Lucene search
K
PatchstackMost viewed

46606 matches found

Patchstack
Patchstack
•added 2021/09/21 12:0 a.m.•18 views

WordPress Telefication vulnerability <= 1.8.0 - Open Relay and Server-Side Request Forgery vulnerability

Open Relay and Server-Side Request Forgery vulnerability discovered by Marco Wotschka & Charles Strader Sweethill in WordPress Telefication vulnerability versions = 1.8.0. Solution This plugin has been closed as of September 20, 2021 and is not available for download. This closure is temporary,...

5.8CVSS2AI score0.01333EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2021/09/20 12:0 a.m.•18 views

WordPress XforWooCommerce plugin <=1.6.4 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in the WordPress XforWooCommerce plugin versions =1.6.4. Solution...

3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/09/20 12:0 a.m.•18 views

WordPress Sociable plugin <= 4.3.4.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Genubhau Wayal in WordPress Sociable plugin versions = 4.3.4.1. Solution Deactivate and delete. This plugin has been closed as of August 9, 2021 and is not available for download. Reason: Security Issue...

4.8CVSS3.2AI score0.00622EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/09/13 12:0 a.m.•18 views

WordPress Support Board plugin <= 3.3.3 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities

Multiple Unauthenticated SQL Injection SQLi vulnerabilities were discovered by John Jefferson Li in the WordPress Support Board plugin versions = 3.3.3. Solution Update the WordPress Support Board plugin to the latest available version at least 3.3.4...

9.8CVSS2.4AI score0.05516EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
•added 2021/09/09 12:0 a.m.•18 views

WordPress WP-T-Wap plugin <= 1.13.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress WP-T-Wap plugin versions = 1.13.2. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.8AI score0.00866EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/09/09 12:0 a.m.•18 views

WordPress GNU-Mailman Integration plugin <= 1.0.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress GNU-Mailman Integration plugin versions = 1.0.6. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.7AI score0.00866EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/09/06 12:0 a.m.•18 views

WordPress Modern Events Calendar Lite plugin <= 5.22.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress Modern Events Calendar Lite plugin versions = 5.22.1. Solution Update the WordPress Modern Events Calendar Lite plugin to the latest available version at least 5.22.2...

4.8CVSS2.1AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/09/06 12:0 a.m.•18 views

WordPress Appointment Hour Booking plugin <= 1.3.15 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Appointment Hour Booking plugin versions = 1.3.15. Solution Update the WordPress Appointment Hour Booking plugin to the latest available version at least 1.3.16...

4.8CVSS1.4AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/08/31 12:0 a.m.•18 views

WordPress WooCommerce Dynamic Pricing & Discounts premium plugin <= 2.4.1 - Unauthenticated Settings Export vulnerability

Unauthenticated Settings Export vulnerability discovered by Jerome Bruandet NinTechNet in WordPress WooCommerce Dynamic Pricing & Discounts premium plugin versions = 2.4.1. Solution Update the WordPress WooCommerce Dynamic Pricing & Discounts premium plugin to the latest available version at leas...

3.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/08/25 12:0 a.m.•18 views

WordPress Advanced Custom Fields plugin <= 5.9.9 - Arbitrary ACF Data/Field Groups View and Fields Move vulnerability

Arbitrary ACF Data/Field Groups View and Fields Move vulnerability discovered by Keitaro Yamazaki in WordPress Advanced Custom Fields plugin versions = 5.9.9. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 5.10...

3.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/08/24 12:0 a.m.•18 views

WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 2.8.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Recipe Card Blocks for Gutenberg & Elementor plugin versions = 2.8.2. Solution Update the WordPress Recipe Card Blocks for Gutenberg & Elementor plugin to the latest available version at least 2.8.3...

5.4CVSS2.3AI score0.00604EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/08/17 12:0 a.m.•18 views

WordPress Icegram plugin <= 2.0.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Icegram plugin versions = 2.0.2. Vulnerable at "Headline" &messagedata16headline input. Solution Update the WordPress Icegram plugin to the latest available version at least 2.0.3...

