Lucene search
K
PatchstackMost viewed

46578 matches found

Patchstack
Patchstack
added 2023/03/28 12:0 a.m.17 views

WordPress directory-pro Plugin < 1.9.5 is vulnerable to Privilege Escalation

Software directory-pro Type Plugin Vulnerable versions 1.9.5 Fixed in 1.9.5 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 27a5e48fd1cc Credits Omar Badran Required privilege...

8.8CVSS6.8AI score0.00905EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.17 views

WordPress BuddyPress Builder for Elementor – BuddyBuilder Plugin <= 1.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software BuddyPress Builder for Elementor – BuddyBuilder Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer StaxWP PSID 8a84cf645ad6...

5.8AI score0.00113EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/20 12:0 a.m.17 views

WordPress WP Express Checkout (Accept PayPal Payments) Plugin <= 2.2.8 is vulnerable to Cross Site Scripting (XSS)

Software WP Express Checkout Accept PayPal Payments Type Plugin Vulnerable versions = 2.2.8 Fixed in 2.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1469 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c8954f0fe6fa Credi...

4.8CVSS5.8AI score0.00352EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/03/16 12:0 a.m.17 views

WordPress Products Compare for WooCommerce Plugin <= 3.5.7.7 is vulnerable to Broken Access Control

Software Products Compare for WooCommerce Type Plugin Vulnerable versions = 3.5.7.7 Fixed in 3.5.7.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f7685c0ec49a Credits István...

5.9AI score0.00227EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/13 12:0 a.m.17 views

WordPress Brilliance Theme <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Brilliance Type Theme Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28171 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 3d9a1effb3cc Credits Dave Jong Patchstack...

5.4CVSS5.6AI score0.00377EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/03/03 12:0 a.m.17 views

WordPress Auto Featured Image (Auto Post Thumbnail) Plugin < 3.9.16 is vulnerable to Arbitrary File Upload

Software Auto Featured Image Auto Post Thumbnail Type Plugin Vulnerable versions 3.9.16 Fixed in 3.9.16 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0477 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID ad8cfc8bf738 Credits dc11 Required...

8.8CVSS7.2AI score0.01645EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/02/27 12:0 a.m.17 views

WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Broken Access Control

Software Wholesale Suite Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-34344 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a79154ee52a1 Credits Dave Jong Patchstack Requir...

8.8CVSS6.9AI score0.0046EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/21 12:0 a.m.17 views

WordPress Markup (JSON-LD) structured in schema.org Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Markup JSON-LD structured in schema.org Type Plugin Vulnerable versions = 4.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4666 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f683250d0657...

5.4CVSS5.9AI score0.00471EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/02/20 12:0 a.m.17 views

WordPress WP Coder Plugin < 2.5.4 is vulnerable to SQL Injection

Software WP Coder Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0895 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID af35ebdc8e18 Credits Etan Imanol Castro Aldrete Required privilege Administrator...

7.2CVSS6.8AI score0.00798EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/02/17 12:0 a.m.17 views

WordPress Campaign URL Builder Plugin < 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Campaign URL Builder Type Plugin Vulnerable versions 1.8.2 Fixed in 1.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0538 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 650b985168de Credits Lana Codes...

5.4CVSS5.6AI score0.00444EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/02/14 12:0 a.m.17 views

WordPress Quick Event Manager Plugin <= 9.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Quick Event Manager Type Plugin Vulnerable versions = 9.6.4 Fixed in 9.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46863 Patch priority Low CVSS severity Low 5.9 Developer Fullworks Plugins PSID 59c55fdc1246 Credits Justiice Required...

5.9CVSS5.8AI score0.00369EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.18 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0724 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4ecba55efc7d Credits Marco Wotschka...

5.4CVSS6.9AI score0.00308EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.17 views

WordPress Interactive Geo Maps Plugin <= 1.5.9 is vulnerable to Cross Site Scripting (XSS)

Software Interactive Geo Maps Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0731 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID 116865bf62ab Credits Marco Wotsch...

