Lucene search
K
PatchstackMost viewed

46606 matches found

Patchstack
Patchstack
added 2015/04/07 12:0 a.m.18 views

WordPress Welcart Plugin <= 1.4.17 - Multiple XSS

These vulnerabilities allow the attackers to inject arbitrary web script or HTML via the "uscesreferer" parameter to: includes/edit-form-advanced.php, includes/edit-form-advanced34.php, classes/usceshop.class.php, includes/membereditform.php, includes/orderlist.php, includes/ordereditform.php,...

4.3CVSS3.8AI score0.02033EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/04/06 12:0 a.m.18 views

WordPress QAEngine Theme - Privilege Escalation

Because of this vulnerability, the attackers can have an administrator account on the target's website. Solution Update the theme...

5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/03/30 12:0 a.m.18 views

WordPress WPML Plugin <= 3.1.8 - SQL Injection #1

Because of the "menu sync" function, remote attackers can delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php. Related records:...

6.4CVSS3.9AI score0.13386EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/03/14 12:0 a.m.18 views

WordPress SEO by Yoast Plugin <= 1.7.3 - Multiple Vulnerabilities

Multiple cross-site request forgery vulnerabilities exist in admin/class-bulk-editor-list-table.php. Because of these vulnerabilities, the attackers can hijack the authentication of certain users for requests that conduct SQL injection attacks. Solution Update the plugin...

6.8CVSS3.9AI score0.01521EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/02/11 12:0 a.m.18 views

WordPress Redirection Page Plugin <= 1.2 - Multiple CSRF and XSS

This plugin is prone to multiple cross site request forgery and cross site scripting vulnerabilities. In that way an attacker can change plugin settings via the "source" or "redir" parameters. Solution Update the plugin...

6.8CVSS3.5AI score0.01001EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/02/10 12:0 a.m.18 views

WordPress WP EasyCart Plugin - Unrestricted File Upload

WP EasyCart plugin is prone to an unrestricted file upload vulnerability that exists because the /inc/amfphp/administration/banneruploaderscript.php does not properly clean up user-uploaded files. An attacker can do the script with the privileges of the web server by making a direct request to th...

6.5CVSS2.5AI score0.51617EPSS
Exploits7References1Affected Software1
Patchstack
Patchstack
added 2015/01/13 12:0 a.m.18 views

WordPress JS Multi Hotel Plugin <= 2.2.1 - XSS

Because of this cross site scripting vulnerability in includes/deleteimg.php, the attackers can inject arbitrary web script or HTML via the "path" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.02041EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/01/13 12:0 a.m.18 views

WordPress Photocrati Theme - Cross Site Scripting

Because of this vulnerability in photocrati-gallery/ecomm-sizes.php, the attackers can inject arbitrary web script or HTML via the "prodid" parameter. Solution Update the theme...

4.3CVSS3.1AI score0.02041EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/01/13 12:0 a.m.18 views

WordPress mTouch Quiz Plugin <= 3.0.6 - Multiple XSS

Because of these vulnerabilities in question.php, the attackers can inject arbitrary web script or HTML via the "quiz" parameter to wp-admin/edit.php. Solution Update the plugin...

4.3CVSS2.7AI score0.02046EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/01/13 12:0 a.m.18 views

WordPress JS Multi Hotel Plugin <= 2.2.1 - Multiple Vulnerabilities

Because of these vulnerabilities, the attackers can obtain the installation path via a request to widget.php, functions.php, myCalendar.php, showimage.php, refreshDate.php, phpthumb/thumbplugins/gdreflection.inc.php or phpthumb/GdThumb.inc.php in includes/. Solution Update the plugin...

5CVSS4AI score0.02155EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/01/13 12:0 a.m.18 views

WordPress Unconfirmed Plugin <= 1.2.4 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the plugin...

4.3CVSS2.9AI score0.02023EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/01/13 12:0 a.m.18 views

WordPress Another WordPress Classifieds Plugin - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the query string to the default URI. Solution Update the plugin...

4.3CVSS3AI score0.01633EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/01/01 12:0 a.m.18 views

WordPress Sodahead Polls Plugin <= 2.0.3 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS1.7AI score0.02044EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/12/17 12:0 a.m.18 views

WordPress PWG Random Plugin <= 1.11 - Multiple CSRG and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...

6.8CVSS3.5AI score0.01046EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2014/12/07 12:0 a.m.18 views

WordPress wpCommentTwit Plugin <= 0.5 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...

