Lucene search
K
PatchstackMost viewed

46578 matches found

Patchstack
Patchstack
•added 2022/02/28 12:0 a.m.•17 views

WordPress WP Table Builder – WordPress Table Plugin plugin < 1.3.16 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WP Table Builder – WordPress Table Plugin plugin versions 1.3.16. Solution Update the WordPress WP Table Builder – WordPress Table Plugin plugin to the latest available version at least 1.3.16...

2.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/02/28 12:0 a.m.•17 views

WordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin < 1.7.13 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin versions 1.7.13. Solution Update the WordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin to the latest available version at least 1.7.13...

2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/02/28 12:0 a.m.•17 views

WordPress Slider Plugin – Block Slider plugin <= 1.2.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Slider Plugin – Block Slider plugin versions = 1.2.9. Solution Update the WordPress Slider Plugin – Block Slider plugin to the latest available version at least 2.0.0...

3.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/02/28 12:0 a.m.•17 views

WordPress Go Fetch Jobs (for JobEngine) plugin <= 1.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Go Fetch Jobs for JobEngine plugin versions = 1.0. Solution No patched version available...

1.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/02/28 12:0 a.m.•17 views

WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.2.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Custom WooCommerce Checkout Fields Editor plugin versions = 1.2.5. Solution Update the WordPress Custom WooCommerce Checkout Fields Editor plugin to the latest available version at least 1.2.7...

3.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/02/28 12:0 a.m.•17 views

WordPress HuCommerce | Magyar WooCommerce kieg鳺?ek plugin <= 30.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress HuCommerce | Magyar WooCommerce kieg鳺?ek plugin versions = 30.2.0. Solution Update the WordPress HuCommerce | Magyar WooCommerce kieg鳺?ek plugin to the latest available version at least 30.3.0...

3.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/02/28 12:0 a.m.•17 views

WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Premmerce Wishlist for WooCommerce plugin versions = 1.1.7. Solution Update the WordPress Premmerce Wishlist for WooCommerce plugin to the latest available version at least 1.1.8...

4.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/02/28 12:0 a.m.•17 views

WordPress Feedpress Generator plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Feedpress Generator plugin versions = 1.0.1. Solution Update the WordPress Feedpress Generator plugin to the latest available version at least 1.2.0...

3.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/02/28 12:0 a.m.•17 views

WordPress TK Google Fonts GDPR Compliant plugin <= 2.2.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress TK Google Fonts GDPR Compliant plugin versions = 2.2.0. Solution Update the WordPress TK Google Fonts GDPR Compliant plugin to the latest available version at least 2.2.1...

2.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/02/22 12:0 a.m.•17 views

WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Ex.Mi Patchstack in WordPress WP Google Map plugin versions = 4.2.3. Solution Update the WordPress WP Google Map plugin to the latest available version at least 4.2.4...

8.8CVSS2.9AI score0.00545EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/02/17 12:0 a.m.•17 views

WordPress Simple Quotation plugin <= 1.3.2 - SQL injection (SQLi) vulnerability

SQL injection SQLi vulnerability discovered by Abhishek Bhoir in WordPress Simple Quotation plugin versions = 1.3.2. Solution Deactivate and delete. This plugin has been closed as of January 7, 2022 and is not available for download. This closure is temporary, pending a full review...

8.8CVSS3.4AI score0.01297EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/02/15 12:0 a.m.•17 views

WordPress Relevanssi – A Better Search plugin <= 4.14.5 - Unauthorized AJAX Calls vulnerability

Unauthorized AJAX Calls vulnerability discovered by Jan w Oleju in WordPress Relevanssi – A Better Search plugin versions = 4.14.5. Solution Update the WordPress Relevanssi – A Better Search plugin to the latest available version at least 4.14.6...

2.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2022/01/31 12:0 a.m.•17 views

WordPress Superforms premium plugin <= 6.0.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Koutrouss Naddara in WordPress Superforms premium plugin versions = 6.0.3. Solution Update the WordPress Superforms premium plugin to the latest available version at least 6.0.4...

