Lucene search
K
PatchstackMost viewed

46571 matches found

Patchstack
Patchstack
added 2021/02/18 12:0 a.m.37 views

WordPress Backup Guard plugin <= 1.5.9 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability found by Nguyen Van Khanh in WordPress Backup Guard plugin versions = 1.5.9. Solution Update the WordPress Backup Guard plugin to the latest available version at least 1.6.0...

7.2CVSS3.5AI score0.84112EPSS
Exploits9References3Affected Software1
Patchstack
Patchstack
added 2019/01/08 12:0 a.m.37 views

WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability

Unauthenticated Server Side Request Forgery SSRF vulnerability found in WordPress JSmol2WP plugin versions = 1.07. Solution 08.01.2019 - we were unable to find a patched version of this plugin. According to WordPess.org plugin repository, this plugin was closed on January 7, 2019 and is no longer...

7.5CVSS3.6AI score0.13078EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2018/12/13 12:0 a.m.37 views

WordPress <= 5.0 - Authenticated Post Type Bypass vulnerability

Authenticated Post Type Bypass vulnerability found by RIPS Technologies in WordPress versions = 5.0. Solution Update WordPress to the latest available version at least 5.0.1...

3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/01/07 12:0 a.m.37 views

WordPress Simple Security Plugin <= 1.1.5 - Multiple XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the 1 "datefilter" parameter in the accesslog page to wp-admin/users.php. Solution Update the plugin...

4.3CVSS2.7AI score0.01618EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2014/10/13 12:0 a.m.37 views

WordPress BulletProof Security Plugin <= .51 - SSRF

Because of this server side request forgery vulnerability in admin/htaccess/bpsunlock.php, the attackers can trigger outbound requests that authenticate to arbitrary databases via the "dbhost" parameter. Solution Update the plugin...

5CVSS4.9AI score0.01888EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2014/04/04 12:0 a.m.37 views

WordPress XCloner Plugin 3.1.0 - CSRF

XCloner plugin is prone to a cross-site request forgery vulnerability that exists because of insufficient verification of HTTP request origin. The attackers can trick a logged-in administrator to visit a specially crafted webpage and create a website backup. Solution Update to XCloner 3.1.1...

6.8CVSS2.6AI score0.02828EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2014/02/28 12:0 a.m.37 views

WordPress VideoWhisper Plugin 4.27.3 - Multiple Vulnerabilities

VideoWhisper plugin is prone to multiple vulnerabilities, such as arbitrary file upload and cross-site scripting XSS and information exposure through externally-generated error message in VideoWhisper Live Streaming Integration: CVE-2014-1908. Solution Upgrade to VideoWhisper Live Streaming...

10CVSS4.1AI score0.1036EPSS
Exploits8References1Affected Software1
Patchstack
Patchstack
added 2014/02/07 12:0 a.m.37 views

WordPress VideoWhisper Live Streaming Integration Plugin <= 4.29.4 - Multiple Directory Traversal

Because of these vulnerabilities, the attackers can delete arbitrary files in the "s" parameter to ls/rtmplogout.php or read arbitrary files in the "s" parameter to ls/rtmplogin.php. Solution Update the plugin...

6.4CVSS5.2AI score0.1093EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
added 2012/06/14 12:0 a.m.37 views

WordPress SWFUpload Plugin <= 2.2.0.1 - XSS #1

Because of this vulnerability in swfupload.swf, the attackers can inject arbitrary web script or HTML via the "movieName" parameter. Solution Update the plugin...

4.3CVSS3.3AI score0.09088EPSS
Exploits10References1Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.36 views

WordPress TNC PDF viewer Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software TNC PDF viewer Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47372 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9e1d9364ffe7 Credits SOPROBRO Required privilege Editor...

5.9CVSS6.5AI score0.00251EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.36 views

WordPress JobSearch Plugin <= 2.5.9 is vulnerable to PHP Object Injection

Software JobSearch Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-47636 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5e0aa88de68e Credits Bonds Required privilege Unauthenticated...

9.8CVSS6.8AI score0.00543EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/11/23 12:0 a.m.36 views

WordPress Activello theme <= 1.4.4 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability

Auth. Reflected Cross-Site Scripting XSS vulnerability in the ajax action 'activellodismissrecommendedplugins' discovered by Brandon Roldan Patchstack Alliance in the WordPress Activello theme versions = 1.4.4. Solution No patched version available...

