Lucene search
K
PatchstackMost viewed

46662 matches found

Patchstack
Patchstack
added 2024/04/22 12:0 a.m.18 views

WordPress Royal Elementor Kit Theme <= 1.0.116 is vulnerable to Cross Site Request Forgery (CSRF)

Software Royal Elementor Kit Type Theme Vulnerable versions = 1.0.116 Fixed in 1.0.117 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32773 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4da5c371e0b8 Credits Dhabaleshwar...

4.3CVSS6.6AI score0.002EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.18 views

WordPress WP Club Manager Plugin <= 2.2.11 is vulnerable to Broken Access Control

Software WP Club Manager Type Plugin Vulnerable versions = 2.2.11 Fixed in 2.2.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32719 Patch priority Low CVSS severity Low 5.3 Developer WP Club Manager PSID 9c15961e31ea Credits Mika Required privilege...

5.3CVSS6.6AI score0.00507EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/19 12:0 a.m.18 views

WordPress User Registration Plugin <= 3.1.5 is vulnerable to Broken Access Control

Software User Registration Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-2417 Patch priority High CVSS severity High 8.8 Developer Masteriyo PSID f4d185ab446a Credits Stiofan Required privilege...

8.8CVSS6.5AI score0.00938EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.18 views

WordPress WP 404 Auto Redirect to Similar Post Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WP 404 Auto Redirect to Similar Post Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32559 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c85034ba240a Credits AtaTurk1925...

7.1CVSS6.5AI score0.00394EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.18 views

WordPress Master Slider Plugin <= 3.9.8 is vulnerable to Cross Site Scripting (XSS)

Software Master Slider Type Plugin Vulnerable versions = 3.9.8 Fixed in 3.9.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32580 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7119ccf52d56 Credits LVT-tholv2k Required privilege Contribut...

6.5CVSS6.6AI score0.00317EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.18 views

WordPress WPBakery Page Builder Plugin <= 7.5 is vulnerable to Cross Site Scripting (XSS)

Software WPBakery Page Builder Type Plugin Vulnerable versions = 7.5 Fixed in 7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1805 Patch priority Low CVSS severity Low 6.5 Developer WPBakery PSID 39eddcd5a992 Credits Nikolas Required privilege...

6.4CVSS6AI score0.0032EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.18 views

WordPress Theme My Login Plugin <= 7.1.6 is vulnerable to Broken Access Control

Software Theme My Login Type Plugin Vulnerable versions = 7.1.6 Fixed in 7.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32525 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 11dbddbd2e7f Credits Abdi Pranata Required...

4.3CVSS6.5AI score0.00337EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.18 views

WordPress Element Pack Elementor Addons Plugin <= 5.5.6 is vulnerable to Sensitive Data Exposure

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.5.6 Fixed in 5.6.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2966 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 29f45f5357e3 Credits Krzysztof...

7.5CVSS6.9AI score0.00492EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/12 4:42 p.m.18 views

WordPress Legal Pages plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Legal Pages versions = 1.4.2...

4.3CVSS7AI score0.00212EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/12 12:0 a.m.18 views

WordPress Libsyn Publisher Hub Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Libsyn Publisher Hub Type Plugin Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32141 Patch priority Low CVSS severity Low 4.3 Developer Libsyn PSID c755cb3750aa Credits Majed Refaea Required...

4.3CVSS6.6AI score0.00216EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/11 12:0 a.m.18 views

WordPress Livemesh Addons for Elementor Plugin <= 8.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.3.6 Fixed in 8.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2539 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 9c3c1e135bc7 Credits Ngô Thiên ...

6.4CVSS5.8AI score0.00406EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/10 12:0 a.m.18 views

WordPress WOLF Plugin <= 1.0.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WOLF Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31430 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID de601e918847 Credits Dhabaleshwar Das Required...

8.8CVSS4.6AI score0.00224EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/08 12:0 a.m.18 views

WordPress NextGEN Gallery Plugin <= 3.59 is vulnerable to Broken Access Control

Software NextGEN Gallery Type Plugin Vulnerable versions = 3.59 Fixed in 3.59.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3097 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1d6376e4869c Credits Peng Zhou Required privilege...

