Lucene search
K
PatchstackMost viewed

46578 matches found

Patchstack
Patchstack
added 2022/08/25 12:0 a.m.35 views

WordPress About Me plugin <= 1.0.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ptsfence Patchstack Alliance in WordPress About Me plugin versions = 1.0.12. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full review...

9.8CVSS4.9AI score0.00735EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/08/01 12:0 a.m.35 views

WordPress Advanced Custom Fields PRO premium plugin <= 5.12.2 - Unauthenticated File Upload vulnerability

Unauthenticated File Upload vulnerability discovered by James Golovich in WordPress Advanced Custom Fields PRO premium plugin versions = 5.12.2. Solution Update the WordPress Advanced Custom Fields PRO plugin to the latest available version at least 5.12.3...

8.8CVSS2.8AI score0.01264EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/06/30 12:0 a.m.35 views

WordPress WP Video Lightbox plugin <= 1.9.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress WP Video Lightbox plugin versions = 1.9.4. Solution Update the WordPress WP Video Lightbox plugin to the latest available version at least 1.9.5...

6.1CVSS1.4AI score0.0054EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/06/07 12:0 a.m.35 views

WordPress Ninja Forms Contact Form plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Ninja Forms Contact Form plugin versions = 3.6.9. Solution Update the WordPress Ninja Forms Contact Form plugin to the latest available version at least 3.6.10...

4.8CVSS3AI score0.00473EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/06/06 12:0 a.m.35 views

WordPress ARMember plugin <= 3.4.7 - Unauthenticated Admin Account Takeover vulnerability

Unauthenticated Admin Account Takeover vulnerability discovered by cydave in WordPress ARMember plugin versions = 3.4.7. Solution Update the WordPress ARMember plugin to the latest available version at least 3.4.8...

8.1CVSS3.6AI score0.0852EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/05/23 12:0 a.m.35 views

WordPress One Click Plugin Updater plugin <= 2.4.14 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress One Click Plugin Updater plugin versions = 2.4.14. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is...

8.1CVSS3.2AI score0.00517EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/27 12:0 a.m.35 views

WordPress Booking Calendar plugin <= 9.1 - Insecure Deserialization/PHP Object Injection vulnerability

Insecure Deserialization/PHP Object Injection vulnerability discovered by Ramuel Gall Wordfence in WordPress Booking Calendar plugin versions = 9.1. Solution Update the WordPress Booking Calendar plugin to the latest available version at least 9.1.1...

8.8CVSS2.6AI score0.01674EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/27 12:0 a.m.35 views

WordPress RSVPMaker plugin <= 9.2.6 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Tobias Kay Dalå oxnan in WordPress RSVPMaker plugin versions = 9.2.6. Solution Update the WordPress RSVPMaker plugin to the latest available version at least 9.2.7...

9.8CVSS3.4AI score0.01779EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2022/04/23 12:0 a.m.36 views

WordPress Metform Elementor Contact Form Builder plugin <= 2.1.3 - Unauthenticated API keys and Secrets Disclosure vulnerability

Unauthenticated API keys and Secrets Disclosure vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Metform Elementor Contact Form Builder plugin versions = 2.1.3. Solution Update the WordPress Metform Elementor Contact Form Builder plugin to the latest available version at least...

7.5CVSS2.7AI score0.09105EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/04/11 12:0 a.m.35 views

WordPress Adrotate plugin <= 5.8.22 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by Muhamad Hidayat in WordPress Adrotate plugin versions = 5.8.22. Solution Update the WordPress Adrotate plugin to the latest available version at least 5.8.23...

4.8CVSS1.7AI score0.00577EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/28 12:0 a.m.35 views

WordPress SearchIQ plugin <= 3.8 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by cydave in WordPress SearchIQ plugin versions = 3.8. Solution Update the WordPress SearchIQ plugin to the latest available version at least 3.9...

6.1CVSS2.3AI score0.00837EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/01 12:0 a.m.35 views

WordPress Narnoo Distributor plugin <= 2.5.1 - Unauthenticated Local File Inclusion (LFI) vulnerability leading to Arbitrary File Read / RCE

Unauthenticated Local File Inclusion LFI vulnerability leading to Arbitrary File Read / RCE discovered by cydave in WordPress Narnoo Distributor plugin versions = 2.5.1. Solution Deactivate and delete. This plugin has been closed as of February 18, 2022 and is not available for download. This...

