Lucene search
K
PatchstackMost viewed

46606 matches found

Patchstack
Patchstack
added 2024/10/16 12:0 a.m.17 views

WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Broken Authentication

Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9861 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID...

8.1CVSS6.5AI score0.00604EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/16 12:0 a.m.17 views

WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Privilege Escalation

Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A5: Security Misconfiguration Classification Privilege Escalation CVE CVE-2024-9863 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 768f87fd904b Credits...

9.8CVSS6.5AI score0.00581EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.17 views

WordPress RS-Members Plugin <= 1.0.3 is vulnerable to Privilege Escalation

Software RS-Members Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-49219 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3db20a267888 Credits João Pedro S Alcântara Kinorth...

8.8CVSS8.6AI score0.0041EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.17 views

WordPress Elementor Website Builder Plugin <= 3.24.5 is vulnerable to Sensitive Data Exposure

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.24.5 Fixed in 3.24.6 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-6757 Patch priority Low CVSS severity Low 4.3 Developer Elementor PSID f4cfefcf22b1 Credits stealthcopter Required...

4.3CVSS6.5AI score0.0039EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.17 views

WordPress Primary Addon for Elementor Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS)

Software Primary Addon for Elementor Type Plugin Vulnerable versions = 1.5.8 Fixed in 1.5.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49259 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c68882b5abc9 Credits João Pedro S Alcântara...

6.5CVSS6.8AI score0.00254EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/13 12:0 a.m.17 views

WordPress Contact Form by Supsystic Plugin <= 1.7.28 is vulnerable to Remote Code Execution (RCE)

Software Contact Form by Supsystic Type Plugin Vulnerable versions = 1.7.28 Fixed in 1.7.29 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-48042 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 062050e33e8e Credits Hakiduck Required privile...

9.1CVSS7.2AI score0.01126EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/11 12:0 a.m.17 views

WordPress Easy PayPal Gift Certificate Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Easy PayPal Gift Certificate Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9592 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e85fe46e59dc Credits István...

6.1CVSS5.6AI score0.00103EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/10 12:0 a.m.17 views

WordPress The Plus Addons for Elementor Page Builder Lite Plugin <= 5.6.11 is vulnerable to Sensitive Data Exposure

Software The Plus Addons for Elementor Page Builder Lite Type Plugin Vulnerable versions = 5.6.11 Fixed in 5.6.12 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8913 Patch priority Low CVSS severity Low 6.5 Developer POSIMYTH Innovations PSID...

4.3CVSS6.5AI score0.00368EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/09 12:0 a.m.17 views

WordPress Easy Social Share Buttons Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Easy Social Share Buttons Type Plugin Vulnerable versions = 1.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8729 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID db873cfad5a2 Credits vgo0...

6.1CVSS5.6AI score0.00282EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/03 12:0 a.m.17 views

WordPress Social Web Suite Plugin <= 4.1.11 is vulnerable to Arbitrary File Download

Software Social Web Suite Type Plugin Vulnerable versions = 4.1.11 Fixed in 4.1.12 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-8352 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9b823a04681b Credits Thanh Nam Tran Required...

7.5CVSS6.5AI score0.00946EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/02 12:0 a.m.17 views

WordPress Ajax Load More Plugin <= 7.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Load More Type Plugin Vulnerable versions = 7.1.2 Fixed in 7.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8505 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 333f5ab48634 Credits Robert DeVore Required...

6.4CVSS5.8AI score0.00354EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.17 views

WordPress Cost Calculator Builder Plugin < 3.2.29 is vulnerable to SQL Injection

Software Cost Calculator Builder Type Plugin Vulnerable versions 3.2.29 Fixed in 3.2.29 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8379 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0f5b1e009da9 Credits Kientt Required privilege Administrator...

7.2CVSS6.9AI score0.00532EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.17 views

WordPress Web Directory Free Plugin <= 1.7.3 is vulnerable to Cross Site Scripting (XSS)

Software Web Directory Free Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47379 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7db5790f7ffc Credits Certus Cybersecurity Required...