3.3AI score0.00471EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.36 views

WordPress Gallery Images Ape plugin <= 2.2.8 - Auth. Broken Access Control vulnerability

Auth. Broken Access Control vulnerability leading to Gallery Duplication discovered by thiennv Patchstack Alliance in WordPress Gallery Images Ape plugin versions = 2.2.8. Solution No patched version is available. No reply from the vendor...

4AI score0.00316EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/03 12:0 a.m.36 views

WordPress Blog2Social plugin <= 6.9.9 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Sakri Rafael Koskimies in WordPress Blog2Social plugin versions = 6.9.9. Solution Update the WordPress Blog2Social plugin to the latest available version at least 6.9.10...

8.8CVSS3AI score0.01049EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/26 12:0 a.m.36 views

WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability

Insecure direct object references IDOR vulnerability that allows subscriber+ users to mark any forum post as Private/Public was discovered by Dhakal Ananda Patchstack Alliance in the WordPress wpForo Forum plugin versions = 2.0.5. Solution Update the WordPress wpForo Forum plugin to the latest...

6.3CVSS3.1AI score0.00455EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/23 12:0 a.m.36 views

WordPress Backup Scheduler plugin <= 1.5.13 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes in WordPress Backup Scheduler plugin versions = 1.5.13. Solution Deactivate and delete. This plugin has been closed as of September 19, 2022 and is not available for download. This closure is temporary, pending a full review...

8.8CVSS3AI score0.00344EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/16 12:0 a.m.36 views

WordPress WP Database Backup Plugin <= 5.8.3 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Raad Haddad in WP Database Backup plugin versions = 5.8.3 Solution Update the WordPress WP Database Backup plugin to the latest available version at least 5.9...

4.8CVSS1.5AI score0.00403EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/08/15 12:0 a.m.36 views

WordPress Visual Portfolio Plugin <= 2.17.1 - Unauthenticated CSS Injection vulnerability

Unauthenticated CSS Injection vulnerability discovered by Krzysztof Zając in Visual Portfolio plugin versions = 2.17.1 Solution Update the WordPress Visual Portfolio, Photo Gallery & Post Grid plugin to the latest available version at least 1.18.0...

6.1CVSS3.4AI score0.00477EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/12 12:0 a.m.36 views

WordPress WSM Downloader plugin <= 1.4.0 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by Raad Haddad in WordPress WSM Downloader plugin versions = 1.4.0. Solution Deactivate and delete. This plugin has been closed as of July 8, 2022 and is not available for download. This closure is temporary, pending a full review...

7.5CVSS2.1AI score0.01158EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2022/07/05 12:0 a.m.36 views

WordPress WP Visitor Statistics plugin <= 5.7 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities

Multiple Unauthenticated SQL Injection SQLi vulnerabilities were discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in the WordPress WP Visitor Statistics plugin versions = 5.7. Solution Update the WordPress WP Visitor Statistics plugin to the latest available version at least 5.8...

9.8CVSS2.8AI score0.03413EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/07/04 12:0 a.m.36 views

WordPress Allow SVG Files plugin <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Luan Pedersini in WordPress Allow SVG Files plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of July 1, 2022 and is not available for download. This closure is temporary, pending a full...

5.4CVSS2.4AI score0.00512EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/06/08 12:0 a.m.36 views

WordPress API KEY for Google Maps plugin <= 1.2.1 - CSRF vulnerability leading to Google Maps API key update

CSRF vulnerability leading to Google Maps API key update discovered by Rasi Afeef Patchstack Alliance in WordPress API KEY for Google Maps plugin versions = 1.2.1. Solution Update the WordPress API KEY for Google Maps plugin to the latest available version at least 1.2.2...

5.4CVSS2.9AI score0.00415EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/05/16 12:0 a.m.36 views

WordPress Counter Box plugin <= 1.1.1 - Authenticated Local File Inclusion (LFI) vulnerability

Authenticated Local File Inclusion LFI vulnerability discovered by 0xB9 Patchstack Alliance in WordPress Counter Box plugin versions = 1.1.1. Solution Update the WordPress Counter Box plugin to the latest available version at least 1.2...

7.2CVSS3.6AI score0.00979EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/28 12:0 a.m.36 views

WordPress Countdown & Clock plugin <= 2.4.7 - Pro Features Lock Bypass vulnerability

Pro Features Lock Bypass vulnerability discovered by Ex.Mi Patchstack in WordPress Countdown & Clock plugin versions = 2.4.7. Solution No patched version is available...

9.8CVSS3.5AI score0.01047EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/25 12:0 a.m.36 views

WordPress 3xSocializer plugin <= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Alliance in WordPress 3xSocializer plugin versions = 0.98.22. Solution No patched version is available. Deactivate and delete. This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may n...

