Lucene search
K
PatchstackMost viewed

46578 matches found

Patchstack
Patchstack
added 2021/10/05 12:0 a.m.17 views

WordPress Simple Download Monitor plugin <= 3.9.5.1 - Unauthenticated Log Access vulnerability

Unauthenticated Log Access vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.5.1. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.6...

7.5CVSS3.9AI score0.01625EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/27 12:0 a.m.17 views

WordPress Visual Form Builder plugin <= 3.0.3 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez in WordPress Visual Form Builder plugin versions = 3.0.3. Solution Update the WordPress Visual Form Builder plugin to the latest available version at least 3.0.4...

2AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/21 12:0 a.m.17 views

WordPress Telefication vulnerability <= 1.8.0 - Open Relay and Server-Side Request Forgery vulnerability

Open Relay and Server-Side Request Forgery vulnerability discovered by Marco Wotschka & Charles Strader Sweethill in WordPress Telefication vulnerability versions = 1.8.0. Solution This plugin has been closed as of September 20, 2021 and is not available for download. This closure is temporary,...

5.8CVSS2AI score0.01333EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.17 views

WordPress One User Avatar plugin <= 2.3.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress One User Avatar plugin versions = 2.3.6. Solution Update the WordPress One User Avatar plugin to the latest available version at least 2.3.7...

5.4CVSS1.9AI score0.00629EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/15 12:0 a.m.17 views

WordPress Find My Blocks plugin <= 3.3.2 - Private Post Titles Disclosure vulnerability

Private Post Titles Disclosure vulnerability discovered by apple502j in WordPress Find My Blocks plugin versions = 3.3.2. Solution Update the WordPress Find My Blocks plugin to the latest available version at least 3.4.0...

5.3CVSS2.4AI score0.01212EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/14 12:0 a.m.17 views

WordPress Software License Manager plugin <= 4.5.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jetpack Scan Team in WordPress Software License Manager plugin versions = 4.5.0. Solution Update the WordPress Software License Manager plugin to the latest available version at least 4.5.1...

8.8CVSS3.3AI score0.00667EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/08 12:0 a.m.17 views

WordPress WP Academic People List plugin <= 0.4.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress WP Academic People List plugin versions = 0.4.1. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.9AI score0.00908EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/09/07 12:0 a.m.17 views

WordPress Chained Quiz plugin <= 1.2.7.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress Chained Quiz plugin versions = 1.2.7.1. Solution Update the WordPress Chained Quiz plugin to the latest available version at least 1.2.7.1...

5.4CVSS1.9AI score0.00604EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/06 12:0 a.m.17 views

WordPress Appointment Hour Booking plugin <= 1.3.15 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Appointment Hour Booking plugin versions = 1.3.15. Solution Update the WordPress Appointment Hour Booking plugin to the latest available version at least 1.3.16...

4.8CVSS1.4AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/06 12:0 a.m.17 views

WordPress CM Tooltip Glossary plugin <= 3.9.20 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress CM Tooltip Glossary plugin versions = 3.9.20. Solution Update the WordPress CM Tooltip Glossary plugin to the latest available version at least 3.9.21...

5.4CVSS1.9AI score0.00604EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/02 12:0 a.m.17 views

WordPress Meow Gallery plugin <= 4.1.8 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by apple502j in WordPress Meow Gallery plugin versions = 4.1.8. Solution Update the WordPress Meow Gallery plugin to the latest available version at least 4.1.9...

8.1CVSS3.5AI score0.01131EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/24 12:0 a.m.17 views

WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 2.8.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Recipe Card Blocks for Gutenberg & Elementor plugin versions = 2.8.2. Solution Update the WordPress Recipe Card Blocks for Gutenberg & Elementor plugin to the latest available version at least 2.8.3...

5.4CVSS2.3AI score0.00604EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/16 12:0 a.m.17 views

WordPress Opal Estate plugin <= 1.6.11 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Opal Estate plugin versions = 1.6.11. Solution This plugin has been closed as of June 15, 2021 and is not available for download. Reason: Security Issue...

3.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/08/10 12:0 a.m.17 views

WordPress AddToAny Share Buttons plugin <= 1.7.47 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by TYM in WordPress AddToAny Share Buttons plugin versions = 1.7.47. Solution Update the WordPress AddToAny Share Buttons plugin to the latest available version at least 1.7.48...

4.8CVSS1.9AI score0.00654EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/10 12:0 a.m.17 views

WordPress Daily Prayer Time plugin <= 2021.08.07 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Daily Prayer Time plugin versions = 2021.08.07. Solution Update the WordPress Daily Prayer Time plugin to the latest available version at least 2021.08.10...

5.4CVSS2.1AI score0.006EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/09 12:0 a.m.17 views

WordPress SpeakOut! Email Petitions plugin <= 2.13.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress SpeakOut! Email Petitions plugin versions = 2.13.1.1. Solution Update the WordPress SpeakOut! Email Petitions plugin to the latest available version at least 2.13.3...