5.3CVSS6.5AI score0.38023EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/08 12:0 a.m.18 views

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.4.2 is vulnerable to Broken Access Control

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3216 Patch priority Low CVSS severity Low 5.3 Developer Claim...

5.3CVSS6.6AI score0.00444EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.18 views

WordPress is vulnerable to Sensitive Data Exposure

Software WordPress Type WordPress Core Vulnerable versions = 6.4.3 Fixed in 6.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5692 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5d6f8d7b72aa Credits Francesco Carlucci Require...

5.3CVSS6.5AI score0.00741EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.18 views

WordPress Contact Form Email Plugin <= 1.3.44 is vulnerable to Sensitive Data Exposure

Software Contact Form Email Type Plugin Vulnerable versions = 1.3.44 Fixed in 1.3.45 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-31302 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 17dc1fca0d2c Credits...

5.3CVSS6.5AI score0.0047EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.18 views

WordPress Tracking Code Manager Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software Tracking Code Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31347 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 51665fb13771 Credits Abdi Pranata Required...

4.3CVSS6.8AI score0.00277EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/01 12:0 a.m.18 views

WordPress Essential Addons for Elementor Plugin <= 5.9.13 is vulnerable to PHP Object Injection

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.13 Fixed in 5.9.14 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3018 Patch priority Low CVSS severity Low 8 Developer WPDeveloper PSID b599dd4e668d Credits Ngô Thiên An ancorn Required...

8.8CVSS6.8AI score0.00775EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/28 12:0 a.m.18 views

WordPress Finale Lite Plugin <= 2.18.0 is vulnerable to Remote Code Execution (RCE)

Software Finale Lite Type Plugin Vulnerable versions = 2.18.0 Fixed in 2.18.1 OWASP Top 10 A1: Broken Access Control Classification Remote Code Execution RCE CVE CVE-2024-30485 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 351260d95e05 Credits Yudistira Arya Required...

8.8CVSS6.9AI score0.01038EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/03/25 12:0 a.m.18 views

WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom WooCommerce Checkout Fields Editor Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1697 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 655df2bce9e7...

6.4CVSS5.6AI score0.0043EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/19 12:0 a.m.18 views

WordPress Backup Bolt Plugin <= 1.3.0 is vulnerable to Sensitive Data Exposure

Software Backup Bolt Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.4.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-7236 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dd36f15c489e Credits Dmitrii Ignatyev Required...

6.5AI score0.0055EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/03/16 12:0 a.m.18 views

WordPress Post SMTP Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS)

Software Post SMTP Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29128 Patch priority Medium CVSS severity Medium 7.1 Developer WPExperts PSID d4415453cdb3 Credits Le Ngoc Anh Required privilege Unauthenticat...

7.1CVSS6.6AI score0.00382EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/15 12:0 a.m.18 views

WordPress WP Armour – Honeypot Anti Spam Plugin <= 2.1.13 is vulnerable to Cross Site Scripting (XSS)

Software WP Armour – Honeypot Anti Spam Type Plugin Vulnerable versions = 2.1.13 Fixed in 2.1.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29091 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0e1821a09d0d Credits Rafie Muhammad...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/15 12:0 a.m.18 views

WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.5.0 is vulnerable to Cross Site Scripting (XSS)

Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.5.0 Fixed in 4.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27994 Patch priority Medium CVSS severity Medium 7.1 Developer YITH PSID 8464da6f5a09 Credits Yudistira Arya Required...

7.1CVSS6.5AI score0.00398EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/12 12:0 a.m.18 views

WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.24 is vulnerable to Cross Site Scripting (XSS)

Software Elementor – Header, Footer & Blocks Template Type Plugin Vulnerable versions = 1.6.24 Fixed in 1.6.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1237 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d8efb70c30ae...

6.4CVSS6AI score0.00514EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/07 12:0 a.m.18 views

WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control

Software BuddyForms Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1170 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 07e9d4cd19c1 Credits Lucio Sá Required privilege...

