Lucene search
K
PatchstackMost viewed

46629 matches found

Patchstack
Patchstack
added 2023/04/05 12:0 a.m.18 views

WordPress YourChannel: Everything you want in a YouTube Plugin <= 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software YourChannel: Everything you want in a YouTube Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1870 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db4d6da8779...

4.3CVSS6.6AI score0.00302EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/04/05 12:0 a.m.18 views

WordPress WP FEvents Book Plugin <= 0.46 is vulnerable to Insecure Direct Object References (IDOR)

Software WP FEvents Book Type Plugin Vulnerable versions = 0.46 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-1129 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID bdca07c43d3d Credits Ameen Alkurdy...

6.5CVSS6.5AI score0.00555EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/03/28 12:0 a.m.18 views

WordPress institutions-directory Plugin < 1.3.1 is vulnerable to Privilege Escalation

Software institutions-directory Type Plugin Vulnerable versions 1.3.1 Fixed in 1.3.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3f4ecdce4fb1 Credits Omar Badran Required...

8.8CVSS8.6AI score0.00905EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/03/28 12:0 a.m.18 views

WordPress directory-pro Plugin < 1.9.5 is vulnerable to Privilege Escalation

Software directory-pro Type Plugin Vulnerable versions 1.9.5 Fixed in 1.9.5 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 27a5e48fd1cc Credits Omar Badran Required privilege...

8.8CVSS6.8AI score0.00905EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/03/22 12:0 a.m.18 views

WordPress If Menu Plugin <= 0.16.3 is vulnerable to Broken Access Control

Software If Menu Type Plugin Vulnerable versions = 0.16.3 Fixed in 0.17.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-41698 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6fd87b73bf2d Credits Nguyen Anh Tien Required...

6.5CVSS6.5AI score0.00476EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.18 views

WordPress Dark Mode Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Dark Mode Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9e4920fdc820 Credits István Márton Required...

5.9AI score0.00113EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.18 views

WordPress Boostify Header Footer Builder for Elementor Plugin <= 1.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Boostify Header Footer Builder for Elementor Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5658880d810...

5.8AI score0.00113EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.18 views

WordPress Stylish Cost Calculator Plugin <= 7.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Stylish Cost Calculator Type Plugin Vulnerable versions = 7.3.6 Fixed in 7.3.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4ab3df3ad99b Credits István Márt...

5.9AI score0.00113EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/16 12:0 a.m.18 views

WordPress Products Compare for WooCommerce Plugin <= 3.5.7.7 is vulnerable to Broken Access Control

Software Products Compare for WooCommerce Type Plugin Vulnerable versions = 3.5.7.7 Fixed in 3.5.7.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f7685c0ec49a Credits István...

5.9AI score0.00227EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/06 12:0 a.m.18 views

WordPress Watu Quiz Plugin <= 3.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Watu Quiz Type Plugin Vulnerable versions = 3.3.9 Fixed in 3.3.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0968 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID f8e4b6a3eab0 Credits Marco Wotschka Required...

6.1CVSS5.6AI score0.01252EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/03/03 12:0 a.m.18 views

WordPress WooSupply – Suppliers, Supply Orders and Stock Management Plugin <= 1.2.2 is vulnerable to Server Side Request Forgery (SSRF)

Software WooSupply – Suppliers, Supply Orders and Stock Management Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID f4ff6d9dbad...

9.8CVSS9.5AI score0.00999EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/02/28 12:0 a.m.18 views

WordPress Slimstat Analytics Plugin <= 4.9.3.2 is vulnerable to SQL Injection

Software Slimstat Analytics Type Plugin Vulnerable versions = 4.9.3.2 Fixed in 4.9.3.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0630 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 4253ca9a6d2d Credits Marc Montpas Required privilege Subscribe...

8.8CVSS7.2AI score0.05141EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/02/20 12:0 a.m.18 views

WordPress WP Coder Plugin < 2.5.4 is vulnerable to SQL Injection

Software WP Coder Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0895 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID af35ebdc8e18 Credits Etan Imanol Castro Aldrete Required privilege Administrator...

