Lucene search
K
PatchstackMost viewed

46606 matches found

Patchstack
Patchstack
added 2022/02/21 12:0 a.m.18 views

WordPress Contact Form Submissions plugin <= 1.7.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Yoru Oni in WordPress Contact Form Submissions plugin versions = 1.7.2. Solution Update the WordPress Contact Form Submissions plugin to the latest available version at least 1.7.3...

6.1CVSS2.6AI score0.01691EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/21 12:0 a.m.18 views

WordPress CommonsBooking plugin <= 2.6.7 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress CommonsBooking plugin versions = 2.6.7. Solution Update the WordPress CommonsBooking plugin to the latest available version at least 2.6.8...

9.8CVSS3.7AI score0.08852EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/16 12:0 a.m.18 views

WordPress Login with phone number plugin <= 1.3.6 - Unauthenticated Remote Plugin Deletion vulnerability

Unauthenticated Remote Plugin Deletion vulnerability discovered by Michal Lipinski in WordPress Login with phone number plugin versions = 1.3.6. Solution Update the WordPress Login with phone number plugin to the latest available version at least 1.3.7...

6.5CVSS2.8AI score0.01419EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/15 12:0 a.m.18 views

WordPress Relevanssi – A Better Search plugin <= 4.14.5 - Unauthorized AJAX Calls vulnerability

Unauthorized AJAX Calls vulnerability discovered by Jan w Oleju in WordPress Relevanssi – A Better Search plugin versions = 4.14.5. Solution Update the WordPress Relevanssi – A Better Search plugin to the latest available version at least 4.14.6...

2.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/01/31 12:0 a.m.19 views

WordPress Asgaros Forum plugin <= 1.15.20 - Blind SQL Injection (SQLi) vulnerability

Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Asgaros Forum plugin versions = 1.15.20. Solution Update the WordPress Asgaros Forum plugin to the latest available version at least 2.0.0...

8.8CVSS2.9AI score0.01493EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/31 12:0 a.m.18 views

WordPress Crazy Bone plugin <= 0.6.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Crazy Bone plugin versions = 0.6.0. Solution Deactivate and delete. This plugin has been closed as of January 26, 2022 and is not available for download. This closure is temporary, pending a...

6.1CVSS2.3AI score0.01374EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/27 12:0 a.m.18 views

WordPress WHMCS Bridge plugin <= 6.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WHMCS Bridge plugin versions = 6.3. Solution Update the WordPress WHMCS Bridge plugin to the latest available version at least 6.4b...

6.1CVSS1.9AI score0.02187EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/26 12:0 a.m.18 views

WordPress WordPress GDPR & CCPA premium plugin <= 1.9.26 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ace Candelario @0xspade and Victor Paynat-Sautivet 3DS Outscale SOC in WordPress WordPress GDPR & CCPA premium plugin versions = 1.9.26. Solution Update the WordPress WordPress GDPR & CCPA premium plugin to the latest...

6.1CVSS2.5AI score0.0231EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/18 12:0 a.m.18 views

WordPress ProfileGrid plugin <= 4.7.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Big Tiger in WordPress ProfileGrid plugin versions = 4.7.4. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 4.7.5...

6.4CVSS2.1AI score0.009EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/01/18 12:0 a.m.18 views

WordPress GiveWP plugin <= 2.17.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability via Import Tool discovered by JrXnm in WordPress GiveWP plugin versions = 2.17.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.17.3...

6.1CVSS2.3AI score0.00853EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/14 12:0 a.m.18 views

WordPress Futurio Extra plugin <= 1.6.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Jan w Oleju in WordPress Futurio Extra plugin versions = 1.6.2. Possible chained Cross-Site Scripting XSS vulnerability. Solution Update the WordPress Futurio Extra plugin to the latest available version at least 1.6.3...

4CVSS2.6AI score0.00832EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/10 12:0 a.m.18 views

WordPress WP-DownloadManager plugin <= 1.68.5 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by Ex.Mi Patchstack in WordPress WP-DownloadManager plugin versions = 1.68.5. Solution Update the WordPress WP-DownloadManager plugin to the latest available version at least 1.68.6...