7.1CVSS6.5AI score0.00292EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.17 views

WordPress MaxSlider Plugin <= 1.2.3 is vulnerable to Local File Inclusion

Software MaxSlider Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-47351 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID f9c913e9044c Credits João Pedro S Alcântara Kinorth Required privileg...

7.5CVSS7.8AI score0.00474EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.17 views

WordPress EventPrime Plugin <= 4.0.4.5 is vulnerable to Open Redirection

Software EventPrime Type Plugin Vulnerable versions = 4.0.4.5 Fixed in 4.0.4.6 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2024-47648 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 5cc95dc439ed Credits Muhamad Agil Fachrian Required privilege...

6.1CVSS6.8AI score0.00251EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/26 12:0 a.m.17 views

WordPress Bulk NoIndex & NoFollow Toolkit Plugin <= 2.15 is vulnerable to Cross Site Scripting (XSS)

Software Bulk NoIndex & NoFollow Toolkit Type Plugin Vulnerable versions = 2.15 Fixed in 2.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8803 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 78a9bff492c8 Credits vgo0...

6.1CVSS5.7AI score0.0036EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/25 12:0 a.m.17 views

WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.7.12 is vulnerable to Privilege Escalation

Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions = 6.7.12 Fixed in 6.7.13 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8290 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID...

8.8CVSS6.6AI score0.00586EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/25 12:0 a.m.17 views

WordPress LiteSpeed Cache Plugin <= 6.4.1 is vulnerable to Cross Site Scripting (XSS)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.4.1 Fixed in 6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9169 Patch priority Low CVSS severity Low 5.9 Developer Hai Zheng / Lite Speed Cache PSID 86505b2e63f8 Credits WordFence...

5.5CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/25 12:0 a.m.17 views

WordPress Themesflat Addons For Elementor Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Themesflat Addons For Elementor Type Plugin Vulnerable versions = 2.2.1 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8515 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dff5f611f1f6 Credits Webberna...

6.4CVSS8.5AI score0.00425EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.17 views

WordPress Primary Addon for Elementor Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Primary Addon for Elementor Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44033 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8b7b50340583 Credits João Pedro S Alcântara...

6.5CVSS6.8AI score0.0029EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.17 views

WordPress Contact Form 7 Campaign Monitor Extension Plugin <= 0.4.67 is vulnerable to Broken Access Control

Software Contact Form 7 Campaign Monitor Extension Type Plugin Vulnerable versions = 0.4.67 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-44019 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 11a927ecc073 Credits Abdi...

9.8CVSS6.5AI score0.00385EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.17 views

WordPress REST API TO MiniProgram Plugin <= 4.7.1 is vulnerable to Privilege Escalation

Software REST API TO MiniProgram Type Plugin Vulnerable versions = 4.7.1 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-8485 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dc9973040e40 Credits wesley wcraft Required...

9.8CVSS9.3AI score0.00574EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/23 12:0 a.m.17 views

WordPress Photo Gallery by 10Web Plugin <= 1.8.27 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.27 Fixed in 1.8.28 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44043 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 58bdb83f52ba Credits Robert DeVore Required...

5.9CVSS6.5AI score0.00287EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/20 12:0 a.m.17 views

WordPress Webo-facto Plugin <= 1.40 is vulnerable to Privilege Escalation

Software Webo-facto Type Plugin Vulnerable versions = 1.40 Fixed in 1.41 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8853 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15efb92b2d14 Credits István Márton...

9.8CVSS6.6AI score0.00642EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/13 12:0 a.m.17 views

WordPress Carousel Slider Plugin < 2.2.14 is vulnerable to Cross Site Scripting (XSS)

Software Carousel Slider Type Plugin Vulnerable versions 2.2.14 Fixed in 2.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6850 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7f793427535a Credits Krugov Artyom Required...

