnerable versions = 2.0.19.10 Fixed in 2.0.19.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-50425 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID ad36b04a505d Credits Trương Hữu Phúc...

6.5CVSS6.5AI score0.00423EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.18 views

WordPress League of Legends Shortcodes Plugin <= 1.0.1 is vulnerable to SQL Injection

Software League of Legends Shortcodes Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10341 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID e710f3b6d815 Credits István Márton Required privilege...

6.5CVSS6.8AI score0.00433EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/23 12:0 a.m.18 views

WordPress WC Marketplace Plugin <= 4.2.4 is vulnerable to Broken Access Control

Software WC Marketplace Type Plugin Vulnerable versions = 4.2.4 Fixed in 4.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9531 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7dab4da2d17f Credits Tieu Pham Trong Nhan Required...

4.3CVSS6.5AI score0.00334EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/21 12:0 a.m.18 views

WordPress TI WooCommerce Wishlist Plugin <= 2.9.0 is vulnerable to SQL Injection

Software TI WooCommerce Wishlist Type Plugin Vulnerable versions = 2.9.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9156 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 2b353481dee7 Credits John Castro Required privilege...

7.5CVSS6.8AI score0.00391EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.18 views

WordPress WP Dropbox Dropins Plugin <= 1.0 is vulnerable to Arbitrary File Upload

Software WP Dropbox Dropins Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49607 Patch priority High CVSS severity High 10 Developer Claim ownership PSID bc49371a8bf9 Credits stealthcopter Required privilege...

10CVSS6.9AI score0.01026EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/17 12:0 a.m.18 views

WordPress Giveaway Boost Plugin <= 2.1.4 is vulnerable to PHP Object Injection

Software Giveaway Boost Type Plugin Vulnerable versions = 2.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49332 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dc16e9530c12 Credits Mika Required privilege Unauthenticated...

9.8CVSS6.9AI score0.00509EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.18 views

WordPress Simple Custom Post Order Plugin <= 2.5.7 is vulnerable to Broken Access Control

Software Simple Custom Post Order Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49321 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0c22de4a69ef Credits Rafie Muhammad...

4.3CVSS6.9AI score0.00319EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.18 views

WordPress ElementInvader Addons for Elementor Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software ElementInvader Addons for Elementor Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9888 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2293b37c11ea Credits Coli...

5.4CVSS5.8AI score0.00256EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.18 views

WordPress AppPresser Plugin <= 4.4.4 is vulnerable to Privilege Escalation

Software AppPresser Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2024-9305 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 2966965459f6 Credits wesley wcraft Required privilege...

9.8CVSS6.5AI score0.00662EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000