5.4CVSS2.3AI score0.00544EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/01/10 12:0 a.m.18 views

WordPress Store Toolkit for WooCommerce plugin <= 2.3.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Store Toolkit for WooCommerce plugin versions = 2.3.1. Solution Update the WordPress Store Toolkit for WooCommerce plugin to the latest available version at least 2.3.2...

6.1CVSS2.1AI score0.00876EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/10 12:0 a.m.18 views

WordPress Ivory Search plugin <= 5.4 - Multiple Stored Cross-Site Scripting (XSS) vulnerability

Multiple Stored Cross-Site Scripting XSS vulnerabilities discovered by Yoru Oni in WordPress Ivory Search plugin versions = 5.4. Solution Update the WordPress Ivory Search plugin to the latest available version at least 5.4.1...

4.8CVSS1.9AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/06 12:0 a.m.18 views

WordPress Ultimate Reviews plugin <= 3.0.15 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Red Team project in WordPress Ultimate Reviews plugin versions = 3.0.15. Solution Update the WordPress Ultimate Reviews plugin to the latest available version at least 3.0.16...

4.8CVSS2.3AI score0.00565EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/01/03 12:0 a.m.18 views

WordPress Document Embedder plugin <= 1.7.4 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure vulnerability

Unauthenticated Arbitrary Private/Draft Post Title Disclosure vulnerability discovered by apple502j in WordPress Document Embedder plugin versions = 1.7.4. Solution Update the WordPress Document Embedder plugin to the latest available version at least 1.7.5...

5.3CVSS2.6AI score0.01327EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/03 12:0 a.m.18 views

WordPress Visual CSS Style Editor plugin <= 7.5.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Visual CSS Style Editor plugin versions = 7.5.3. Solution Update the WordPress Visual CSS Style Editor plugin to the latest available version at least 7.5.4...

6.1CVSS2AI score0.01397EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/30 12:0 a.m.18 views

WordPress Link Library plugin <= 7.2.7 - Library Settings Reset via Cross-Site Request Forgery (CSRF) vulnerability

Library Settings Reset via Cross-Site Request Forgery CSRF vulnerability discovered by Krzysztof Zając in WordPress Link Library plugin versions = 7.2.7. Solution Update the WordPress Link Library plugin to the latest available version at least 7.2.8...

6.5CVSS4.2AI score0.0048EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/12/30 12:0 a.m.18 views

WordPress Link Library plugin <= 7.2.7 - Unauthenticated Arbitrary Links Deletion vulnerability

Unauthenticated Arbitrary Links Deletion vulnerability discovered by Krzysztof Zając in WordPress Link Library plugin versions = 7.2.7. Solution Update the WordPress Link Library plugin to the latest available version at least 7.2.8...

7.5CVSS3.3AI score0.01196EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/28 12:0 a.m.18 views

WordPress Domain Check plugin <= 1.0.17 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ceylan Bozogullarindan in WordPress Domain Check plugin versions = 1.0.17. Solution Update the WordPress Domain Check plugin to the latest available version at least 1.0.18...

6.1CVSS2.4AI score0.12857EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2021/12/27 12:0 a.m.18 views

WordPress WP User Frontend plugin <= 3.5.25 - SQL Injection (SQLi) to Reflected Cross-Site Scripting (XSS)

SQL Injection SQLi to Reflected Cross-Site Scripting XSS discovered by Krzysztof Zając in WordPress WP User Frontend plugin versions = 3.5.25. Solution Update the WordPress WP User Frontend plugin to the latest available version at least 3.5.26...

8.8CVSS2AI score0.1712EPSS
Exploits6References3Affected Software1
Patchstack
Patchstack
added 2021/12/24 12:0 a.m.18 views

WordPress Ultra Seven theme <= 1.2.8 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Ultra Seven theme versions = 1.2.8. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...

8.8CVSS2.8AI score0.01652EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/24 12:0 a.m.18 views

WordPress Mobile Events Manager plugin <= 1.4.3.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Varun thorat in WordPress Mobile Events Manager plugin versions = 1.4.3.1. Solution Update the WordPress Mobile Events Manager plugin to the latest available version at least 1.4.4...

