Lucene search
K
PatchstackMost viewed

46606 matches found

Patchstack
Patchstack
•added 2021/03/29 12:0 a.m.•18 views

WordPress Listeo premium theme <= 1.6.07 - Authenticated Multiple Insecure Direct Object References (IDOR) vulnerabilities

Multiple Insecure Direct Object References IDOR vulnerabilities discovered by m0ze Patchstack Red Team in the WordPress Listeo premium theme versions = 1.6.07. Solution Update the WordPress Listeo premium theme to the latest available version at least 1.6.11...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2021/03/26 12:0 a.m.•18 views

WordPress AccessAlly premium plugin <= 3.5.6 - $_SERVER Superglobal Leakage vulnerability

$SERVER Superglobal Leakage vulnerability discovered by Till Krüss in WordPress AccessAlly premium plugin versions = 3.5.6. Solution Update the WordPress AccessAlly premium plugin to the latest available version at least 3.5.7...

7.5CVSS3.1AI score0.05404EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/03/04 12:0 a.m.•18 views

WordPress WooCommerce Upload Files premium plugin <= 59.3 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability found by WordFence in WordPress WooCommerce Upload Files premium plugin versions = 59.3. Solution Update the WordPress WooCommerce Upload Files premium plugin to the latest available version at least 59.4...

9.8CVSS3.6AI score0.01899EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2021/03/01 12:0 a.m.•18 views

WordPress Defender Security plugin <= 2.4.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by NintechNet in WordPress Defender Security plugin versions = 2.4.6. Solution Update the WordPress Defender Security plugin to the latest available version at least 2.4.6.1...

3.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/02/24 12:0 a.m.•18 views

WordPress YITH WooCommerce Gift Cards plugin <= 3.3.0 - Arbitrary File Upload to Remote Code Execution (RCE) vulnerability

Arbitrary File Upload to Remote Code Execution RCE vulnerability found by Guy Liu in WordPress YITH WooCommerce Gift Cards plugin versions = 3.3.0. Solution Update the WordPress YITH WooCommerce Gift Cards plugin to the latest available version at least 3.3.1...

10CVSS5.4AI score0.36781EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/01/12 12:0 a.m.•18 views

WordPress Process Steps Template Designer plugin <= 1.2.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found in WordPress Process Steps Template Designer plugin versions = 1.2.1. Solution Update the WordPress Process Steps Template Designer plugin to the latest available version at least 1.3...

3.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2021/01/10 12:0 a.m.•18 views

WordPress EasyBook premium theme <= 1.2.1 - Persistent Cross-Site Scripting (XSS) vulnerability

Persistent Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress EasyBook premium theme versions = 1.2.1. Solution Update the WordPress EasyBook premium theme to the latest available version at least 1.2.2...

6.1CVSS2.1AI score0.02582EPSS
Exploits4References2Affected Software1
Patchstack
Patchstack
•added 2020/12/09 12:0 a.m.•18 views

WordPress DiveBook plugin <= 1.1.4 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Hooper Labs WordPress DiveBook plugin versions = 1.1.4. Solution 2020-12-09 - we were unable to find a patched version of this plugin Last updated: 10 years ago...

6.1CVSS1.6AI score0.00948EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
•added 2020/11/24 12:0 a.m.•18 views

WordPress Media Library Assistant plugin <= 2.84 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability found by Lenon Leite in WordPress Media Library Assistant plugin versions = 2.84. Solution Update the WordPress Media Library Assistant plugin to the latest available version at least 2.9.0...

4.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2020/11/05 12:0 a.m.•18 views

WordPress Augmented Reality plugin <= 1.2.0 - Unauthenticated PHP File Upload leading to Remote Code Execution (RCE) vulnerability

Unauthenticated PHP File Upload leading to Remote Code Execution RCE vulnerability found by Robert Wiggins in WordPress Augmented Reality plugin versions = 1.2.0. Solution Note from wordpress.org plugin repository: This plugin has been closed as of September 3, 2020 and is not available for...

2.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2020/10/29 12:0 a.m.•18 views

WordPress <= 5.5.1 - XML-RPC Privilege Escalation vulnerability

XML-RPC Privilege Escalation vulnerability found by Justin Tran in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...

3.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2020/10/21 12:0 a.m.•18 views

WordPress Simple Download Monitor plugin <= 3.8.8 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...

8.8CVSS3.4AI score0.01487EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2020/10/21 12:0 a.m.•18 views

WordPress Simple Download Monitor plugin <= 3.8.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8 . Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...