6.4CVSS5.9AI score0.00521EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.17 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0730 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a5e4047ba885 Credits Marco Wotschka...

5.4CVSS6.6AI score0.00322EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/02/02 12:0 a.m.17 views

WordPress Side Cart Woocommerce (Ajax) Plugin < 2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Side Cart Woocommerce Ajax Type Plugin Vulnerable versions 2.1 Fixed in 2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-45376 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID eab543b53017 Credits Muhammad Daffa...

8.8CVSS6.6AI score0.00273EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2023/01/31 12:0 a.m.17 views

WordPress GS Products Slider for WooCommerce Plugin < 1.5.9 is vulnerable to Cross Site Scripting (XSS)

Software GS Products Slider for WooCommerce Type Plugin Vulnerable versions 1.5.9 Fixed in 1.5.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0492 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 912bee63a436 Credits...

5.4CVSS5.7AI score0.00457EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/31 12:0 a.m.17 views

WordPress GS Portfolio for Envato Plugin < 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Software GS Portfolio for Envato Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0559 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID abe3328dc56e Credits István Márto...

5.4CVSS5.7AI score0.00457EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/26 12:0 a.m.17 views

WordPress Intuitive Custom Post Order Plugin <= 3.1.4.1 is vulnerable to SQL Injection

Software Intuitive Custom Post Order Type Plugin Vulnerable versions = 3.1.4.1 Fixed in 3.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1016 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID bd23d6b4e595 Credits Wordfence Required privilege...

7.2CVSS6.9AI score0.00971EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.17 views

WordPress Name Directory Plugin <= 1.27.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Name Directory Type Plugin Vulnerable versions = 1.27.1 Fixed in 1.27.2 OWASP Top 10 A6: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-22692 Patch priority Low CVSS severity Low 4.3 Developer Jeroen Peters PSID 97cd32d13c24 Credits NeginNrb Require...

8.8CVSS6.7AI score0.00271EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.17 views

WordPress Spectra Plugin <= 2.3.0 is vulnerable to Broken Access Control

Software Spectra Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23834 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b8d689e47cd6 Credits István Márton Required privilege...

6.5AI score0.00642EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.17 views

WordPress Participants Database Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Participants Database Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47612 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2aed529173b0 Credits rezaduty...

4.3CVSS7AI score0.00231EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.17 views

WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pods Type Plugin Vulnerable versions = 2.9.10.2 Fixed in 2.9.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23790 Patch priority Low CVSS severity Low 7.1 Developer Pods Framework PSID f64545c57092 Credits Rafshanzani Suhada Required...

8.8CVSS6.7AI score0.00264EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.17 views

WordPress WP Go Maps Plugin <= 9.0.15 is vulnerable to Directory Traversal

Software WP Go Maps Type Plugin Vulnerable versions = 9.0.15 Fixed in 9.0.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Directory Traversal CVE CVE-2022-47595 Patch priority Low CVSS severity Low 4.9 Developer WP Go Maps PSID ce001c792740 Credits rezaduty Required privilege...

6.5CVSS6.9AI score0.00754EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.17 views

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23979 Patch priority Medium CVSS severity Medium 7.1 Developer Fullworks Plugins PSID c7609f23707d Credits yuyudhn...

7.1CVSS5.9AI score0.00406EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/18 12:0 a.m.17 views

WordPress GiveWP Plugin <= 2.23.2 is vulnerable to SQL Injection

Software GiveWP Type Plugin Vulnerable versions = 2.23.2 Fixed in 2.24.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0224 Patch priority High CVSS severity High 8.2 Developer Liquid Web / StellarWP PSID 3f057c60656c Credits dc11 Required privilege Unauthenticated Publishe...

9.8CVSS6.8AI score0.03742EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/01/16 12:0 a.m.17 views

WordPress Stream Plugin < 3.9.2 is vulnerable to Broken Access Control

Software Stream Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4384 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ad3b89e6bfd1 Credits Krzysztof Zajac Required privilege...