7.2CVSS6.8AI score0.00798EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/02/15 12:0 a.m.18 views

WordPress Podlove Podcast Publisher Plugin <= 3.8.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.8.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25472 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1974c1ffec51 Credits yuyudhn...

8.8CVSS6.6AI score0.00271EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.18 views

WordPress Interactive Geo Maps Plugin <= 1.5.9 is vulnerable to Cross Site Scripting (XSS)

Software Interactive Geo Maps Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0731 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID 116865bf62ab Credits Marco Wotsch...

6.4CVSS5.9AI score0.00521EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.19 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0724 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4ecba55efc7d Credits Marco Wotschka...

5.4CVSS6.9AI score0.00308EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/02/06 12:0 a.m.18 views

WordPress Mercado Pago payments for WooCommerce Plugin <= 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mercado Pago payments for WooCommerce Type Plugin Vulnerable versions = 6.3.1 Fixed in 6.4.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-45068 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b67044142b86 Credi...

8.8CVSS8.7AI score0.00285EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/06 12:0 a.m.18 views

WordPress Auto Affiliate Links Plugin <= 6.2.1.5 is vulnerable to Privilege Escalation

Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.2.1.5 Fixed in 6.2.1.6 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2022-45840 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 552906959004 Credits Nguyen Anh Tien...

6.3AI score0.00637EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/31 12:0 a.m.18 views

WordPress GS Products Slider for WooCommerce Plugin < 1.5.9 is vulnerable to Cross Site Scripting (XSS)

Software GS Products Slider for WooCommerce Type Plugin Vulnerable versions 1.5.9 Fixed in 1.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0492 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 912bee63a436 Credits...

5.4CVSS5.7AI score0.00457EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/30 12:0 a.m.18 views

WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0554 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID c79ea8bd00a5 Credits Marco Wotschka...

7.6CVSS6.6AI score0.00368EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/01/27 12:0 a.m.18 views

WordPress DH – Anti AdBlocker Plugin <= 36 is vulnerable to Cross Site Request Forgery (CSRF)

Software DH – Anti AdBlocker Type Plugin Vulnerable versions = 36 Fixed in 37 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47162 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1473176655f8 Credits rezaduty Required...

8.8CVSS6.7AI score0.00276EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/27 12:0 a.m.18 views

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.48 is vulnerable to Cross Site Scripting (XSS)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.48 Fixed in 1.5.49 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47170 Patch priority Low CVSS severity Low 5.9 Developer Unlimited...

5.9CVSS5.8AI score0.00392EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/24 12:0 a.m.18 views

WordPress Page Builder: Live Composer Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.22 Fixed in 1.5.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4669 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3a851e56815e Credits Istv...

5.4CVSS5.9AI score0.00393EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.18 views

WordPress WP Airbnb Review Slider Plugin < 3.3 is vulnerable to SQL Injection

Software WP Airbnb Review Slider Type Plugin Vulnerable versions 3.3 Fixed in 3.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0262 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e5bb0170c3f4 Credits István Márton Required privilege Subscriber...

8.8CVSS6.8AI score0.00925EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.18 views

WordPress Extensive VC Addons for WPBakery page builder Plugin < 1.9.1 is vulnerable to Local File Inclusion

Software Extensive VC Addons for WPBakery page builder Type Plugin Vulnerable versions 1.9.1 Fixed in 1.9.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0159 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 335c3e6ccfa2 Credits dc11 Required...

7.5CVSS6.8AI score0.55736EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.18 views

WordPress WP Go Maps Plugin <= 9.0.15 is vulnerable to Directory Traversal

Software WP Go Maps Type Plugin Vulnerable versions = 9.0.15 Fixed in 9.0.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Directory Traversal CVE CVE-2022-47595 Patch priority Low CVSS severity Low 4.9 Developer WP Go Maps PSID ce001c792740 Credits rezaduty Required privilege...

