Lucene search
K
PatchstackMost viewed

46606 matches found

Patchstack
Patchstack
added 2013/04/22 12:0 a.m.18 views

WordPress WP PostViews Plugin <= 1.62 - CSRF

Because of this vulnerability in the options admin page, the attackers can hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. Solution Update the plugin...

6.8CVSS5.2AI score0.01085EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/04/01 12:0 a.m.18 views

WordPress BackupBuddy Plugin <= 2.2.4 - Sensitive Data Exposure #2

Because of this vulnerability in the importbuddy.php, the plugin does not reliably delete itself after completing a restore operation. In that way the attackers can obtain access via subsequent requests to this script. Solution Update the plugin...

7.5CVSS3.8AI score0.0243EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/03/26 12:0 a.m.18 views

WordPress Social Sharing Toolkit Plugin <= 2.1.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that manipulate plugin settings via unknown vectors. Solution Update the plugin...

6.8CVSS5.1AI score0.0097EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/03/26 12:0 a.m.18 views

WordPress Calendar Plugin <= 1.3.2 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of users for requests that add a calendar entry via unspecified vectors. Solution Update the plugin...

6.8CVSS5.1AI score0.0107EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2013/03/22 12:0 a.m.18 views

WordPress WP MailUp Plugin <= 1.3.1 - BYPASS

Because of this vulnerability, the attackers can modify plugin settings and conduct cross-site scripting attacks via unspecified vectors. Solution Update the plugin...

5CVSS4.8AI score0.02375EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/02/19 12:0 a.m.18 views

WordPress Social Media Widget Plugin <= 4.0 - Remote File Inclusion

This plugin contains a Trojan Horse, which allows the attackers to force the upload of arbitrary files. Solution Update the plugin...

5CVSS6AI score0.02374EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2013/01/30 12:0 a.m.18 views

WordPress My Calendar Plugin <= 1.10.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the plugin...

2.6CVSS2.9AI score0.02177EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/11/14 12:0 a.m.18 views

WordPress <= 3.4.2

The attackers can discover valid session identifiers via a brute-force attack, because this WordPress version does not invalidate a wordpresssec session cookie upon an administrator's logout action. Solution The application should keep track of session identifiers where a user has explicitly logg...

2.6CVSS4.7AI score0.02432EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/09/06 12:0 a.m.18 views

WordPress Another WordPress Classifieds Plugin <= 1.9 - Unspecified vulnerability

Because of this vulnerability, this plugin has unknown impact and attack vectors related to "image uploads." Solution Update the plugin...

10CVSS6.7AI score0.02607EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2012/08/28 12:0 a.m.18 views

WordPress Simple:Press Forum Plugin - Arbitrary File Upload

WordPressSimple:Press Forum plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Update the plugin...

3.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2012/08/23 12:0 a.m.18 views

WordPress WP E-Commerce Plugin <= 3.8.7.1 - XSS

Because of this vulnerability in wpsc-admin/display-sales-logs.php, the attackers can inject arbitrary web script or HTML via the "customtext" parameter. Solution Update the plugin...

4.3CVSS2.8AI score0.0224EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/08/21 12:0 a.m.18 views

WordPress <= 3.4.2 - CSRF

Because of this vulnerability in wp-admin/index.php, the attackers can hijack the authentication of administrators for requests. Solution Update WordPress...

6.8CVSS4.4AI score0.01146EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/08/14 12:0 a.m.18 views

WordPress Image News Slider Plugin <= 3.2 - Unspecified vulnerability

Because of this vulnerability, this plugin has unspecified impact and remote attack vectors. Solution Update the plugin...

7.5CVSS6.6AI score0.02279EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/06/07 12:0 a.m.18 views

WordPress FCChat Widget Plugin 2.2.x - Arbitrary File Upload

FCChat Widget plugin's "Upload.php" is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also...

6.8CVSS1.9AI score0.07694EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/06/06 12:0 a.m.18 views

WordPress MM Forms Community Plugin 2.2.6 - Arbitrary File Upload

MM Forms Community plugin is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possible...

7.5CVSS2AI score0.11748EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2012/06/06 12:0 a.m.18 views

WordPress Font Uploader Plugin 1.2.4 - Arbitrary File Upload

Font Uploader plugin is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possible...

7.5CVSS1.9AI score0.10336EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/05/21 12:0 a.m.18 views

WordPress League Manager Plugin <= 3.7 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "group" parameter in the show-league page. Solution Update the plugin...

4.3CVSS2.7AI score0.02023EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/05/13 12:0 a.m.18 views

WordPress WP FaceThumb Plugin 0.1 - Cross Site Scripting

WordPress WP-FaceThumb plugin's "paginationwpfacethum" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attack...