8.2CVSS6.4AI score0.00725EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/02/28 12:0 a.m.18 views

WordPress Download Manager Plugin <= 3.2.84 is vulnerable to Broken Access Control

Software Download Manager Type Plugin Vulnerable versions = 3.2.84 Fixed in 3.2.85 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6785 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 049e661b5aa7 Credits wesley wcraft Required...

5.3CVSS6.5AI score0.00546EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/02/26 12:0 a.m.18 views

WordPress User Shortcodes Plus Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)

Software User Shortcodes Plus Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6969 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cc1bdd35256f Credits Francesco...

5.3CVSS6.5AI score0.00472EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/02/26 12:0 a.m.18 views

WordPress Elementor Pro Plugin <= 3.19.2 is vulnerable to Sensitive Data Exposure

Software Elementor Pro Type Plugin Vulnerable versions = 3.19.2 Fixed in 3.19.3 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-23523 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b4d0340c1078 Credits Dynamic.ooo Team Required...

6.5CVSS6.5AI score0.00529EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/02/21 12:0 a.m.18 views

WordPress Simple Job Board Plugin <= 2.10.8 is vulnerable to Broken Access Control

Software Simple Job Board Type Plugin Vulnerable versions = 2.10.8 Fixed in 2.11.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0593 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 752406ce2200 Credits Krzysztof Zając Required...

5.3CVSS6.5AI score0.00909EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/02/13 12:0 a.m.18 views

WordPress Popup Builder Plugin < 4.2.6 is vulnerable to Server Side Request Forgery (SSRF)

Software Popup Builder Type Plugin Vulnerable versions 4.2.6 Fixed in 4.2.6 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-6294 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 573393918c2e Credits Sebastian Neef Required...

7.5CVSS6.6AI score0.00812EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2024/02/12 12:0 a.m.18 views

WordPress MoveTo Plugin <= 6.2 is vulnerable to Arbitrary File Upload

Software MoveTo Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-25913 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 08fbe7e305e7 Credits Dave Jong Patchstack Required privilege Unauthenticat...

10CVSS6.8AI score0.0063EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/02/08 12:0 a.m.18 views

WordPress Livemesh Addons for Elementor Plugin <= 8.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.3.2 Fixed in 8.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1235 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ab5cdd31d383 Credits Webbernaut...

6.4CVSS5.8AI score0.00429EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/01/31 12:0 a.m.18 views

WordPress WOLF Plugin <= 1.0.8.1 is vulnerable to Broken Access Control

Software WOLF Type Plugin Vulnerable versions = 1.0.8.1 Fixed in 1.0.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0791 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9624a396772c Credits Francesco Carlucci Required privilege...

4.3CVSS6.5AI score0.00533EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/01/31 12:0 a.m.18 views

WordPress Autotitle for WordPress Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Autotitle for WordPress Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6946 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 89d669161c10 Credits Daniel Ruf...

8.8CVSS6.6AI score0.00346EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/01/31 12:0 a.m.18 views

WordPress WordPress Toolbar Plugin <= 2.2.6 is vulnerable to Open Redirection

Software WordPress Toolbar Type Plugin Vulnerable versions = 2.2.6 Fixed in N/A OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2023-6389 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID ae5087bc3d96 Credits Daniel Ruf Required privilege Unauthenticated...

6.1CVSS6.8AI score0.25679EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/01/23 12:0 a.m.18 views

WordPress Sticky Buttons Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Sticky Buttons Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0703 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ba3529117da4 Credits Dipak Panchal th3.d1p4k...

4.8CVSS6AI score0.00301EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/01/18 12:0 a.m.18 views

WordPress Essential Addons for Elementor Plugin <= 5.9.4 is vulnerable to Cross Site Scripting (XSS)

Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.4 Fixed in 5.9.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0585 Patch priority Low CVSS severity Low 6.5 Developer WPDeveloper PSID 34afcc9985b8 Credits Webbernaut...

5.4CVSS5.8AI score0.00402EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/01/15 12:0 a.m.18 views

WordPress InstaWP Connect Plugin <= 0.1.0.8 is vulnerable to Privilege Escalation

Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.8 Fixed in 0.1.0.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-22145 Patch priority High CVSS severity High 8.8 Developer InstaWP PSID f661e38694ec Credits Majed Refae...