8.8CVSS3AI score0.00813EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/19 12:0 a.m.36 views

WordPress Visual Slide Box Builder plugin <= 3.2.9 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by p7e4 in WordPress Visual Slide Box Builder plugin versions = 3.2.9. Solution Deactivate and delete. This plugin has been closed as of March 30, 2022 and is not available for download. This closure is temporary, pending a full review...

8.8CVSS3.1AI score0.01312EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/04/13 12:0 a.m.36 views

WordPress WP Video Gallery plugin <= 1.7.1 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress WP Video Gallery plugin versions = 1.7.1. Solution Deactivate and delete. This plugin has been closed as of March 29, 2022 and is not available for download. This closure is temporary, pending a full review...

9.8CVSS3.4AI score0.09047EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/04/01 12:0 a.m.36 views

WordPress Page Restriction WordPress (WP) plugin <= 1.2.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Niraj Mahajan in WordPress Page Restriction WordPress WP plugin versions = 1.2.6. Solution Update the WordPress Page Restriction WordPress WP plugin to the latest available version at least 1.2.7...

4.8CVSS1.5AI score0.00577EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/29 12:0 a.m.36 views

WordPress DW Question & Answer Pro premium plugin <= 1.3.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Brandon Roldan in WordPress DW Question & Answer Pro premium plugin versions = 1.3.4. Solution No patched version is available...

4.3CVSS3.2AI score0.00421EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/29 12:0 a.m.36 views

WordPress myCred plugin <= 2.4.3 - Arbitrary Post Creation vulnerability

Arbitrary Post Creation vulnerability discovered by Krzysztof Zając in WordPress myCred plugin versions = 2.4.3. Solution Update the WordPress myCred plugin to the latest available version at least 2.4.4...

4.3CVSS2.7AI score0.00333EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/03/15 12:0 a.m.36 views

WordPress Grid Kit Portfolio plugin <= 2.0.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Grid Kit Portfolio plugin versions = 2.0.0. Solution Update the WordPress Grid Kit Portfolio plugin to the latest available version at least 2.1.0...

5.4CVSS1.5AI score0.00591EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/07 12:0 a.m.36 views

WordPress Popup Builder plugin <= 4.1.0 - SQL Injection (SQLi) vulnerability to Reflected Cross-Site Scripting (XSS)

SQL Injection SQLi vulnerability to Reflected Cross-Site Scripting XSS discovered by Krzysztof Zając in WordPress Popup Builder plugin versions = 4.1.0. Solution Update the WordPress Popup Builder plugin to the latest available version at least 4.1.1...

9.8CVSS1.9AI score0.4408EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/01 12:0 a.m.36 views

WordPress File Upload Pro premium plugin <= 4.16.2 - Contributor+ Path Traversal vulnerability leading to Remote Code Execution (RCE)

Contributor+ Path Traversal vulnerability leading to Remote Code Execution RCE discovered by apple502j in WordPress File Upload Pro premium plugin versions = 4.16.2. Solution Update the WordPress File Upload Pro premium plugin to the latest available version at least 4.16.3...

8.8CVSS4.1AI score0.02849EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/19 12:0 a.m.36 views

WordPress Advanced Access Manager plugin <= 6.7.9 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Huy Nguyen in WordPress Advanced Access Manager plugin versions = 6.7.9. Solution Update the WordPress Advanced Access Manager plugin to the latest available version at least 6.8.0...

4.8CVSS1.8AI score0.00654EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/09 12:0 a.m.36 views

WordPress AddToAny Share Buttons plugin <= 1.7.45 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress AddToAny Share Buttons plugin versions = 1.7.45. Solution Update the WordPress AddToAny Share Buttons plugin to the latest available version at least 1.7.46...

5.4CVSS2AI score0.00624EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/03/03 12:0 a.m.36 views

WordPress WP Hotel Booking plugin <= 1.10.2 - Unauthenticated Remote Code Execution (RCE) via Arbitrary Object Deserialisation vulnerability

Unauthenticated Remote Code Execution RCE via Arbitrary Object Deserialisation vulnerability discovered by Nick Blundell AppCheck Ltd in WordPress WP Hotel Booking plugin versions = 1.10.2. Solution Update the WordPress WP Hotel Booking plugin to the latest available version at least 1.10.3...