4.3CVSS3.1AI score0.12905EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/04/26 12:0 a.m.18 views

WordPress Zingiri Web Shop Plugin <= 2.4.0 - Multiple XSS Vulnerabilities

Zingiri Web Shop plugin is prone to multiple cross-site scripting vulnerabilities. After the malicious code posted up, Javascrip code inserted to database with "$POST'notes'" variable. When administrator wants to see list of ordered items list, Javascript codes will come from database and start...

4.3CVSS1.1AI score0.05337EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/01/23 12:0 a.m.18 views

WordPress Kish Guest Posting Plugin 1.0 - Arbitrary File Upload

Kish Guest Posting plugin is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possible...

6.8CVSS1.7AI score0.11571EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2012/01/04 12:0 a.m.18 views

WordPress Symposium Plugin <= 11.12.24 - Multiple Arbitrary File Upload

Because of this vulnerability, the attackers can execute arbitrary code by uploading a file with an executable extension using uploadify/uploadprofileavatar.php or uploadify/uploadadminavatar.php. Solution Update the plugin...

7.5CVSS5.6AI score0.04249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2011/12/31 12:0 a.m.18 views

WordPress TheCartPress Plugin 1.6 - Cross Site Scripting

WordPress TheCartPress plugin's "OptionsPostsList.php" is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can ste...

4.3CVSS2.9AI score0.04535EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/12/12 12:0 a.m.18 views

WordPress Grand FlAGallery Plugin 1.57 - Cross Site Scripting

WordPress Grand FlAGallery plugin's "flagshow.php" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker c...

4.3CVSS2.5AI score0.07062EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/11/28 12:0 a.m.18 views

WordPress Redirection Plugin <= 2.2.9 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist. Solution Update the plugin...

4.3CVSS2.3AI score0.02483EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/11/21 12:0 a.m.18 views

WordPress Advanced Text Widget Plugin 2.0 - Cross Site Scripting

WordPress Advanced Text Widget plugin's "page" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...

4.3CVSS2AI score0.10083EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/09/30 12:0 a.m.18 views

WordPress Black-LetterHead Theme 1.5 - Cross Site Scripting

WordPress Black-LetterHead theme's "index.php" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...

4.3CVSS3.1AI score0.03429EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/09/29 12:0 a.m.18 views

WordPress Atahualpa Theme 3.6.7 - Cross Site Scripting

WordPress Atahualpa theme's "s" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-bas...

4.3CVSS3.1AI score0.03888EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2011/08/20 12:0 a.m.18 views

WordPress UnGallery plugin <= 1.5.8 - Local File Disclosure

This vulnerability allows an attacker to obtain important information from local files on computers running the vulnerable application. Other attacks are also possible. Solution Update the plugin...

3.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2010/12/21 12:0 a.m.18 views

WordPress Mediatricks Viva Thumbs Plugin - Multiple Information Disclosure Vulnerabilities

This Mediatricks Viva Thumbs plugin is prone to multiple information-disclosure vulnerabilities. It fails to properly clean up user-supplied input. The attackers may use these issues to confirm the existence of local files outside the WordPress Webroot. The information that they get can be useful...

2.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2010/11/08 12:0 a.m.18 views

WordPress WP Survey And Quiz Tool Plugin 1.2.1 - Cross-Site Scripting Vulnerability

This WP Survey And Quiz Tool plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...

4.3CVSS2.7AI score0.01904EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2010/02/15 12:0 a.m.18 views

WordPress Copperleaf Photolog Plugin 0.16 - SQL injection Vulnerability

This Copperleaf Photolog plugin is prone to an SQL injection vulnerability. It allows the attackers to execute arbitrary SQL commands via the "postid" parameter. Solution Update the plugin...

7.5CVSS7.1AI score0.02818EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2010/02/13 12:0 a.m.18 views

WordPress 2.9 - Failure to Restrict URL Access

A new feature, called "Trash", was implemented so that users were able to retrieve posts that they may have deleted by accident. Any posts that are placed within the trash are viewable by authenticated users, no matter what privileges they have. Solution Update the WordPress, because since versio...

4CVSS3AI score0.09855EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2009/07/24 12:0 a.m.18 views

WordPress 2.8.1 - Remote Cross-Site Scripting Vulnerability

This version of WordPress is prone to a cross-site scripting vulnerability. Solution Update WordPress...