5.4CVSS1.7AI score0.00552EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/08/16 12:0 a.m.•18 views

WordPress Smash Balloon Social Post Feed plugin <= 2.19.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by dc11 in WordPress Smash Balloon Social Post Feed plugin versions = 2.19.1. Solution Update the WordPress Smash Balloon Social Post Feed plugin to the latest available version at least 2.19.2...

6.1CVSS2.5AI score0.01322EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/08/16 12:0 a.m.•18 views

WordPress WP Courses LMS plugin <= 2.0.43 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Tri Wanda Septian in WordPress WP Courses LMS plugin versions = 2.0.43. Solution Update the WordPress WP Courses LMS plugin to the latest available version at least 2.0.44...

4.8CVSS2.1AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/08/13 12:0 a.m.•18 views

WordPress Custom Post Type Relations plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Custom Post Type Relations plugin = 1.0. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS1.8AI score0.00895EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/08/13 12:0 a.m.•18 views

WordPress Media Usage plugin <= 0.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Media Usage plugin versions = 0.0.4. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3.7AI score0.00844EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/08/11 12:0 a.m.•18 views

WordPress Per page add to head plugin <= 1.4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Prashant Karman Patel in WordPress Per page add to head plugin versions = 1.4.4. Solution This plugin has been closed as of June 7, 2021 and is not available for download. Reason: Security Issue...

4.8CVSS1.2AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/08/09 12:0 a.m.•18 views

WordPress Product Limited Time Availability Date for WooCommerce plugin <= 1.0.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress Product Limited Time Availability Date for WooCommerce plugin versions = 1.0.1. Solution 2021-08-27 - no patched version available...

1.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/08/09 12:0 a.m.•18 views

WordPress SpeakOut! Email Petitions plugin <= 2.13.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress SpeakOut! Email Petitions plugin versions = 2.13.1.1. Solution Update the WordPress SpeakOut! Email Petitions plugin to the latest available version at least 2.13.3...

2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/08/02 12:0 a.m.•18 views

WordPress Sitewide Notice WP <= 2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Sitewide Notice WP versions = 2.2. Solution Update the WordPress Sitewide Notice WP to the latest available version at least 2.3...

4.8CVSS2.1AI score0.00617EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/07/30 12:0 a.m.•18 views

WordPress youForms plugin <= 1.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by xiahao in WordPress youForms plugin versions = 1.0.5. Solution This plugin has been closed as of July 30, 2021 and is not available for download. This closure is temporary, pending a full review...

4.8CVSS2.8AI score0.02678EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/07/27 12:0 a.m.•18 views

WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

4.3CVSS4.3AI score0.00423EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
•added 2021/07/26 12:0 a.m.•18 views

WordPress Admin Custom Login plugin <= 3.2.7 – Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Ryoma Nishioka Cryptography Laboratory - Tokyo Denki University in WordPress Admin Custom Login plugin versions = 3.2.7. Solution Update the WordPress Admin Custom Login plugin to the latest...

8.8CVSS2.3AI score0.007EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
•added 2021/07/07 12:0 a.m.•18 views

WordPress WP Upload Restriction plugin <= 2.2.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Angelo Righi in WordPress WP Upload Restriction plugin versions = 2.2.3. Solution Update the WordPress WP Upload Restriction plugin to the latest available version at least 2.2.4...

6.4CVSS2.3AI score0.00634EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/06/30 12:0 a.m.•18 views

WordPress Profile Builder plugin <= 3.4.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Profile Builder plugin versions = 3.4.7. Solution Update the WordPress Profile Builder plugin to the latest available version at least 3.4.8...

4.8CVSS2AI score0.00613EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/06/28 12:0 a.m.•18 views

WordPress Youzify plugin <= 1.0.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Phu Tran in WordPress Youzify plugin versions = 1.0.6. Solution Update the WordPress Youzify plugin to the latest available version at least 1.0.7...

5.4CVSS1.8AI score0.0062EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2021/06/28 12:0 a.m.•18 views

WordPress ProfilePress plugin 3.0 – 3.1.3 - Arbitrary File Upload in File Uploader Component vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Chloe Chamberland WordFence in WordPress ProfilePress plugin versions 3.0 – 3.1.3. 06.29.2021 - WordFence updated the vulnerable version to 3.0 - 3.1.3. Solution Update the WordPress ProfilePress plugin to the latest version at leas...