9.8CVSS4.8AI score0.14269EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/08/24 12:0 a.m.36 views

WordPress Autoptimize plugin <= 2.7.6 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability found by Nguyen Van Khanh SunCSR in WordPress Autoptimize plugin versions = 2.7.6. Solution Update the WordPress Autoptimize plugin to the latest available version at least = 2.7.7...

7.2CVSS3.6AI score0.13139EPSS
Exploits6References2Affected Software1
Patchstack
Patchstack
added 2013/10/14 12:0 a.m.36 views

WordPress Cart66 Plugin 1.5.1.14 - Multiple Vulnerabilities

There are multiple vulnerabilities in WordPress Cart66 plugin. These vulnerabilities are CSRF and stored XSS. Solution Update the plugin...

6.8CVSS2.3AI score0.03154EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
added 2012/12/07 12:0 a.m.36 views

WordPress Simple Gmail Login Plugin - Stack Trace Information Disclosure

WordPress Simple Gmail Login plugin is prone to an information disclosure vulnerability that allows an attacker to obtain sensitive information and in this way lead to further attacks. Solution Update the plugin...

5CVSS2.3AI score0.07182EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/07/18 4:2 a.m.35 views

WordPress School Management System plugin <= 93.1.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update vulnerability

Authenticated Subscriber+ Local File Inclusion to Privilege Escalation via Password Update vulnerability discovered by Thái An in WordPress Plugin School Management versions = 93.1.0...

8.8CVSS6.7AI score0.00675EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/26 12:0 a.m.35 views

WordPress Elementor Website Builder Plugin <= 3.25.7 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.25.7 Fixed in 3.25.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8236 Patch priority Low CVSS severity Low 6.5 Developer Elementor PSID 7daadbd579b8 Credits wesley wcraft...

6.4CVSS5.8AI score0.00362EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/09/12 12:0 a.m.35 views

WordPress MasterStudy LMS Plugin < 3.0.18 is vulnerable to Privilege Escalation

Software MasterStudy LMS Type Plugin Vulnerable versions 3.0.18 Fixed in 3.0.18 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-4278 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 7e43b36b9353 Credits Revan...

7.5CVSS6.8AI score0.03495EPSS
Exploits6References4Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.35 views

WordPress AFS Analytics plugin <= 4.17 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress AFS Analytics plugin versions = 4.17. Solution No patched version is available. No reply from the vendor...

2.9AI score0.00392EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/12 12:0 a.m.35 views

WordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin versions = 1.1.0. Solution Update the WordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce plugin to the latest...

7.5CVSS3AI score0.00704EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/09/23 12:0 a.m.35 views

WordPress MailOptin plugin <= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion vulnerability

An unauthenticated Optin Campaign Cache Deletion vulnerability was discovered by Muhammad Daffa Patchstack Alliance in the WordPress MailOptin plugin versions = 1.2.49.0. Solution Update the WordPress MailOptin plugin to the latest available version at least 1.2.50.0...

6.5CVSS3.9AI score0.00632EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/09/15 12:0 a.m.35 views

WordPress TaskBuilder plugin <= 1.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability via SVG file upload discovered by Rizacan Tufan in WordPress TaskBuilder plugin versions = 1.0.7. Solution Update the WordPress Taskbuilder plugin to the latest available version at least 1.0.8...

5.4CVSS3AI score0.00468EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/05 12:0 a.m.35 views

WordPress All in One SEO plugin <= 4.2.3.1 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in The WordPress All in One SEO plugin versions = 4.2.3.1. Solution Update the WordPress All In One SEO Pack plugin to the latest available version at least 4.2.4...

8.8CVSS3.7AI score0.00322EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/25 12:0 a.m.35 views

WordPress About Me plugin <= 1.0.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ptsfence Patchstack Alliance in WordPress About Me plugin versions = 1.0.12. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full review...

9.8CVSS4.9AI score0.00735EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/02 12:0 a.m.35 views

WordPress Button Plugin MaxButtons plugin <= 9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Button Plugin MaxButtons plugin versions = 9.2. Solution Update the WordPress MaxButtons plugin to the latest available version at least 9.3...

4.8CVSS3.1AI score0.00413EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/01 12:0 a.m.35 views

WordPress Advanced Custom Fields PRO premium plugin <= 5.12.2 - Unauthenticated File Upload vulnerability

Unauthenticated File Upload vulnerability discovered by James Golovich in WordPress Advanced Custom Fields PRO premium plugin versions = 5.12.2. Solution Update the WordPress Advanced Custom Fields PRO plugin to the latest available version at least 5.12.3...

8.8CVSS2.8AI score0.01264EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities5000