6.8CVSS3.4AI score0.01001EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2014/11/26 12:0 a.m.18 views

WordPress Digital Zoom Studio Plugin - XSS

Multiple cross-site scripting XSS vulnerabilities are in deploy/designer/preview.php. Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "swfloc" or "designrand" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.07309EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/11/24 12:0 a.m.18 views

WordPress WPDataTables Plugin 1.5.3 - SQL Injection

This WordPress WPDataTables plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

7.5CVSS3.6AI score0.04737EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/11/20 12:0 a.m.18 views

WordPress <= 4.0.0 - XSS #3

Because of this vulnerability in the "media-playlists" function, the attackers can inject arbitrary web script or HTML via unspecified vectors. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-xss...

4.3CVSS2.4AI score0.02839EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/11/04 12:0 a.m.18 views

WordPress XCloner Plugin <= 3.1.1 - Multiple Vulnerabilities

There are multiple vulnerabilities in this plugin, such as arbitrary command execution, clear text MySQL password exposure through html text box under configuration panel, MySQL password exposed to process table, database backups exposed to local users due to open file permissions, authenticated...

2.1CVSS1.1AI score0.00865EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2014/11/04 12:0 a.m.18 views

WordPress Download Manager Plugin - Arbitrary File Download

Because of this vulnerability, the attackers can read arbitrary files in the "fname" parameter to views/filedownload.php or filedownload.php. Solution Update the plugin...

5CVSS4.9AI score0.0285EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/10/02 12:0 a.m.18 views

WordPress Enfold Theme <= 3.0.0 - Unspecified Vulnerability

Because of this vulnerability in the folder framework, this theme has unknown impact and attack vectors. Solution Update the theme...

10CVSS6.8AI score0.02101EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/09/16 12:0 a.m.18 views

WordPress Contact Form 7 Integrations Plugin <= 1.3.10 - Multiple XSS

Because of these vulnerabilities in includes/toAdmin.php, the attackers can inject arbitrary web script or HTML via the "uE" or "uC" parameter. Solution Update the plugin...

4.3CVSS3AI score0.01571EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/08/22 12:0 a.m.18 views

WordPress Content Audit Plugin <= 1.6.0 - SQL Injection

SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php. Solution Update the plugin...

7.5CVSS7.4AI score0.02334EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2014/08/19 12:0 a.m.18 views

WordPress WP Content Source Control Plugin - Directory Traversal

This WP Content Source Control plugin is prone to a directory-traversal vulnerability via "download.php". It fails to clean up user-supplied input. Using this plugin allows an attacker to obtain an important information which could aid in further attacks. Solution Upgrade the plugin...

5CVSS4.2AI score0.18817EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.18 views

WordPress Postcard Theme - Remote Code Execution

There are a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.18 views

WordPress ZooEffect Plugin <= 1.08 - Reflected XSS

This plugin is prone to a HTTP referer reflected cross site scripting vulnerability. Solution Update the plugin...

1.2AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.18 views

WordPress Skeptical Theme - Remote Code Execution

There is a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/07/18 12:0 a.m.18 views

WordPress Gallery Objects Plugin 0.4 - SQL Injection

This WordPress Gallery Objects plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

7.5CVSS3.7AI score0.04594EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/07/07 12:0 a.m.18 views

WordPress Custom Banners Plugin <= 1.2.2.2 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "custombannersregisteredname" parameter to wp-admin/options.php. Solution Update the plugin...

4.3CVSS3AI score0.01633EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.18 views

WordPress WP Consultant Plugin <= 1.0 - XSS

Because of this vulnerability in admin/adminshowdialogs.php, the attackers can inject arbitrary web script or HTML via the "dialogid" parameter. Solution Update the plugin...

4.3CVSS2.9AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.18 views

WordPress Rezgo Plugin <= 1.4.2 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "response" parameter. Solution Update the plugin...

4.3CVSS2.9AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.18 views

WordPress WP Social Invitations Plugin <= 1.4.4.2 - XSS

Because of this vulnerability in test.php, the attackers can inject arbitrary web script or HTML via the "xhrurl" parameter. Solution Update the plugin...

4.3CVSS2.8AI score0.01637EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.18 views

WordPress Social Login Plugin <= 2.0.3 - XSS

Because of this vulnerability in services/diagnostics.php, the attackers can inject arbitrary web script or HTML via the "xhrurl" parameter. Solution Update the plugin...

4.3CVSS2.8AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.18 views

WordPress BIC Media Widget Plugin <= 1.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "param" parameter. Solution Update the plugin...