4.8CVSS5.8AI score0.00325EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2024/09/13 12:0 a.m.17 views

WordPress MStore API Plugin <= 4.15.3 is vulnerable to Arbitrary File Upload

Software MStore API Type Plugin Vulnerable versions = 4.15.3 Fixed in 4.15.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8242 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5f5d39cca07a Credits stealthcopter Required privilege...

8.8CVSS6.8AI score0.00785EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/09 12:0 a.m.17 views

WordPress Ninja Forms File Uploads Extension Plugin <= 3.3.16 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms File Uploads Extension Type Plugin Vulnerable versions = 3.3.16 Fixed in 3.3.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1596 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 261b89d2f6fa Credi...

7.2CVSS5.7AI score0.00403EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/09 12:0 a.m.17 views

WordPress Big File Uploads Plugin <= 2.1.2 is vulnerable to Full Path Disclosure (FPD)

Software Big File Uploads Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Full Path Disclosure FPD CVE CVE-2024-8538 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7d70a0318727 Credits netc4t Required privileg...

4.3CVSS6.5AI score0.00558EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/06 12:0 a.m.17 views

WordPress Frontend Post Submission Manager Lite Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software Frontend Post Submission Manager Lite Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8427 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ea5d9d3b8976 Credits Lucio Sá...

4.3CVSS6.6AI score0.00323EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/05 12:0 a.m.17 views

WordPress Geo Controller Plugin <= 8.7.3 is vulnerable to Broken Access Control

Software Geo Controller Type Plugin Vulnerable versions = 8.7.3 Fixed in 8.7.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7380 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c241dd8210b8 Credits Lucio Sá Required privilege...

4.3CVSS6.6AI score0.00266EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/05 12:0 a.m.17 views

WordPress Share This Image Plugin <= 2.02 is vulnerable to Cross Site Scripting (XSS)

Software Share This Image Type Plugin Vulnerable versions = 2.02 Fixed in 2.03 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8363 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f926f6e8d27 Credits Krzysztof Zając Required...

6.4CVSS5.8AI score0.00394EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/04 12:0 a.m.17 views

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Broken Access Control

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8121 Patch priority Low CVSS severity Low 5.4 Developer WP Extended PSID 13565964e4a5 Credits Marco...

5.4CVSS9.4AI score0.00323EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/30 12:0 a.m.17 views

WordPress Enfold Theme <= 6.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Enfold Type Theme Vulnerable versions = 6.0.3 Fixed in 6.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5061 Patch priority Low CVSS severity Low 6.5 Developer Kriesi PSID 85813e2bbfbb Credits stealthcopter Required privilege Contributo...

6.4CVSS5.8AI score0.0025EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/30 12:0 a.m.17 views

WordPress Media Library Folders Plugin <= 8.2.3 is vulnerable to Broken Access Control

Software Media Library Folders Type Plugin Vulnerable versions = 8.2.3 Fixed in 8.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7858 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e34ed26523d9 Credits Lucio Sá Required...

6.3CVSS6.5AI score0.00331EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/27 12:0 a.m.17 views

WordPress Xpro Elementor Addons Plugin <= 1.4.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.4.3 Fixed in 1.4.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7791 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 93f87661de72 Credits WordFence...

6.4CVSS5.8AI score0.00311EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/26 12:0 a.m.17 views

WordPress WP Testimonial Widget Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Testimonial Widget Type Plugin Vulnerable versions = 3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43967 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 886cd3de89e3 Credits hnwmn Required privilege Administrat...

5.9CVSS6.6AI score0.0026EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/20 12:0 a.m.17 views

WordPress AdRotate Plugin <= 5.13.2 is vulnerable to Arbitrary File Upload

Software AdRotate Type Plugin Vulnerable versions = 5.13.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2022-1206 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID f703ac87a2d0 Credits Jorgson Required privilege Administrator Published...

7.2CVSS6.9AI score0.00966EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.17 views

WordPress WP User Manager Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP User Manager Type Plugin Vulnerable versions = 2.9.10 Fixed in 2.9.11 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-43336 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID 6918353ae071 Credits Ananda Dhakal Patchstac...