9.8CVSS1.8AI score0.06744EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/06/21 12:0 a.m.•18 views

WordPress Remove Schema plugin <= 1.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Remove Schema plugin versions = 1.4. Solution Update the WordPress Remove Schema plugin to the latest available version at least 1.6...

3.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/06/21 12:0 a.m.•18 views

WordPress Browser Screenshots plugin <= 1.7.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Browser Screenshots plugin versions = 1.7.5. Solution Update the WordPress Browser Screenshots plugin to the latest available version at least 1.7.6...

5.4CVSS2.9AI score0.0062EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/06/15 12:0 a.m.•18 views

WordPress Leaflet Map plugin <= 2.23.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Leaflet Map plugin versions = 2.23.3. Solution Update the WordPress Leaflet Map plugin to the latest available version at least 3.0.0...

5.4CVSS2.1AI score0.00624EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/06/14 12:0 a.m.•18 views

WordPress WP SVG images plugin <= 3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via uploaded SVG file

Authenticated Stored Cross-Site Scripting XSS vulnerability via uploaded SVG file discovered by Rasi in WordPress WP SVG images plugin versions = 3.3. Solution Update the WordPress WP SVG images plugin to the latest available version at least 3.4...

5.4CVSS2.8AI score0.00659EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/06/07 12:0 a.m.•18 views

WordPress WP Hardening plugin <= 1.2.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by dc11 in WordPress WP Hardening plugin versions = 1.2.1. Solution Update the WordPress WP Hardening plugin to the latest available version at least 1.2.2...

6.1CVSS1.1AI score0.00827EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/06/07 12:0 a.m.•18 views

WordPress Comments Like Dislike plugin <= 1.1.3 - Repeated Voting Restriction Bypass vulnerability

Repeated Voting Restriction Bypass vulnerability discovered by Phu Tran in WordPress Comments Like Dislike plugin versions = 1.1.3. Solution Update the WordPress Comments Like Dislike plugin to the latest available version at least 1.1.4...

5.3CVSS3.4AI score0.00981EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/05/31 12:0 a.m.•18 views

WordPress Admin Columns PRO premium plugin <= 5.4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Daniel Elkabes WhiteSource in WordPress Admin Columns PRO premium plugin versions = 5.4.4. Solution Update the WordPress Admin Columns PRO premium plugin to the latest available version at least 5.5.1...

5.4CVSS2.2AI score0.00997EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/05/27 12:0 a.m.•18 views

WordPress Xllentech English Islamic Calendar plugin <= 2.6.7 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress Xllentech English Islamic Calendar plugin versions = 2.6.7. Solution Update the WordPress Xllentech English Islamic Calendar plugin to the latest available version at least 2.6.8...

8.8CVSS2.9AI score0.01586EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/05/27 12:0 a.m.•18 views

WordPress Side Menu plugin <= 3.1.3 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Side Menu plugin versions = 3.1.3. Solution Update the WordPress Side Menu plugin to the latest available version at least 3.1.5...

7.2CVSS2.6AI score0.01565EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/05/13 12:0 a.m.•18 views

WordPress <= 5.7.1 - Object injection in PHPMailer vulnerability

Object injection in PHPMailer vulnerability discovered in WordPress one security issue affecting WordPress versions between 3.7 and 5.7. Solution Update the WordPress to the latest available version at least 5.7.2. All WordPress versions since 3.7 have also been updated to fix the following...

3.1AI score0.03095EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
•added 2021/05/04 12:0 a.m.•18 views

WordPress Autoptimize plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Autoptimize plugin versions = 2.8.3. Solution Update the WordPress Autoptimize plugin to the latest available version at least 2.8.4...

2.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/04/29 12:0 a.m.•18 views

WordPress Smooth Scroll Page Up/Down Buttons WordPress plugin <= 1.4 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Smooth Scroll Page Up/Down Buttons WordPress plugin versions = 1.4. Solution 2021-04-29 - No patched version is available...