2.2AI score0.00313EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/28 12:0 a.m.•17 views

WordPress ScrollMe theme <= 2.1.0 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress ScrollMe theme versions = 2.1.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

2.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2022/01/19 12:0 a.m.•17 views

WordPress AnyComment plugin <= 0.2.17 - Arbitrary HyperComments Import/Revert via CSRF vulnerability

Arbitrary HyperComments Import/Revert via CSRF vulnerability discovered by Brandon Roldan in WordPress AnyComment plugin versions = 0.2.17. Solution Update the WordPress AnyComment plugin to the latest available version at least 0.2.18...

8.8CVSS4AI score0.00635EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/18 12:0 a.m.•17 views

WordPress Translation Exchange plugin <= 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rutuja D Shirke in WordPress Translation Exchange plugin versions = 1.0.14. Solution Deactivate and delete. This plugin has been closed as of January 3, 2022 and is not available for download. This closure is temporary,...

5.4CVSS2.1AI score0.00591EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/18 12:0 a.m.•17 views

WordPress FeedWordPress plugin <= 2021.0713 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Hung Chien in WordPress FeedWordPress plugin versions = 2021.0713. Solution Update the WordPress FeedWordPress plugin to the latest available version at least 2022.0123...

6.1CVSS1.5AI score0.02342EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/10 12:0 a.m.•17 views

WordPress CLUEVO LMS, E-Learning Platform plugin <= 1.8.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Rutuja D Shirke in WordPress CLUEVO LMS, E-Learning Platform plugin versions = 1.8.0. Solution Update the WordPress CLUEVO LMS, E-Learning Platform plugin to the latest available version at least 1.8.1...

4.8CVSS2.2AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/10 12:0 a.m.•17 views

WordPress SEUR Oficial plugin <= 1.7.1 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by José Aguilera in WordPress SEUR Oficial plugin versions = 1.7.1. Solution Update the WordPress SEUR Oficial plugin to the latest available version at least 1.7.2...

4.9CVSS3.7AI score0.01156EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2022/01/02 12:0 a.m.•17 views

WordPress WP Photo Album Plus plugin <= 8.0.9 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress WP Photo Album Plus plugin versions = 8.0.9. Solution Update the WordPress WP Photo Album Plus plugin to the latest available version at least 8.0.10...

6.4CVSS1.8AI score0.00672EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
•added 2021/12/29 12:0 a.m.•17 views

WordPress Error Log Viewer plugin <= 1.1.1 - Arbitrary Text File Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Text File Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress Error Log Viewer plugin versions = 1.1.1. Solution Update the WordPress Error Log Viewer plugin to the latest available version at least 1.1.2...

6.5CVSS3.7AI score0.00599EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/12/29 12:0 a.m.•17 views

WordPress Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion

Unauthenticated Arbitrary Post Deletion discovered by Francesco Carlucci in WordPress Orange Form versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of December 29, 2021 and is not available for download. This closure is temporary, pending a full review...

4.3CVSS3.7AI score0.00426EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/12/28 12:0 a.m.•17 views

WordPress LabTools plugin <= 1.0 - Arbitrary Publication Deletion vulnerability

Arbitrary Publication Deletion vulnerability discovered by Muhammad Adel in WordPress LabTools plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of December 28, 2021 and is not available for download. This closure is temporary, pending a full review...

6.5CVSS3.5AI score0.00382EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/12/24 12:0 a.m.•17 views

WordPress WPparallax theme <= 2.0.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress WPparallax theme versions = 2.0.6. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...

8.8CVSS2.5AI score0.01652EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/12/24 12:0 a.m.•17 views

WordPress EightStore Lite theme <= 1.2.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress EightStore Lite theme versions = 1.2.5. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor...

8.8CVSS2AI score0.01652EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/12/24 12:0 a.m.•17 views

WordPress Eight Sec theme <= 1.1.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Eight Sec theme versions = 1.1.4. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores t...