6.1CVSS2.7AI score0.00931EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2020/10/14 12:0 a.m.•18 views

WordPress Live Chat - Live support plugin <= 3.1.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Yusuke Fukuda Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University in WordPress Live Chat - Live support plugin versions = 3.1.0. Solution Update the WordPress Live Chat - Live support plugi...

8.8CVSS2.9AI score0.00808EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2020/08/21 12:0 a.m.•18 views

WordPress WooCommerce - NAB Transact plugin <= 2.1.1 - Payment Bypass vulnerability

Payment Bypass vulnerability found by Jack Misiura in WordPress WooCommerce - NAB Transact plugin versions = 2.1.1. Solution Update the WordPress WooCommerce - NAB Transact plugin to the latest available version at least = 2.1.2...

7.5CVSS4.2AI score0.01152EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
•added 2020/08/14 12:0 a.m.•18 views

WordPress Sell Media plugin <= 2.4.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Metamorfosec in WordPress Sell Media plugin versions = 2.4.1. Solution Update the WordPress Sell Media plugin to the latest available version at least 2.4.2...

6.1CVSS3.1AI score0.09221EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
•added 2020/07/17 12:0 a.m.•18 views

WordPress Email Subscribers & Newsletters <= 4.5.0.1 - Authenticated SQL injection (SQLi) vulnerability

Authenticated SQL injection SQLi vulnerability found by Tenable in WordPress Email Subscribers & Newsletters versions = 4.5.0.1. Solution Update the WordPress Email Subscribers & Newsletters to the latest available version at least 4.5.1...

4.9CVSS2.8AI score0.01966EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2020/07/17 12:0 a.m.•18 views

WordPress Email Subscribers & Newsletters plugin <= 4.5.0.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Tenable in WordPress Email Subscribers & Newsletters plugin versions = 4.5.0.1. Solution Update the WordPress Email Subscribers & Newsletters plugin to the latest available version at least 4.5.1...

6.5CVSS2.8AI score0.00917EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2020/07/16 12:0 a.m.•18 views

WordPress All In One SEO Pack plugin <= 3.6.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress All In One SEO Pack plugin versions = 3.6.1. Solution Update the WordPress All In One SEO Pack plugin to the latest available version at least 3.6.2...

5.4CVSS2AI score0.00837EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2020/06/17 12:0 a.m.•18 views

WordPress Testimonial Rotator plugin <= 3.0.2 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Vu Dong in WordPress Testimonial Rotator plugin versions = 3.0.2. Solution Update the WordPress Testimonial Rotator plugin to the latest available version at least 3.0.3...

5.4CVSS2.1AI score0.00708EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2020/05/22 12:0 a.m.•18 views

WordPress ThirstyAffiliates plugin <= 3.9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by minhtuanact in WordPress ThirstyAffiliates plugin versions = 3.9.2. Solution Update the WordPress ThirstyAffiliates plugin to the latest available version at least 3.9.3...

5.4CVSS2.5AI score0.00653EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
•added 2020/05/14 12:0 a.m.•18 views

WordPress WP Product Review Lite plugin <= 3.7.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sucuri in WordPress WP Product Review Lite plugin versions = 3.7.5. Solution Update the WordPress WP Product Review Lite plugin to the latest available version at least 3.7.6...

2.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2020/05/06 12:0 a.m.•18 views

WordPress Elementor Pro premium plugin <= 2.9.3 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Elementor Pro premium plugin versions = 2.9.3. Solution Update the WordPress Elementor Pro premium plugin to the latest available version at least 2.9.4...

9.9CVSS3.5AI score0.08565EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2020/04/07 12:0 a.m.•18 views

WordPress WP Lead Plus X plugin <= 0.98 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress WP Lead Plus X plugin versions = 0.98. Solution Update the WordPress WP Lead Plus X plugin to the latest available version at least 0.99...

6.1CVSS1.8AI score0.01876EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2020/03/11 12:0 a.m.•18 views

WordPress Import Export WordPress Users plugin <= 1.3.8 - Arbitrary User Creation vulnerability

Arbitrary User Creation vulnerability discovered by WordFence in WordPress Import Export WordPress Users plugin versions = 1.3.8. Solution Update the WordPress Import Export WordPress Users plugin to the latest available version at least 1.3.9...

8.8CVSS2.2AI score0.01727EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2020/01/22 12:0 a.m.•18 views

WordPress Calculated Fields Form plugin <= 1.0.353 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by Ben Armstrong Spider Sec Ltd in WordPress Calculated Fields Form plugin versions = 1.0.353. Solution Update the WordPress Calculated Fields Form plugin to the latest available version at least 1.0.354...