6.5CVSS6.5AI score0.0091EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/01/13 12:0 a.m.17 views

WordPress Google Analytics by Monster Insights Plugin < 8.12.1 is vulnerable to Cross Site Scripting (XSS)

Software Google Analytics by Monster Insights Type Plugin Vulnerable versions 8.12.1 Fixed in 8.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0081 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 30ac1c972f6b Credi...

5.4CVSS5.6AI score0.00589EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/01/12 12:0 a.m.17 views

WordPress Annual Archive Plugin < 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Annual Archive Type Plugin Vulnerable versions 1.6.0 Fixed in 1.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0178 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e447b05c3b01 Credits Lana Codes Required...

5.4CVSS5.6AI score0.00573EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/11 12:0 a.m.17 views

WordPress Ibtana Plugin < 1.1.8.8 is vulnerable to Cross Site Scripting (XSS)

Software Ibtana Type Plugin Vulnerable versions 1.1.8.8 Fixed in 1.1.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4674 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e564cfbd3326 Credits Lana Codes Required...

5.4CVSS5.9AI score0.00555EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/01/04 12:0 a.m.17 views

WordPress Blog Designer - Post and Widget Plugin < 2.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Blog Designer - Post and Widget Type Plugin Vulnerable versions 2.4.1 Fixed in 2.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4793 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d4fed6181a18 Credits Istv...

6.8CVSS5.7AI score0.00627EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/03 12:0 a.m.17 views

WordPress Simple Sitemap – Create a Responsive HTML Sitemap Plugin < 3.5.8 is vulnerable to Cross Site Scripting (XSS)

Software Simple Sitemap – Create a Responsive HTML Sitemap Type Plugin Vulnerable versions 3.5.8 Fixed in 3.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4472 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID...

5.4CVSS5.5AI score0.00519EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/12/29 12:0 a.m.17 views

WordPress statfort Theme < 10 is vulnerable to Arbitrary File Upload

Software statfort Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 68bfdf44186f Credits Joshua Small Required privilege...

9.8CVSS9.3AI score0.02084EPSS
Exploits12References2Affected Software1
Patchstack
Patchstack
added 2022/11/24 12:0 a.m.17 views

WordPress Quizlord plugin <= 2.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Machupalli Sree Pragna in the WordPress Quizlord plugin versions = 2.0. Solution Deactivate and delete. This plugin has been closed as of November 22, 2022 and is not available for download. This closure is temporary, pending a ful...

2.6AI score0.00535EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/17 12:0 a.m.17 views

WordPress ULTIMATE TABLES plugin <= 1.6.5 - Unauth. Reflected Cross-Site Scripting (XSS) vulnerability

Unauth. Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress ULTIMATE TABLES plugin versions = 1.6.5. Solution No patched version is available. No reply from the vendor...

6.1CVSS2.9AI score0.00406EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/17 12:0 a.m.17 views

WordPress WooSwipe WooCommerce Gallery plugin <= 2.0.1 - Auth. Broken Access Control vulnerability

Auth. Broken Access Control vulnerability leading to plugin settings change discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress WooSwipe WooCommerce Gallery plugin versions = 2.0.1. Solution No patched version is available. No reply from the vendor...

8.8CVSS3.8AI score0.00631EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2022/11/11 12:0 a.m.17 views

WordPress Add Multiple Marker plugin <= 1.2 - Missing Access Control vulnerability

Missing Access Control vulnerability leading to unauth. plugin settings change discovered by ptsfence Patchstack Alliance in WordPress Add Multiple Marker plugin versions = 1.2. Solution No patched version is available...

4.1AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/11 12:0 a.m.17 views

WordPress PostmagThemes Demo plugin <= 1.0.7 - Auth. Arbitrary File Upload vulnerability

Auth. Arbitrary File Upload vulnerability discovered by thunder.god.hhh in WordPress PostmagThemes Demo plugin versions = 1.0.7. Solution Deactivate and delete. This plugin has been closed as of November 10, 2022 and is not available for download. This closure is temporary, pending a full review...