4.3CVSS2.3AI score0.07905EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2008/12/19 12:0 a.m.18 views

WordPress <= 1.3.1 - Remote Code Execution

Because of this vulnerability, the authenticated users with manageoptions and uploadfiles capabilities can execute arbitrary code by uploading a PHP script. Solution Update WordPress...

8.5CVSS4.5AI score0.12008EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/10/21 12:0 a.m.18 views

WordPress MU <= 2.5 - XSS

Because of this vulnerability in wp-admin/wp-blogs.php, the attackers tcan inject arbitrary web script or HTML . Solution Update WordPress...

4.3CVSS1.6AI score0.0381EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/10/20 12:0 a.m.18 views

WordPress Newsletter Plugin - SQL Injection #1

Because of this vulnerability in stnliframe.php, the attackers can execute arbitrary SQL commands via the "newsletter" parameter. Solution Update the plugin...

7.5CVSS6.4AI score0.02726EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/07/30 12:0 a.m.18 views

WordPress Download Manager Plugin <= 0.2 - Arbitrary File Upload

Because of this vulnerability in upload.php, the attackers can execute arbitrary code by uploading a file with an executable extension via the "upfile" parameter. Solution Update the plugin...

10CVSS6.9AI score0.16848EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/02/20 12:0 a.m.18 views

WordPress WP People Plugin <= 1.6.1 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "person" parameter. Solution Update the plugin...

7.5CVSS6.5AI score0.02805EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2008/01/30 12:0 a.m.18 views

WordPress WP Call Plugin <= 0.3 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "id" parameter. Solution Update the plugin...

7.5CVSS6.5AI score0.02742EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2008/01/09 12:0 a.m.18 views

WordPress <= 2.3.9 - SQL Injection

Because of this vulnerability, the attackers can obtain sensitive information via an invalid "p" parameter. Solution Update WordPress...

5CVSS4.5AI score0.02576EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2008/01/09 12:0 a.m.18 views

WordPress Contact Form Plugin <= 1.5 - Multiple CSRF

Because of these vulnerabilities, the attackers can perform actions as administrators. Solution Update the plugin...

4.3CVSS5.3AI score0.01273EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2007/09/14 12:0 a.m.18 views

WordPress <= 2.2.3 - XSS

The attackers can conduct cross-site scripting XSS attacks via modified data to post.php or page.php with a nofilter field. Solution Update WordPress...

4.3CVSS4.4AI score0.01522EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2007/05/03 12:0 a.m.18 views

WordPress wordTube Plugin <= 1.43 - Remote File Inclusion

Because of this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "wpPATH" parameter. Solution Update the WordPress wordTube plugin to the latest available version at least 1.44...

6.8CVSS6.1AI score0.40099EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2007/05/03 12:0 a.m.18 views

WordPress WP Table Plugin <= 1.43 - Directory Traversal

Because of this vulnerability, the attackers can include and execute arbitrary local files via the "wpPATH" parameter. Solution Update the WordPress WP Table plugin to the latest available version at least 1.44...

6.8CVSS5.7AI score0.06505EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2006/08/09 12:0 a.m.18 views

WordPress <= 2.0.3 - Multiple Vulnerabilities

Because of these vulnerabilities, WordPress 2.0.3 and previous versions have unknown impact and remote attack vectors. Solution Update the WordPress to the latest available version at least 2.0.4...

10CVSS5.7AI score0.03558EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2005/04/13 12:0 a.m.18 views

WordPress <=1.5 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Because of these vulnerabilities in template-functions-post.php, attackers can execute arbitrary commands via the title of the post or content. Solution Update WordPress to the latest possible version...

6.8CVSS5AI score0.02863EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.17 views

NPM: Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions

NPM: Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions vulnerability discovered by ? in WordPress Npm network-ai versions = 5.0.0, = 5.12.1...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.17 views

NPM: Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning

NPM: Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning vulnerability discovered by ? in WordPress Npm network-ai versions = 5.12.1...

6AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:56 p.m.17 views

NPM: Nuxt: Dev server discloses project absolute path and persistent workspace UUID via `/.well-known/appspecific/com.chrome.devtools.json`

NPM: Nuxt: Dev server discloses project absolute path and persistent workspace UUID via /.well-known/appspecific/com.chrome.devtools.json vulnerability discovered by ? in WordPress Npm nuxt versions = 4.0.0-alpha.1, 4.4.7...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/28 9:9 p.m.17 views

WordPress Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin <= 1.0.271 - Missing Authorization to Unauthenticated Homepage Settings Modification vulnerability

Missing Authorization to Unauthenticated Homepage Settings Modification vulnerability discovered by ? in WordPress Plugin Rank Math SEO versions = 1.0.271...

5.3CVSS5.8AI score0.00356EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000