8.8CVSS2.1AI score0.01652EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/12/20 12:0 a.m.•17 views

WordPress SEUR Oficial plugin <= 1.6.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress SEUR Oficial plugin versions = 1.6.0. Solution Update the WordPress SEUR Oficial plugin to the latest available version at least 1.7.0...

4.8CVSS2.4AI score0.00605EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/12/20 12:0 a.m.•17 views

WordPress Qubely – Advanced Gutenberg Blocks plugin <= 1.7.7 - Authenticated Post Deletion vulnerability

Authenticated Post Deletion vulnerability discovered by Krzysztof Zając in WordPress Qubely – Advanced Gutenberg Blocks plugin versions = 1.7.7. Solution Update the WordPress Qubely – Advanced Gutenberg Blocks plugin to the latest available version at least 1.7.8...

6.5CVSS2.6AI score0.00429EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/12/16 12:0 a.m.•17 views

WordPress Landing Page Builder plugin <= 1.4.9.5 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Landing Page Builder plugin versions = 1.4.9.5. Solution Update the WordPress Landing Page Builder plugin to the latest available version at least 1.4.9.6...

5.4CVSS2.3AI score0.01271EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/12/14 12:0 a.m.•17 views

WordPress myghpay WooCommerce Payment Gateway plugin <= 3.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress myghpay WooCommerce Payment Gateway plugin versions = 3.0. Solution Deactivate and delete. This plugin has been closed as of December 13, 2021 and is not available for download. This closure is temporary, pending a...

6.1CVSS2.4AI score0.00757EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2021/12/06 12:0 a.m.•17 views

WordPress Site Reviews plugin <= 5.17.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof ZajÄ…c in WordPress Site Reviews plugin versions = 5.17.2. Solution Update the WordPress Site Reviews plugin to the latest available version at least 5.17.3...

6.1CVSS2.4AI score0.01314EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/11/28 12:0 a.m.•17 views

WordPress FotoGraphy theme <= 2.4.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress FotoGraphy theme versions = 2.4.0. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor ignores...

8.8CVSS2.6AI score0.01652EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
•added 2021/11/23 12:0 a.m.•17 views

WordPress Tickera plugin <= 3.4.8.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ajit Bhatta in WordPress Tickera plugin versions = 3.4.8.2. Solution Update the WordPress Tickera plugin to the latest available version at least 3.4.8.3...

6.1CVSS2.6AI score0.01167EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/11/22 12:0 a.m.•17 views

WordPress WCFM Marketplace plugin <= 3.4.11 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by JrXnm in WordPress WCFM Marketplace plugin versions = 3.4.11. Solution Update the WordPress WCFM Marketplace plugin to the latest available version at least 3.4.12...

9.8CVSS3AI score0.0848EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/11/18 12:0 a.m.•17 views

WordPress Child Theme Generator plugin <= 2.2.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Child Theme Generator plugin versions = 2.2.7. Solution Deactivate and delete. This plugin has been closed as of November 18, 2021 and is not available for download. Reason: Security Issue...

6.4CVSS2.7AI score0.00636EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/11/11 12:0 a.m.•17 views

WordPress Starter Templates plugin <= 2.7.0 - Authenticated Block Import leading to Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Block Import leading to Stored Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall in WordPress Starter Templates plugin versions = 2.7.0. Solution Update the WordPress Starter Templates plugin to the latest available version at least 2.7.1...

7.6CVSS1.8AI score0.00585EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/11/08 12:0 a.m.•17 views

WordPress Bookly plugin <= 20.3 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Mesut Cetin in WordPress Bookly plugin versions = 20.3. Solution Update the WordPress Bookly plugin to the latest available version at least 20.3.1...

5.4CVSS1.9AI score0.00604EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/11/01 12:0 a.m.•17 views

WordPress Email Tracker plugin <= 5.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion

Cross-Site Request Forgery CSRF vulnerabilities leading to single or bulk e-mail entries deletion discovered by Ex.Mi Patchstack in WordPress Email Tracker plugin versions = 5.2.6. Solution Update the WordPress Email Tracker plugin to the latest available version at least 5.2.7...