3.2AI score0.01042EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/07 12:0 a.m.17 views

WordPress Testimonial Slider plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Testimonial Slider plugin versions = 1.3.1. Solution No patched version is available. No reply from the vendor...

8.8CVSS3.8AI score0.00293EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/03 12:0 a.m.17 views

WordPress Analytics for WP plugin <= 1.5.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by zhangyunpei in WordPress Analytics for WP plugin versions = 1.5.1. Solution Deactivate and delete. This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full revi...

2.7AI score0.00519EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/02 12:0 a.m.17 views

WordPress AM-HiLi plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep Patchstack Alliance in the WordPress AM-HiLi plugin versions = 1.0. Solution No patched version is available...

4.8CVSS2.1AI score0.00412EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/02 12:0 a.m.17 views

WordPress 4ECPS Web Forms plugin <= 0.2.17 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT Patchstack Alliance in WordPress 4ECPS Web Forms plugin versions = 0.2.17. Solution Update the WordPress 4ECPS Web Forms plugin to the latest available version at least 0.2.18...

4.8CVSS1.7AI score0.00412EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/01 12:0 a.m.17 views

WordPress Homepage Popup plugin <= 1.2.5 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mika in the WordPress Homepage Pop-up plugin versions = 1.2.5. Solution No patched version is available. No reply from the vendor...

1.1AI score0.00392EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.17 views

WordPress Mantenimiento web plugin <= 0.13 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Rasi Afeef Patchstack Alliance in the WordPress Mantenimiento web plugin versions = 0.13. Solution Update the WordPress Mantenimiento web plugin to the latest available version at least 0.14...

6.1CVSS2.9AI score0.00216EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/28 12:0 a.m.18 views

WordPress Creative Mail plugin <= 1.5.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities leading to enable/disable contact sync, plugin reset, account unlink, and email marketing settings change were discovered by Vlad Vector Patchstack in the WordPress Creative Mail plugin versions = 1.5.4. Solution Update the WordPress Creati...

8.8CVSS2.8AI score0.00276EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/27 12:0 a.m.17 views

WordPress Bricks Builder premium theme <= 1.5.3 - Auth. Remote Code Execution vulnerability

Auth. Remote Code Execution vulnerability discovered by RG in WordPress Bricks Builder premium theme versions = 1.5.3. Solution Update the WordPress Bricks Builder theme to the latest available version at least 1.5.4...

8.8CVSS4.8AI score0.01556EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/10/27 12:0 a.m.17 views

WordPress Backup Guard plugin <= 1.6.9.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in the WordPress Backup Guard plugin versions = 1.6.9.0. Solution Update the WordPress Backup Guard plugin to the latest available version at least 1.6.9.1...

3.5AI score0.00392EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/25 12:0 a.m.17 views

WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities

Multiple Cross-Site Scripting CSRF vulnerabilities were discovered by Vlad Vector Patchstack in the WordPress SEO Redirection Plugin plugin versions = 8.9. Solution Update the WordPress SEO Redirection plugin to the latest available version at least 9.1...

8.8CVSS2.8AI score0.00276EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/24 12:0 a.m.17 views

WordPress Phone Orders for WooCommerce plugin <= 3.7.1 - Auth. Sensitive Data Exposure vulnerability

Auth. Sensitive Data Exposure vulnerability discovered by Lana Codes Patchstack Alliance in WordPress Phone Orders for WooCommerce plugin versions = 3.7.1. Solution Update the WordPress Phone Orders for WooCommerce plugin to the latest available version at least 3.7.2...

6.5CVSS3.9AI score0.00591EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/21 12:0 a.m.17 views

WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability

Auth. Reflected Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.5...

5.4CVSS3AI score0.00412EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/20 12:0 a.m.17 views

WordPress Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Codes Patchstack Alliance in the WordPress Integration for Szamlazz.hu & WooCommerce plugin versions = 5.6.3.2. Solution Update the WordPress Integration for Szamlazz.hu & WooCommerce plugin to the latest available...

8.8CVSS4.3AI score0.004EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000