4.3CVSS6.7AI score0.00174EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:0 a.m.17 views

WordPress Smart Online Order for Clover Plugin <= 1.5.6 is vulnerable to Broken Access Control

Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43254 Patch priority Low CVSS severity Low 4.3 Developer Zaytech PSID 156828c345a0 Credits Dhabaleshwar Das Requir...

8.8CVSS6.3AI score0.00417EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:0 a.m.17 views

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Sensitive Data Exposure

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43251 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6d6af3324445 Credits Dave Jong Patchstack...

6.5CVSS6.5AI score0.00418EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:0 a.m.17 views

WordPress JobSearch Plugin <= 2.3.4 is vulnerable to Privilege Escalation

Software JobSearch Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-43245 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dba18ffc45d3 Credits Dave Jong Patchstack Required...

9.8CVSS6.5AI score0.00473EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/09 12:0 a.m.17 views

WordPress Mediavine Control Panel Plugin <= 2.10.4 is vulnerable to Cross Site Scripting (XSS)

Software Mediavine Control Panel Type Plugin Vulnerable versions = 2.10.4 Fixed in 2.10.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43218 Patch priority Low CVSS severity Low 6.5 Developer Mediavine PSID 447650b29419 Credits LVT-tholv2k Required privilege...

6.5CVSS6.9AI score0.00245EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/07 12:0 a.m.17 views

WordPress Selection Lite Plugin <= 1.11 is vulnerable to Cross Site Scripting (XSS)

Software Selection Lite Type Plugin Vulnerable versions = 1.11 Fixed in 1.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43147 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1d02eb7c2b01 Credits 4rCanJ0x! Required privilege Contributor...

6.5CVSS6.6AI score0.00245EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/05 12:0 a.m.17 views

WordPress CRM Perks Forms Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7484 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c7c64ee12633 Credits István Márton Required privilege...

7.2CVSS6.9AI score0.0093EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/05 12:0 a.m.17 views

WordPress Sync Post With Other Site Plugin <= 1.6 is vulnerable to Broken Access Control

Software Sync Post With Other Site Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6709 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 159a5eca941a Credits Lucio Sá Required...

4.3CVSS6.6AI score0.00323EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/01 12:0 a.m.17 views

WordPress Swift Framework Page Builder Plugin < 2024.04.30 is vulnerable to Cross Site Scripting (XSS)

Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.04.30 Fixed in 2024.04.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2872 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a6a23937e22a Credits Bob...

4.8CVSS6AI score0.00312EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/08/01 12:0 a.m.17 views

WordPress Remote Content Shortcode Plugin <= 1.5 is vulnerable to Server Side Request Forgery (SSRF)

Software Remote Content Shortcode Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-2090 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 1a39ce70a128 Credits Francesco Carlucci Require...

6.4CVSS7AI score0.0026EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/01 12:0 a.m.17 views

WordPress CTT Expresso para WooCommerce Plugin <= 3.2.12 is vulnerable to Sensitive Data Exposure

Software CTT Expresso para WooCommerce Type Plugin Vulnerable versions = 3.2.12 Fixed in 3.2.13 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6687 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 27468c538b68 Credits Ricardo...

7.5CVSS6.6AI score0.00415EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/01 12:0 a.m.17 views

WordPress Sign-up Sheets Plugin <= 2.2.12 is vulnerable to Broken Access Control

Software Sign-up Sheets Type Plugin Vulnerable versions = 2.2.12 Fixed in 2.2.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-39654 Patch priority Low CVSS severity Low 5.3 Developer Fetch Designs PSID bf5384db048d Credits Joshua Chan Required privilege...

5.3CVSS6.3AI score0.0035EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/01 12:0 a.m.17 views

WordPress Black Widgets For Elementor Plugin <= 1.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Black Widgets For Elementor Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39644 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 23d80ce9ec11 Credits Michael Required privilege...

6.5CVSS6.6AI score0.00246EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000