4.8CVSS2.3AI score0.00626EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/04/29 12:0 a.m.•18 views

WordPress AcyMailing SMTP Newsletter plugin <= 7.4.1 - Unauthenticated Open Redirect vulnerability

Unauthenticated Open Redirect vulnerability discovered by Viktor Markopoulos WordPress AcyMailing SMTP Newsletter plugin versions = 7.4.1. Solution Update the WordPress AcyMailing SMTP Newsletter plugin to the latest available version at least 7.5.0...

6.1CVSS2.6AI score0.01939EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
•added 2021/04/27 12:0 a.m.•18 views

WordPress Pods plugin <= 2.7.26 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WhiteSource in WordPress Pods plugin versions = 2.7.26. Solution Update the WordPress Pods plugin to the latest available version at least 2.7.27...

5.4CVSS1.8AI score0.0076EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/04/26 12:0 a.m.•18 views

WordPress Store Locator Plus plugin <= 5.5.14 - Authenticated Privilege Escalation vulnerability

Authenticated Privilege Escalation vulnerability discovered by WordFence in WordPress Store Locator Plus plugin versions = 5.5.14. Solution Update the WordPress Store Locator Plus plugin to the latest available version at least 5.5.15...

8.8CVSS3.4AI score0.01149EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/04/21 12:0 a.m.•18 views

WordPress Accordion plugin <= 2.2.29 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by iohex in WordPress Accordion plugin versions = 2.2.29. Solution Update the WordPress Accordion plugin to the latest available version at least 2.2.30...

5.4CVSS2.5AI score0.00624EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/04/20 12:0 a.m.•18 views

WordPress Redirection for Contact Form 7 plugin <= 2.3.3 - Unauthenticated Arbitrary Nonce Generation vulnerability

Unauthenticated Arbitrary Nonce Generation vulnerability discovered by WordFence in WordPress Redirection for Contact Form 7 plugin versions = 2.3.3. Solution Update the WordPress Redirection for Contact Form 7 plugin to the latest available version at least 2.3.4...

3.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/04/12 12:0 a.m.•18 views

WordPress WPGraphQL plugin <= 1.3.5 - Denial of Service vulnerability

Denial of Service vulnerability discovered by Dolev Farhi in WordPress WPGraphQL plugin versions = 1.3.5. Solution Update the WordPress WPGraphQL plugin to the latest available version at least 1.3.6...

3AI score
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/04/10 12:0 a.m.•18 views

WordPress Imagements plugin <= 1.2.5 - Unauthenticated Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability

Unauthenticated Arbitrary File Upload leading to Remote Code Execution RCE vulnerability discovered by Jin Huang in WordPress Imagements plugin versions = 1.2.5. Solution Plugin closed. Deactivate and delete...

9.8CVSS4.3AI score0.0714EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/04/10 12:0 a.m.•18 views

WordPress Classyfrieds plugin <= 3.8 - Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Jin Huang in WordPress Classyfrieds plugin versions = 3.8. Solution This plugin has been closed as of December 24, 2018 and is not available for download. Reason: Guideline Violation...

8.8CVSS3.6AI score0.01906EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/04/10 12:0 a.m.•18 views

WordPress Contact Form Check Tester plugin <= 1.0.2 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by 0xB9 in WordPress Contact Form Check Tester plugin versions = 1.0.2. Solution This plugin has been closed as of March 25, 2021 and is not available for download. This closure is permanent...

5.4CVSS2.6AI score0.04703EPSS
Exploits5References2Affected Software1
Patchstack
Patchstack
•added 2021/04/09 12:0 a.m.•18 views

WordPress Media File Renamer plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Ngo Van Thien Patchstack Red Team in the WordPress Media File Renamer plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...

5.4CVSS3.7AI score0.00423EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/04/08 12:0 a.m.•18 views

WordPress WP Page Builder plugin <= 1.2.3 - Insecure Default Configuration vulnerability

Insecure Default Configuration vulnerability discovered by WordFence in WordPress WP Page Builder plugin versions = 1.2.3. Solution Update the WordPress WP Page Builder plugin to the latest available version at least 1.2.4...

4.3CVSS2.5AI score0.00689EPSS
Exploits2References3Affected Software1
Total number of security vulnerabilities5000