8.8CVSS6.5AI score0.01112EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/01/15 12:0 a.m.18 views

WordPress CformsII Plugin <= 15.0.6 is vulnerable to Cross Site Scripting (XSS)

Software CformsII Type Plugin Vulnerable versions = 15.0.6 Fixed in 15.0.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22149 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2aac355b9ab7 Credits emad Required privilege Unauthenticat...

7.1CVSS6.5AI score0.00371EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/01/04 12:0 a.m.18 views

WordPress Depicter Slider Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Depicter Slider Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6493 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 15e2f683e7f4 Credits Rafshanzani Suhada...

4.3CVSS6.6AI score0.00198EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/01/03 12:0 a.m.18 views

WordPress WP SMS Plugin <= 6.5 is vulnerable to SQL Injection

Software WP SMS Type Plugin Vulnerable versions = 6.5 Fixed in 6.5.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-6981 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0cdcc4de6b6a Credits Krzysztof Zając Required privilege Administrator Published 3...

6.1CVSS6.9AI score0.00414EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/01/03 12:0 a.m.18 views

WordPress LearnPress Plugin <= 4.2.5.7 is vulnerable to Insecure Direct Object References (IDOR)

Software LearnPress Type Plugin Vulnerable versions = 4.2.5.7 Fixed in 4.2.5.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6223 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d81a8f21bcf7 Credits lttn Required...

4.3CVSS6.5AI score0.00347EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/12/29 12:0 a.m.18 views

WordPress ARI Stream Quiz Plugin <= 1.3.0 is vulnerable to PHP Object Injection

Software ARI Stream Quiz Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52182 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID c9a4f35de1f1 Credits Rafie Muhammad Patchstack Required...

9.9CVSS6.8AI score0.00627EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/12/28 12:0 a.m.18 views

WordPress Product Feed Manager Plugin <= 7.3.15 is vulnerable to Directory Traversal

Software Product Feed Manager Type Plugin Vulnerable versions = 7.3.15 Fixed in 7.3.16 OWASP Top 10 A4: Insecure Design Classification Directory Traversal CVE CVE-2023-52144 Patch priority Low CVSS severity Low 5.5 Developer WPFunnels Team PSID 19683c0fecc1 Credits Muhammad Daffa Required privile...

5.5CVSS6.5AI score0.00423EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.18 views

WordPress Build App Online Plugin <= 1.0.21 is vulnerable to Privilege Escalation

Software Build App Online Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51478 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 30eb1e208be5 Credits Rafi...

9.8CVSS6.5AI score0.00697EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.18 views

WordPress Checkout Mestres WP Plugin <= 7.1.9.7 is vulnerable to Privilege Escalation

Software Checkout Mestres WP Type Plugin Vulnerable versions = 7.1.9.7 Fixed in 7.1.9.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51472 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9fb8ab95cc18 Credits...

9.8CVSS6.5AI score0.00657EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.18 views

WordPress Booster Elite for WooCommerce Plugin < 7.1.3 is vulnerable to Content Injection

Software Booster Elite for WooCommerce Type Plugin Vulnerable versions 7.1.3 Fixed in 7.1.3 OWASP Top 10 A1: Broken Access Control Classification Content Injection CVE CVE-2023-51511 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1e2bd30a7dcc Credits Dave Jong...

6.5CVSS6.5AI score0.00373EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/12/26 12:0 a.m.18 views

WordPress Media File Renamer Plugin <= 5.7.7 is vulnerable to Arbitrary File Upload

Software Media File Renamer Type Plugin Vulnerable versions = 5.7.7 Fixed in 5.7.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-50897 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 364780c1ddc1 Credits Taihei Shimamine Required privilege...

6.9AI score0.00282EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/12/26 12:0 a.m.18 views

WordPress Beaver Builder Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Beaver Builder Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50889 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c34e72dc456f Credits Rafie Muhammad Patchstack Required...

6.5CVSS6.6AI score0.00321EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000