5.4CVSS2.1AI score0.00991EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2020/01/10 12:0 a.m.•18 views

WordPress EasyBook premium theme <= 1.2.1 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by m0ze in WordPress EasyBook premium theme versions = 1.2.1. Solution Update the WordPress EasyBook premium theme to the latest available version at least 1.2.2...

7.5CVSS2.6AI score0.0317EPSS
Exploits4References2Affected Software1
Patchstack
Patchstack
•added 2020/01/08 12:0 a.m.•18 views

WordPress Minimal Coming Soon & Maintenance Mode plugin <= 2.10 - CSRF to Stored XSS and Setting Changes vulnerability

CSRF to Stored XSS and Setting Changes vulnerability found by Chloe Chamberland in WordPress Minimal Coming Soon & Maintenance Mode plugin versions = 2.10. Solution Update the WordPress Minimal Coming Soon & Maintenance Mode plugin to the latest available version at least 2.15...

9.6CVSS3.1AI score0.00924EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2019/11/14 12:0 a.m.•18 views

WordPress Blog2Social plugin <=5.8.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Blog2Social plugin versions =5.8.1. Solution Update the WordPress Blog2Social plugin to the latest available version at least 5.9.0...

6.1CVSS1.9AI score0.01336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/10/17 12:0 a.m.•18 views

WordPress WP SlackSync premium plugin <= 1.8.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability found by fs0c131y in WordPress WP SlackSync premium plugin versions = 1.8.5. Solution Update the WordPress WP SlackSync premium plugin to the latest available version at least 1.8.6...

7.5CVSS2.5AI score0.01677EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2019/08/29 12:0 a.m.•18 views

WordPress Social LikeBox & Feed plugin <= 2.8.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found in WordPress Social LikeBox & Feed plugin versions = 2.8.4. Solution Update the WordPress Social LikeBox & Feed plugin to the latest available version at least 2.8.5...

8.8CVSS3.9AI score0.00709EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/08/27 12:0 a.m.•18 views

WordPress UserPro plugin <= 4.9.33 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found in WordPress UserPro plugin versions = 4.9.33. Solution 27 August 2019 - no patched version available...

6.1CVSS2.5AI score0.82962EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2019/07/26 12:0 a.m.•18 views

WordPress AdRotate Banner Manager plugin <= 5.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Tin Duong in WordPress AdRotate Banner Manager plugin versions = 5.2. Solution Update the WordPress AdRotate Banner Manager plugin to the latest available version at least 5.3...

7.2CVSS3.7AI score0.01502EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/07/10 12:0 a.m.•18 views

WordPress Zoho SalesIQ plugin <= 1.0.8 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) vulnerabilities

Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS vulnerabilities found by Cryptography Laboratory in WordPress Zoho SalesIQ plugin versions = 1.0.8. Solution Update the WordPress Zoho SalesIQ plugin to the latest available version at least 1.0.9...

2.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/07/02 12:0 a.m.•18 views

WordPress Widget Logic plugin <= 5.9.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability that leads to Remote Code Execution RCE found by Paul Dannewitz in WordPress Widget Logic plugin versions = 5.9.0. Solution Update the WordPress Widget Logic plugin to the latest available version at least 5.10.2...

8.8CVSS4.4AI score0.0111EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2019/06/11 12:0 a.m.•18 views

WordPress JobCareer theme - 2.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by QUIXSS in WordPress JobCareer theme version 2.5. Solution Update the WordPress JobCareer theme to the latest available version at least 2.5.1...

1.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/03/12 12:0 a.m.•18 views

WordPress Quiz And Survey Master plugin <= 6.2.1 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by Tim Coen in WordPress Quiz And Survey Master plugin versions = 6.2.1. Solution 12 March 2019 - plugin disabled in WordPress plugin repository, but changelog available for the patched version 6.2.2...

6.1CVSS1.7AI score0.01608EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2019/03/05 12:0 a.m.•18 views

WordPress Contact Form 7 Multi-Step Forms plugin <= 3.0.8 - Authenticated Option Update vulnerability (Fremius Library security issue)

Authenticated Option Update vulnerability Fremius Library security issue found in WordPress Contact Form 7 Multi-Step Forms plugin versions = 3.0.8. Solution Update the WordPress Contact Form 7 Multi-Step Forms plugin to the latest available version at least 3.0.9...