9.8CVSS1.9AI score0.4783EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/03/01 12:0 a.m.35 views

WordPress Bank Mellat plugin <= 1.3.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Bank Mellat plugin versions = 1.3.7. Solution Deactivate and delete. This plugin has been closed as of February 16, 2022 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3.1AI score0.00788EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/02/16 12:0 a.m.35 views

WordPress WP Statistics plugin <= 13.1.5 - Unauthenticated Blind SQL Injection (SQLi) vulnerability

Unauthenticated Blind SQL Injection SQLi vulnerability via currentpageid discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress WP Statistics plugin versions = 13.1.5. Solution Update the WordPress WP Statistics plugin to the latest available version at least 13.1.6...

9.8CVSS3.3AI score0.81363EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2022/02/02 12:0 a.m.35 views

WordPress NotificationX plugin <= 2.3.8 - Unauthenticated Blind SQL Injection (SQLi) vulnerability

Unauthenticated Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress NotificationX plugin versions = 2.3.8. Solution Update the WordPress NotificationX plugin to the latest available version at least 2.3.9...

9.8CVSS3.2AI score0.34359EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/05 12:0 a.m.35 views

WordPress SupportCandy plugin <= 2.2.6 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by apple502j in WordPress SupportCandy plugin versions = 2.2.6. Solution Update the WordPress SupportCandy plugin to the latest available version at least 2.2.7...

8.8CVSS2.2AI score0.00612EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/12/15 12:0 a.m.35 views

WordPress AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.32 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities discovered by Ex.Mi Patchstack in WordPress AMP for WP – Accelerated Mobile Pages plugin versions = 1.0.77.32. Solution Update the WordPress AMP for WP – Accelerated Mobile Pages plugin to the latest available version at...

4.8CVSS3AI score0.00535EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/11/29 12:0 a.m.35 views

WordPress MOLIE plugin <= 0.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Jeremie Amsellem in WordPress MOLIE plugin versions = 0.5. Solution Deactivate and delete. This plugin has been closed as of November 29, 2021 and is not available for download. Reason: Security Issue...

6.1CVSS3.2AI score0.0082EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/28 12:0 a.m.35 views

WordPress Accesspress Mag theme <= 2.6.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project WordPress Accesspress Mag theme versions = 2.6.5. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignore...

8.8CVSS2.7AI score0.01652EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.35 views

WordPress Catch Breadcrumb plugin <= 1.6 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Breadcrumb plugin versions = 1.6. Solution Update the WordPress Catch Breadcrumb plugin to the latest available version at least 1.7...

5.7CVSS2.5AI score0.00408EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/04/02 12:0 a.m.35 views

WordPress Advanced Custom Fields PRO plugin <= 5.9.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Juan David Ordoñez Noriega in WordPress Advanced Custom Fields PRO plugin versions = 5.9.0. Solution Update the WordPress Advanced Custom Fields PRO plugin to the latest available version at least 5.9.1...

6.1CVSS2.4AI score0.01387EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/02/16 12:0 a.m.35 views

WordPress Popup Builder plugin <= 2.6.7.6 - SQL injection (SQLi) vulnerability

SQL injection SQLi vulnerability discovered by ZeroAuth in WordPress Popup Builder plugin versions = 2.6.7.6. Solution Update the WordPress Popup Builder plugin to the latest available version at least 3.0.2...

9.8CVSS2.5AI score0.0856EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2014/09/25 12:0 a.m.35 views

WordPress MaxButtons Plugin <= 1.26.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "id" parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page. Solution Update the plugin...

4.3CVSS2.7AI score0.02053EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2014/08/15 12:0 a.m.35 views

WordPress <= 3.9.1 - Denial Of Service Attacks #2

The Incutio XML-RPC IXR Library permits entity declarations without considering recursion during entity expansion. In that way the attackers can cause a denial of service attacks via a crafted XML document containing a large number of nested entity references. Related records:...

5CVSS2.3AI score0.03089EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/07/10 12:0 a.m.35 views

WordPress Polylang Plugin <= 1.5.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via vectors related to a user description. Solution Update the plugin...

4.3CVSS2.6AI score0.01578EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/26 12:0 a.m.34 views

WordPress Leopard - WordPress offload media Plugin <= 3.1.1 is vulnerable to Broken Access Control

Software Leopard - WordPress offload media Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10589 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 9f2ff23f7d2f Credits Tonn...