4.8CVSS2AI score0.00654EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/23 12:0 a.m.18 views

WordPress Product Feed PRO for WooCommerce plugin <= 11.0.6 - Settings Update to Stored Cross-Site Scripting (XSS) vulnerability

Settings Update to Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Product Feed PRO for WooCommerce plugin versions = 11.0.6. Solution Update the WordPress Product Feed PRO for WooCommerce plugin to the latest available version at least 11.0.7...

5.4CVSS1.9AI score0.00607EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/20 12:0 a.m.18 views

WordPress SEUR Oficial plugin <= 1.6.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress SEUR Oficial plugin versions = 1.6.0. Solution Update the WordPress SEUR Oficial plugin to the latest available version at least 1.7.0...

4.8CVSS2.4AI score0.00605EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/16 12:0 a.m.18 views

WordPress Smash Balloon Social Post Feed plugin <= 4.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Smash Balloon Social Post Feed plugin versions = 4.1. Solution Update the WordPress Smash Balloon Social Post Feed plugin to the latest available version at least 4.1.1...

5.4CVSS2.2AI score0.01217EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/14 12:0 a.m.18 views

WordPress All in One SEO plugin <= 4.1.5.2 - Authenticated Privilege Escalation vulnerability

Authenticated Privilege Escalation vulnerability discovered by Marc Montpas in WordPress All in One SEO plugin versions = 4.1.5.2. Solution Update the WordPress All in One SEO plugin to the latest available version at least 4.1.5.3...

8.8CVSS3.8AI score0.02975EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/12/14 12:0 a.m.18 views

WordPress myghpay WooCommerce Payment Gateway plugin <= 3.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress myghpay WooCommerce Payment Gateway plugin versions = 3.0. Solution Deactivate and delete. This plugin has been closed as of December 13, 2021 and is not available for download. This closure is temporary, pending a...

6.1CVSS2.4AI score0.00757EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/12/13 12:0 a.m.18 views

WordPress Best WordPress FAQ plugin <= 1.4.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Best WordPress FAQ plugin versions = 1.4.8. Solution Deactivate and delete. This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3.3AI score0.00757EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/12/13 12:0 a.m.18 views

WordPress link-list-manager plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress link-list-manager plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3.1AI score0.00757EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/12/13 12:0 a.m.18 views

WordPress Lets-Box premium plugin <= 1.13.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Trainer Red in WordPress Lets-Box premium plugin versions = 1.13.2. Solution Update the WordPress Lets-Box premium plugin to the latest available version at least 1.13.3...

6.1CVSS2.1AI score0.00729EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/12/08 12:0 a.m.18 views

WordPress Fathom Analytics plugin <= 3.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress Fathom Analytics plugin versions = 3.0.4. Solution Update the WordPress Fathom Analytics plugin to the latest available version at least 3.0.5...

4.8CVSS2.3AI score0.00565EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/12/06 12:0 a.m.18 views

WordPress Site Reviews plugin <= 5.17.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Site Reviews plugin versions = 5.17.2. Solution Update the WordPress Site Reviews plugin to the latest available version at least 5.17.3...

6.1CVSS2.4AI score0.01314EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/05 12:0 a.m.18 views

WordPress Button Generator – easily Button Builder plugin <= 2.3.2 - Remote File Inclusion (RFI) leading to Remote Code Execution (RCE) via CSRF vulnerability

Remote File Inclusion RFI leading to Remote Code Execution RCE via CSRF vulnerability discovered by Krzysztof Zając in WordPress Button Generator – easily Button Builder plugin versions = 2.3.2. Solution Update the WordPress Button Generator – easily Button Builder plugin to the latest available...

8.8CVSS5AI score0.0353EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/28 12:0 a.m.18 views

WordPress Zigcy Baby theme <= 1.0.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Zigcy Baby theme versions = 1.0.6. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...

8.8CVSS2.7AI score0.01652EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/28 12:0 a.m.18 views

WordPress Agency Lite theme <= 1.1.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Agency Lite theme versions = 1.1.6. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...

8.8CVSS2.8AI score0.01652EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2021/11/24 12:0 a.m.18 views

WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated Plugin Deactivation vulnerability

Unauthenticated Plugin Deactivation vulnerability discovered by Dave Jong in WordPress Hide My WP premium plugin versions = 6.2.3. Solution Update the WordPress Hide My WP premium plugin to the latest available version at least 6.2.4...