4.3CVSS2.7AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/06/23 12:0 a.m.18 views

WordPress WebEngage Plugin <= 2.0.0 - XSS

Because of this vulnerability in resize.php, the attackers to inject arbitrary web script or HTML via the "height" parameter or renderer.php or callback.php. Solution Update the plugin...

4.3CVSS2.7AI score0.02046EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/05/23 12:0 a.m.18 views

WordPress Member Approval Plugin <= 131109 - CSRF

Cross-site request forgery CSRF vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to...

6.8CVSS5.7AI score0.01024EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2014/05/22 12:0 a.m.18 views

WordPress TinyMCE Color Picker Plugin <= 1.1 - Security Bypass

Because of this vulnerability, the attackers can modify plugin settings via unspecified vectors. Solution Update the plugin...

5CVSS5.6AI score0.01784EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/04/29 12:0 a.m.18 views

WordPress NextCellent Gallery Plugin <= 1.19.17 - XSS

Because of this vulnerability in admin/manage-images.php, authenticated users can inject arbitrary web script or HTML via the "Alt & Title Text" field. Solution Update the plugin...

2.1CVSS1.9AI score0.01589EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/03/31 12:0 a.m.18 views

WordPress Ajax Pagination Plugin 1.1 - Local File Inclusion

Ajax Pagination plugin is prone to a file inclusion vulnerability. It is exploitable by an unauthenticated user, who can include any local file ending in “.php” which is accessible to the web user. Solution Upgrade the plugin...

7.5CVSS2.5AI score0.15675EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/03/19 12:0 a.m.18 views

WordPress File Gallery Plugin <= 1.7.9.1 - Arbitrary Code Execution

This plugin does not properly escape strings, which allows remote administrators to execute arbitrary PHP code. Solution Update the plugin...

6.5CVSS6.2AI score0.01746EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/01/20 12:0 a.m.18 views

WordPress <= 3.0.1 - Multiple XSS

Because of these vulnerabilities, remote servers can inject arbitrary web script or HTML by providing a crafted error message for a FTP or SSH connection attempt. Solution Update WordPress...

4.3CVSS1.7AI score0.01398EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/01/20 12:0 a.m.18 views

WordPress <= 3.3.2 - Multiple Vulnerabilities

Because of these vulnerabilities, the attackers can obtain sensitive information or bypass intended media-attachment restrictions via a "postid" value. Solution Update the plugin...

6.4CVSS4.8AI score0.02497EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/01/16 12:0 a.m.18 views

WordPress Newsletter Manager Plugin <= 1.0.2 - XSS

Because of this vulnerability in admin/testmail.php, the attackers can inject arbitrary web script or HTML via the "id" parameter. Solution Update the plugin...

4.3CVSS3.1AI score0.01649EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/12/02 12:0 a.m.18 views

WordPress FormCraft Plugin - SQL Injection

This WordPress FormCraft plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

7.5CVSS3.1AI score0.04785EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/10/25 12:0 a.m.18 views

WordPress Social Sharing Toolkit Plugin <= 2.1.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...

4.3CVSS2.9AI score0.01602EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/09/30 12:0 a.m.18 views

WordPress Simple Dropbox Upload Plugin <=1.8.8.0 - Unrestricted File Upload

Because of this vulnerability in multi.php, the attackers can execute arbitrary code by uploading a file with an executable extension and after that accessing it via a direct request to the file in wp-content/uploads/wpdb/. Solution Update the plugin...

6.8CVSS6.5AI score0.0416EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/05/07 12:0 a.m.18 views

WordPress Related Posts Plugin <= 1.3.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of unspecified users for requests that change settings via unknown vectors. Solution Update the plugin...

6.8CVSS5.5AI score0.0107EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/04/22 12:0 a.m.18 views

WordPress Download Monitor Plugin <= 3.3.6.1 - XSS #2

Because of this vulnerability in admin/admin.php, the attackers can inject arbitrary web script or HTML via the "p" parameter. Solution Update the plugin...

4.3CVSS3.8AI score0.02075EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/04/22 12:0 a.m.18 views

WordPress Maintenance Mode Plugin <= 1.8.7 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that modify this plugin's settings. Solution Update the plugin...

6.8CVSS4.9AI score0.00952EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/04/22 12:0 a.m.18 views

WordPress GRAND FlAGallery Plugin <= 2.71 - XSS

Because of this vulnerability in wp-admin/admin.php, the attackers can inject arbitrary web script or HTML via the "s" parameter in a flag-manage-gallery action. Solution Update the plugin...

4.3CVSS2.9AI score0.01615EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000