3.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2019/02/26 12:0 a.m.•18 views

WordPress WooCommerce plugin <= 3.5.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by Fortinet's FortiGuard Labs Zhouyuan Yang in WordPress WooCommerce plugin versions = 3.5.4. Solution Update the WooCommerce plugin to the latest available version at least 3.5.5...

6.1CVSS1.5AI score0.00983EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/01/14 12:0 a.m.•18 views

WordPress spam-byebye plugin <= 2.2.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by qw3rTyTy in WordPress spam-byebye plugin versions = 2.2.1. Solution Update the WordPress spam-byebye plugin to the latest available version at least 2.2.2...

6.1CVSS1.9AI score0.00952EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2018/12/07 12:0 a.m.•18 views

WordPress Contact Form by WPForms plugin <= 1.4.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by RIPS Technologies in WordPress Contact Form by WPForms plugin versions = 1.4.7. Solution Update the WordPress Contact Form by WPForms plugin to the latest available versions at least 1.4.8...

2.2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2018/11/08 12:0 a.m.•18 views

WordPress RSVPMaker plugin <= 5.6.3 - SQL Injection (SQLi) vulnerabilities

SQL Injection SQLi vulnerabilities found in WordPress RSVPMaker plugin versions = 5.6.3. Solution Update the WordPress RSVPMaker plugin to the latest available version at least 5.6.4...

9.8CVSS3.3AI score0.02244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2018/09/09 12:0 a.m.•18 views

WordPress UserPro premium plugin <= 4.9.23 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Yonatan Correa in WordPress UserPro premium plugin versions = 4.9.23. Solution Update the WordPress UserPro premium plugin to the latest available version at least 4.9.24...

6.1CVSS2AI score0.01345EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2018/07/18 12:0 a.m.•18 views

WordPress All In One Favicon plugin <= 4.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities

Multiple Stored Authenticated Cross-Site Scripting XSS vulnerabilities found by Javier Olmedo in WordPress All In One Favicon plugin versions = 4.6. Solution This plugin was closed on July 13, 2018 and is no longer available for download. Deactivate and delete asap...

4.8CVSS2.7AI score0.02003EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2018/06/22 12:0 a.m.•18 views

WordPress Advanced Order Export For WooCommerce plugin <= 1.5.4 - CSV Injection vulnerability

CSV Injection vulnerability found by Bhushan Patil in WordPress Advanced Order Export For WooCommerce plugin versions = 1.5.4. Solution Update the WordPress Advanced Order Export For WooCommerce plugin to the latest available version at least 1.5.5...

7.8CVSS2.8AI score0.05209EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2018/06/03 12:0 a.m.•18 views

WordPress Advance Search for WooCommerce plugin <= 1.0.9 - Stored Cross-site scripting (XSS) vulnerability

Stored Cross-site scripting XSS vulnerability found by ThreatPress Research Team in WordPress Advance Search for WooCommerce plugin versions = 1.0.9. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

6.1CVSS1.2AI score0.00802EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
•added 2018/06/03 12:0 a.m.•18 views

WordPress WooCommerce Category Banner Management plugin <= 1.1.0 - Unauthenticated Settings Change Vulnerability

Unauthenticated Settings Change Vulnerability found by ThreatPress Research Team in WordPress WooCommerce Category Banner Management plugin versions = 1.1.0. Solution Update the WordPress WooCommerce Category Banner Management plugin to the latest available version at least 1.1.1...

5.3CVSS3AI score0.00945EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
•added 2018/06/03 12:0 a.m.•18 views

WordPress WooCommerce Quick Reports plugin <= 1.0.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability found by ThreatPress Research Team in WordPress WooCommerce Quick Reports plugin versions = 1.0.6. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

6.1CVSS1.2AI score0.00808EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
•added 2018/04/18 12:0 a.m.•18 views

Google Drive for WordPress plugin <=2.2 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability found by Lenon Leite in Google Drive for WordPress plugin versions =2.2. Solution Attention! This plugin was closed on 2018 January 26 by WordPress security team and is no longer available for download. Deactivate and uninstall!...

4.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2018/04/03 12:0 a.m.•18 views

WordPress File Upload plugin <=4.3.2 - Security Issue in plugin shortcodes

Security Issue in plugin shortcodes found in WordPress File Upload plugin versions =4.3.2. Solution Update the WordPress File Upload plugin to the latest available version at least 4.3.3...

5.4CVSS2.7AI score0.03244EPSS
Exploits5References1Affected Software1
Total number of security vulnerabilities5000