5.4CVSS3.5AI score0.00393EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/10/28 12:0 a.m.•17 views

WordPress NextScripts: Social Networks Auto-Poster plugin <= 4.3.20 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall WordFence in WordPress NextScripts: Social Networks Auto-Poster plugin versions = 4.3.20. Solution Update the WordPress NextScripts: Social Networks Auto-Poster plugin to the latest available version at least 4.3.21...

2.5AI score0.00845EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
•added 2021/10/25 12:0 a.m.•17 views

WordPress Popup Anything plugin <= 2.0.3 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Vishnupriya Ilango in WordPress Popup Anything plugin versions = 2.0.3. Solution Update the WordPress Popup Anything plugin to the latest available version at least 2.0.4...

5.4CVSS1.8AI score0.00778EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2021/10/18 12:0 a.m.•17 views

WordPress Leaky Paywall plugin <= 4.16.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Leaky Paywall plugin versions = 4.16.5. Solution Update the WordPress Leaky Paywall plugin to the latest available version at least 4.16.6...

5.5CVSS2.1AI score0.00886EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2021/10/18 12:0 a.m.•17 views

WordPress Simple JWT Login plugin <= 3.2.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Settings Update / Site Takeover

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Settings Update / Site Takeover discovered by apple502j in WordPress Simple JWT Login plugin versions = 3.2.0. Solution Update the WordPress Simple JWT Login plugin to the latest available version at least 3.2.1...

8.8CVSS3.4AI score0.00612EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/10/15 12:0 a.m.•17 views

WordPress YOP Poll plugin <= 6.3.0 - Stored Cross-Site Scripting (XSS) vulnerability via Preview Module

Stored Cross-Site Scripting XSS vulnerability via Preview Module discovered by Vishnupriya Ilango in WordPress YOP Poll plugin versions = 6.3.0. Solution Update the WordPress YOP Poll plugin to the latest available version at least 6.3.1...

2.6AI score0.01092EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2021/10/14 12:0 a.m.•17 views

WordPress Business Manager plugin <= 1.4.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Business Manager plugin versions = 1.4.5. Solution Update the WordPress Business Manager plugin to the latest available version at least 1.4.6...

5.5CVSS1.7AI score0.00508EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2021/10/13 12:0 a.m.•17 views

WordPress Testimonial plugin <= 1.5.9 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Testimonial plugin versions = 1.5.9. Solution Update the WordPress Testimonial plugin to the latest available version at least 1.6.0...

4.8CVSS2.8AI score0.00654EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/10/11 12:0 a.m.•17 views

WordPress Header Footer Code Manager plugin <= 1.1.13 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress Header Footer Code Manager plugin versions = 1.1.13. Solution Update the WordPress Header Footer Code Manager plugin to the latest available version at least 1.1.14...

7.2CVSS2.5AI score0.05124EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/10/07 12:0 a.m.•17 views

WordPress Support Board plugin <= 3.3.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by John Jefferson Li in WordPress Support Board plugin versions = 3.3.4. Solution Update the WordPress Support Board plugin to the latest available version at least 3.3.5...

5.4CVSS1.4AI score0.01395EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/10/07 12:0 a.m.•17 views

WordPress Comment Engine Pro plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by John Castro Pagely in WordPress Comment Engine Pro plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of October 7, 2021 and is not available for download. Reason: Security Issue...

5.4CVSS2.2AI score0.00552EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2021/10/05 12:0 a.m.•17 views

WordPress Perfect Survey plugin <= 1.5.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Perfect Survey plugin versions = 1.5.0. Solution Vulnerability fixed in 1.5.2 version, but plugin closed due to other security issues. This plugin has been closed as of October 5, 2021 and is not available for...

6.1CVSS2.9AI score0.008EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
•added 2021/10/05 12:0 a.m.•17 views

WordPress Simple Download Monitor plugin <= 3.9.5.1 - Unauthenticated Log Access vulnerability

Unauthenticated Log Access vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.5.1. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.6...

7.5CVSS3.9AI score0.01625EPSS
Exploits2References3Affected Software1
Total number of security vulnerabilities5000