9.8CVSS6.5AI score0.00473EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/14 12:0 a.m.34 views

WordPress Really Simple Security Pro Plugin 9.0.0-9.1.1.1 is vulnerable to Broken Authentication

Software Really Simple Security Pro Type Plugin Vulnerable versions 9.0.0-9.1.1.1 Fixed in 9.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10924 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dc394c4ae392 Credits István...

9.8CVSS6.2AI score0.81722EPSS
Exploits21References2Affected Software1
Patchstack
Patchstack
added 2024/10/07 12:0 a.m.34 views

WordPress FluentForm Plugin <= 5.1.19 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.19 Fixed in 5.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9528 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 973bb3afee30 Credits Ivan Kuzymchak Required...

4.9CVSS5.8AI score0.00368EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/25 12:0 a.m.34 views

WordPress The Events Calendar Plugin <= 6.6.4 is vulnerable to SQL Injection

Software The Events Calendar Type Plugin Vulnerable versions = 6.6.4 Fixed in 6.6.4.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8275 Patch priority High CVSS severity High 9.3 Developer Liquid Web / StellarWP PSID fcc27b88891b Credits Foxyyy Required privilege...

9.8CVSS6.8AI score0.49709EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/06/27 12:0 a.m.34 views

WordPress Contact Form 7 Plugin < 5.9.5 is vulnerable to Open Redirection

Software Contact Form 7 Type Plugin Vulnerable versions 5.9.5 Fixed in 5.9.5 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-4704 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 0480ce1a1ef4 Credits William Bastos - cHoR4o Required privilege...

6.1CVSS6.8AI score0.00449EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/05/28 12:0 a.m.34 views

WordPress Slider Revolution Plugin < 6.7.11 is vulnerable to Cross Site Scripting (XSS)

Software Slider Revolution Type Plugin Vulnerable versions 6.7.11 Fixed in 6.7.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34443 Patch priority Low CVSS severity Low 5.9 Developer ThemePunch PSID 5d432eb3f5ab Credits Rafie Muhammad Patchstack Required...

5.9CVSS6.6AI score0.00283EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2023/11/24 12:0 a.m.34 views

WordPress Export any WordPress data to XML/CSV Plugin < 1.4.0 is vulnerable to Remote Code Execution (RCE)

Software Export any WordPress data to XML/CSV Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-4724 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 6a309d1d1825 Credits Francesco Marano...

7.2CVSS7.6AI score0.01151EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2022/11/07 12:0 a.m.34 views

WordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to unauth. changing of Opt-In or Opt-Out tracking settings discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress LoginPress plugin versions = 1.6.2. Solution Update the WordPress LoginPress plugin to the latest available version at least...

5.3CVSS4.2AI score0.00479EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/20 12:0 a.m.34 views

WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to Sitemap Deletion/Creation discovered by Mika Patchstack Alliance in WordPress Simple SEO plugin versions = 1.8.12. Solution Update the WordPress Simple SEO plugin to the latest available version at least 1.8.13...

5.4CVSS3.9AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/19 12:0 a.m.34 views

WordPress ImageMagick Engine plugin <= 1.7.4 - Remote Code Execution (RCE) via Cross-Site Request Forgery (CSRF) vulnerability

Remote Code Execution RCE via Cross-Site Request Forgery CSRF vulnerability in WordPress ImageMagick Engine plugin versions = 1.7.4 Solution Update the WordPress ImageMagick Engine plugin to the latest available version at least 1.7.6...

6.7AI score0.01074EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/30 12:0 a.m.34 views

WordPress OSM – OpenStreetMap plugin <= 6.0.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Update discovered by Rasi Afeef Patchstack Alliance in WordPress OSM – OpenStreetMap plugin versions = 6.0.1. Solution No patched version is available. No reply from the vendor...

3.7AI score0.00271EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/23 12:0 a.m.34 views

WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to deletion of 404 errors and redirection history was discovered by Muhammad Daffa Patchstack Alliance in the WordPress SEO Redirection plugin versions = 8.9. Solution Update the WordPress SEO Redirection plugin to the latest available version...

5.4CVSS3.2AI score0.00251EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/22 12:0 a.m.34 views

WordPress Export Post Info plugin <= 1.2.0 - Authenticated CSV Injection vulnerability

Authenticated CSV Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Export Post Info plugin versions = 1.2.0. Solution Update the WordPress Export Post Info plugin to the latest available version at least 1.2.1...