7.5CVSS2.1AI score0.01941EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/11/22 12:0 a.m.18 views

WordPress Blog2Social plugin <= 6.8.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Blog2Social plugin versions = 6.8.6. Solution Update the WordPress Blog2Social plugin to the latest available version at least 6.8.7...

6.1CVSS2.4AI score0.01669EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.18 views

WordPress Ultimate Nofollow plugin <= 1.4.8 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Quentin VILLAIN 3wsec in WordPress Ultimate Nofollow plugin versions = 1.4.8. Solution Deactivate and delete. This plugin has been closed as of November 3, 2021 and is not available for download. This closure is temporary, pending a full...

5.4CVSS2.8AI score0.00604EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.18 views

WordPress Inspirational Quote Rotator plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Vishal Mohan in WordPress Inspirational Quote Rotator plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of September 23, 2021 and is not available for download. This closure is temporary, pending a...

4.8CVSS2.2AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.18 views

WordPress Temporary Login Without Password plugin <= 1.7.0 - Unauthorized Plugin's Settings Update vulnerability

Unauthorized Plugin's Settings Update vulnerability discovered by apple502j in WordPress Temporary Login Without Password plugin versions = 1.7.0. Solution Update the WordPress Temporary Login Without Password plugin to the latest available version at least 1.7.1...

4.3CVSS2.7AI score0.00347EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.18 views

WordPress Improved Include Page plugin <= 1.2 - Arbitrary Posts/Pages Access vulnerability

Arbitrary Posts/Pages Access vulnerability discovered by Francesco Carlucci in WordPress Improved Include Page plugin versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of October 8, 2021 and is not available for download. This closure is temporary, pending a full revi...

6.5CVSS4.4AI score0.00995EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/12 12:0 a.m.18 views

WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Contact Form 7 Database Addon – CFDB7 plugin versions = 1.2.6.1. Solution Update the WordPress Contact Form 7 Database Addon – CFDB7 plugin to the latest available version at least 1.2.6.2...

6.1CVSS2.7AI score0.00757EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/11/11 12:0 a.m.18 views

WordPress Caldera Forms plugin <= 1.9.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Dhananjay Garg in WordPress Caldera Forms plugin versions = 1.9.4. Solution Update the WordPress Caldera Forms plugin to the latest available version at least 1.9.5...

4.8CVSS1.8AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/07 12:0 a.m.18 views

WordPress Microsoft Clarity plugin <= 0.3 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Cyber Security Works Pvt. Ltd. in WordPress Microsoft Clarity plugin versions = 0.3. Solution Update the WordPress Microsoft Clarity plugin to the latest available version at least 0.4...

5.4CVSS1.9AI score0.01512EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/10/21 12:0 a.m.18 views

WordPress Advanced Forms Pro premium plugin <= 1.6.8 - Arbitrary User Email Address Update via IDOR vulnerability

Arbitrary User Email Address Update via IDOR vulnerability discovered by Suppawit Punhakit in WordPress Advanced Forms Pro premium plugin versions = 1.6.8. Solution Update the WordPress Advanced Forms Pro premium plugin to the latest available version at least 1.6.9...

8.8CVSS3.7AI score0.01798EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/10/21 12:0 a.m.18 views

WordPress Easy Digital Downloads plugin <= 2.11.2 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Easy Digital Downloads plugin versions = 2.11.2. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 2.11.2.1...

4.8CVSS3AI score0.00902EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/19 12:0 a.m.18 views

WordPress Logo Showcase with Slick Slider plugin <= 1.2.3 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Logo Showcase with Slick Slider plugin versions = 1.2.3. Solution Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version at least 1.2.4...

5.4CVSS2.9AI score0.00604EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/18 12:0 a.m.18 views

WordPress QR Redirector plugin <= 1.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress QR Redirector plugin versions = 1.6. Solution Update the WordPress QR Redirector plugin to the latest available version at least 1.6.1...

5.4CVSS1.9AI score0.00604EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/10/14 12:0 a.m.18 views

WordPress job-portal plugin <= 0.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress job-portal plugin versions = 0.0.1. Solution Deactivate and delete. This plugin has been closed as of October 13, 2021 and is not available for download. This closure is temporary, pendi...

5.5CVSS2.6AI score0.0088EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities5000