6.5CVSS6.9AI score0.00754EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.18 views

WordPress WP Time Slots Booking Form Plugin <= 1.1.81 is vulnerable to Cross Site Scripting (XSS)

Software WP Time Slots Booking Form Type Plugin Vulnerable versions = 1.1.81 Fixed in 1.1.82 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23971 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e04532f2022b Credits Rio Darmaw...

5.9CVSS6AI score0.00392EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/18 12:0 a.m.18 views

WordPress Better Font Awesome Plugin < 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Better Font Awesome Type Plugin Vulnerable versions 2.0.4 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4512 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3f338a1f451d Credits Lana Codes...

6.8CVSS5.6AI score0.00762EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/01/11 12:0 a.m.18 views

WordPress Hide My WP Plugin < 6.2.9 is vulnerable to SQL Injection

Software Hide My WP Type Plugin Vulnerable versions 6.2.9 Fixed in 6.2.9 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-4681 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ad94e6b8ba54 Credits Xenofon Vassilakopoulos Required privilege...

9.8CVSS6.7AI score0.03824EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2023/01/04 12:0 a.m.18 views

WordPress Revive Old Posts Plugin < 9.0.11 is vulnerable to PHP Object Injection

Software Revive Old Posts Type Plugin Vulnerable versions 9.0.11 Fixed in 9.0.11 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-4680 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID a37521b3e635 Credits Nguyen Huu Do Required privilege...

7.2CVSS6.8AI score0.01046EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/04 12:0 a.m.18 views

WordPress RSS Aggregator by Feedzy Plugin < 4.1.1 is vulnerable to Cross Site Scripting (XSS)

Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions 4.1.1 Fixed in 4.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4667 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID cee226bbb884 Credits István Márt...

5.4CVSS5.6AI score0.00507EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/12/29 12:0 a.m.18 views

WordPress Content Control Plugin < 1.1.10 is vulnerable to Cross Site Scripting (XSS)

Software Content Control Type Plugin Vulnerable versions 1.1.10 Fixed in 1.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4509 Patch priority Medium CVSS severity Medium 6.3 Developer Code Atlantic LLC PSID a16131ad7c93 Credits István Márton...

5.4CVSS5.7AI score0.00471EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/12/29 12:0 a.m.18 views

WordPress soundblast Theme < 10 is vulnerable to Arbitrary File Upload

Software soundblast Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8aee103c2d72 Credits Joshua Small Required privilege...

9.8CVSS9.3AI score0.02084EPSS
Exploits12References2Affected Software1
Patchstack
Patchstack
added 2022/12/29 12:0 a.m.18 views

WordPress kingclub-theme Theme < 10 is vulnerable to Arbitrary File Upload

Software kingclub-theme Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c582a1ee7025 Credits Joshua Small Required privilege...

9.8CVSS9.3AI score0.02084EPSS
Exploits12References2Affected Software1
Patchstack
Patchstack
added 2022/11/17 12:0 a.m.18 views

WordPress WooSwipe WooCommerce Gallery plugin <= 2.0.1 - Auth. Broken Access Control vulnerability

Auth. Broken Access Control vulnerability leading to plugin settings change discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress WooSwipe WooCommerce Gallery plugin versions = 2.0.1. Solution No patched version is available. No reply from the vendor...

8.8CVSS3.8AI score0.00631EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2022/11/11 12:0 a.m.18 views

WordPress Add Multiple Marker plugin <= 1.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Add Multiple Marker plugin versions = 1.2. Solution No patched version is available...

4.1AI score0.00264EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/11 12:0 a.m.18 views

WordPress Activity Reactions For Buddypress plugin <= 1.0.22 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Activity Reactions For Buddypress plugin versions = 1.0.22. Solution No patched version is available...

4.9AI score0.00271EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/03 12:0 a.m.18 views

WordPress Find and Replace All plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Find and Replace All plugin versions = 1.2. Solution Update the WordPress Find and Replace All plugin to the latest available version at least 1.3...