6.2CVSS3.4AI score0.006EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/09/13 12:0 a.m.34 views

WordPress WPGateway premium plugin <= 3.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability that allows unauthenticated attackers to insert a malicious administrator discovered by Chloe Chamberland Wordfence in WordPress WPGateway premium plugin versions = 3.5 Solution Deactivate and delete. No fix is available...

4.9AI score0.08841EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/05 12:0 a.m.34 views

WordPress WP Popup Builder plugin <= 1.2.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WP Popup Builder plugin versions = 1.2.8. Solution Update the WordPress WP Popup Builder plugin to the latest available version at least 1.2.9...

6.1CVSS2AI score0.00492EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/03 12:0 a.m.34 views

WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 3.0.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WooCommerce PDF Invoices & Packing Slips plugin versions = 3.0.0. Solution Update the WordPress WooCommerce PDF Invoices & Packing Slips plugin to the latest available version at least 3.0.1...

6.1CVSS3.2AI score0.0055EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/08/03 12:0 a.m.34 views

WordPress WPIDE – File Manager & Code Editor plugin <= 2.6 - Authenticated Local File Inclusion (LFI) vulnerability

Authenticated Local File Inclusion LFI vulnerability discovered by Raad Haddad in WordPress WPIDE – File Manager & Code Editor plugin versions = 2.6. Solution Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version at least 3.0...

7.2CVSS1.5AI score0.01145EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/08/02 12:0 a.m.34 views

WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Lana Codes in WordPress WP OAuth Server plugin versions = 3.0.4. Solution Update the WordPress WP OAuth Server plugin to the latest available version at least 4.0.1...

9.8CVSS3.4AI score0.01025EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2022/08/01 12:0 a.m.34 views

WordPress Simple Job Board plugin <= 2.9.6 - Resume Disclosure via Directory Listing

Resume Disclosure via Directory Listing was discovered by Daniel Ruf in the WordPress Simple Job Board plugin versions = 2.9.6. Solution Update the WordPress Simple Job Board plugin to the latest available version at least 2.10.0...

5.3CVSS3.8AI score0.00787EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/07/25 12:0 a.m.34 views

WordPress Flipbox plugin <= 2.6.0 - Authenticated WordPress Options Change vulnerability

Authenticated WordPress Options Change vulnerability discovered by m0ze Patchstack in WordPress Flipbox plugin versions = 2.6.0. Solution Update the WordPress Flipbox plugin to the latest available version at least 2.6.1...

7.2CVSS2.4AI score0.00976EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/06/03 12:0 a.m.34 views

WordPress Form – Contact Form plugin <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Form – Contact Form plugin versions = 1.2.4. Solution Deactivate and delete. This plugin has been closed as of June 2, 2022 and is not available for download. This closure is temporary, pending a...

4.8CVSS2AI score0.00552EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/05/04 12:0 a.m.34 views

WordPress Andrea Pernici News Sitemap for Google plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by John Castro aka mirphak Pagely in WordPress Andrea Pernici News Sitemap for Google plugin versions = 1.0.16. Solution No patched version is available...

5.4CVSS2AI score0.00538EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/14 12:0 a.m.34 views

WordPress Modern Events Calendar Lite plugin <= 6.5.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Modern Events Calendar Lite plugin versions = 6.5.1. Solution Update the WordPress Modern Events Calendar Lite plugin to the latest available version at least 6.5.2...

4.8CVSS2.7AI score0.00533EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/03/29 12:0 a.m.34 views

WordPress myCred plugin <= 2.4.3 - Import/Export to Email Address Disclosure vulnerability

Import/Export to Email Address Disclosure vulnerability discovered by David Hamann in WordPress myCred plugin versions = 2.4.3. Solution Update the WordPress myCred plugin to the latest available version at least 2.4.4...

4.3CVSS1.8AI score0.00415EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/03/08 12:0 a.m.34 views

WordPress Ninja Forms File Uploads Extension premium plugin <= 3.3.12 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Nuno Correia Blaze Security in WordPress Ninja Forms File Uploads Extension premium plugin versions = 3.3.12. Solution Update the WordPress Ninja Forms File Uploads Extension premium plugin to the latest available version at least...

7.2CVSS2.2AI score0.00748EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000