1.5AI score0.00486EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/02 12:0 a.m.18 views

WordPress AM-HiLi plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep Patchstack Alliance in the WordPress AM-HiLi plugin versions = 1.0. Solution No patched version is available...

4.8CVSS2.1AI score0.00412EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/02 12:0 a.m.18 views

WordPress Video Thumbnails plugin <= 2.12.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress Video Thumbnails plugin versions = 2.12.3. Solution Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full...

2.5AI score0.00495EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/01 12:0 a.m.18 views

WordPress Homepage Popup plugin <= 1.2.5 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mika in the WordPress Homepage Pop-up plugin versions = 1.2.5. Solution No patched version is available. No reply from the vendor...

1.1AI score0.00392EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.18 views

WordPress Booster for WooCommerce premium <= 5.6.4 - Auth. Arbitrary File Download vulnerability

Auth. Arbitrary File Download vulnerability discovered by WPScan in WordPress Booster for WooCommerce premium versions = 5.6.4. Solution Update the WordPress Booster Plus for WooCommerce plugin to the latest available version at least 5.6.5...

6.5CVSS3.7AI score0.00914EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/27 12:0 a.m.18 views

WordPress Bricks Builder premium theme <= 1.5.3 - Auth. Remote Code Execution vulnerability

Auth. Remote Code Execution vulnerability discovered by RG in WordPress Bricks Builder premium theme versions = 1.5.3. Solution Update the WordPress Bricks Builder theme to the latest available version at least 1.5.4...

8.8CVSS4.8AI score0.01556EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/10/27 12:0 a.m.18 views

WordPress Backup Guard plugin <= 1.6.9.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in the WordPress Backup Guard plugin versions = 1.6.9.0. Solution Update the WordPress Backup Guard plugin to the latest available version at least 1.6.9.1...

3.5AI score0.00392EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/25 12:0 a.m.18 views

WordPress SEO Plugin by Squirrly SEO plugin <= 12.1.10 - Auth. Arbitrary File Upload vulnerability

Auth. Arbitrary File Upload vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress SEO Plugin by Squirrly SEO plugin versions = 12.1.10. Solution Update the WordPress SEO Plugin by Squirrly SEO plugin to the latest available version at least 12.1.11...

3.2AI score0.0072EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/25 12:0 a.m.18 views

WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities

Multiple Cross-Site Scripting CSRF vulnerabilities were discovered by Vlad Vector Patchstack in the WordPress SEO Redirection Plugin plugin versions = 8.9. Solution Update the WordPress SEO Redirection plugin to the latest available version at least 9.1...

8.8CVSS2.8AI score0.00276EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/24 12:0 a.m.18 views

WordPress Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Corona Virus COVID-19 Banner & Live Data plugin versions = 1.7.0.6. Solution No patched version is available. No reply from the vendor...

3.9AI score0.00264EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/24 12:0 a.m.18 views

WordPress Phone Orders for WooCommerce plugin <= 3.7.1 - Auth. Sensitive Data Exposure vulnerability

Auth. Sensitive Data Exposure vulnerability discovered by Lana Codes Patchstack Alliance in WordPress Phone Orders for WooCommerce plugin versions = 3.7.1. Solution Update the WordPress Phone Orders for WooCommerce plugin to the latest available version at least 3.7.2...

6.5CVSS3.9AI score0.00591EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/24 12:0 a.m.18 views

WordPress Newspaper premium theme < 12.1 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Truoc Phan in WordPress Newspaper premium theme versions 12.1. Solution Update the WordPress Newspaper theme to the latest available version at least 12.1...

9.8CVSS3.4AI score0.03546EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/20 12:0 a.m.18 views

WordPress Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Codes Patchstack Alliance in the WordPress Integration for Szamlazz.hu & WooCommerce plugin versions = 5.6.3.2. Solution Update the WordPress Integration for Szamlazz.hu & WooCommerce plugin to the latest available...

8.8CVSS4.3AI score0.004EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000