2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/07/26 12:0 a.m.17 views

WordPress Poll Maker plugin <= 3.2.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Xu-Liang Liao in WordPress Poll Maker plugin versions = 3.2.8. Solution Update the WordPress Poll Maker plugin to the latest available version at least 3.2.9...

6.1CVSS2.7AI score0.00938EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2021/07/23 12:0 a.m.17 views

WordPress Broken Link Manager plugin <= 0.6.5 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Broken Link Manager plugin versions = 0.6.5. Solution This plugin has been closed as of June 1, 2021 and is not available for download. Reason: Security Issue...

7.2CVSS3.6AI score0.01578EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/07/23 12:0 a.m.17 views

WordPress Cashtomer plugin <= 1.0.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali Codevigilant in WordPress Cashtomer plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...

8.8CVSS2.4AI score0.01568EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/07/21 12:0 a.m.17 views

WordPress Charitable plugin <= 1.6.50 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa in WordPress Charitable plugin versions = 1.6.50. Solution Update the WordPress Charitable plugin to the latest available version at least 1.6.51...

5.4CVSS2.5AI score0.00576EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/07/18 12:0 a.m.17 views

WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack Red Team in WordPress iQ Block Country plugin versions = 1.2.11. Vulnerable parameter: &blockcountryblockmessage. Solution Update the WordPress iQ Block Country plugin to the latest available versi...

5.5CVSS2.3AI score0.01193EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/07/06 12:0 a.m.17 views

WordPress Marmoset Viewer plugin <= 1.9.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by John Jackson in WordPress Marmoset Viewer plugin versions = 1.9.2. Solution Update the WordPress Marmoset Viewer plugin to the latest available version at least 1.9.3...

6.1CVSS2.5AI score0.02897EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/29 12:0 a.m.17 views

WordPress RSVPMaker plugin <= 8.7.2 - Authenticated Server-Side Request Forgery (SSRF) vulnerability

Authenticated Server-Side Request Forgery SSRF vulnerability discovered by Shreya Pohekar in WordPress RSVPMaker plugin versions = 8.7.2. Solution Update the WordPress RSVPMaker plugin to the latest available version at least 8.7.3...

4CVSS3.6AI score0.01012EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/28 12:0 a.m.17 views

WordPress Any Hostname plugin <= 1.0.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ABISHEIK M in WordPress Any Hostname plugin versions = 1.0.6. Solution Deactivate and delete. This plugin has been closed as of May 28, 2021 and is not available for download. Reason: Security Issue...

1.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/06/28 12:0 a.m.17 views

WordPress ProfilePress plugin 3.0 – 3.1.3 - Arbitrary File Upload in File Uploader Component vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Chloe Chamberland WordFence in WordPress ProfilePress plugin versions 3.0 – 3.1.3. 06.29.2021 - WordFence updated the vulnerable version to 3.0 - 3.1.3. Solution Update the WordPress ProfilePress plugin to the latest version at leas...

9.8CVSS1.8AI score0.06744EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/21 12:0 a.m.17 views

WordPress Sign-up Sheets plugin <= 1.0.13 - Authenticated CSV Injection vulnerability

Authenticated CSV Injection vulnerability discovered by Ajay Sandipan Thorbole in WordPress Sign-up Sheets plugin versions = 1.0.13. Solution Update the WordPress Sign-up Sheets plugin to the latest available version at least 1.0.14...

8CVSS3AI score0.01308EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/06/16 12:0 a.m.17 views

WordPress Contact Form Plugin by Fluent Forms <= 3.6.65 - Cross-Site Request Forgery (CSRF) vulnerability leading to stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to stored Cross-Site Scripting XSS discovered by Ramuel Gall WordFence in WordPress Contact Form Plugin by Fluent Forms versions = 3.6.65. Solution Update the WordPress Contact Form Plugin by Fluent Forms to the latest available version at lea...

8.8CVSS2.1AI score0.02633EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/06/16 12:0 a.m.17 views

WordPress Filebird plugin 4.7.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Ravi Chandra in WordPress Filebird plugin version 4.7.3. Solution Update the WordPress Filebird plugin to the latest available version at least 4.7.4...

9.8CVSS2.6AI score0.02793EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/05/27 12:0 a.m.17 views

WordPress Xllentech English Islamic Calendar plugin <= 2.6.7 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress Xllentech English Islamic Calendar plugin versions = 2.6.7. Solution Update the WordPress Xllentech English Islamic Calendar plugin to the latest available version at least 2.6.8...

8.8CVSS2.9AI score0.01586EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/04/29 12:0 a.m.17 views

WordPress AcyMailing SMTP Newsletter plugin <= 7.4.1 - Unauthenticated Open Redirect vulnerability

Unauthenticated Open Redirect vulnerability discovered by Viktor Markopoulos WordPress AcyMailing SMTP Newsletter plugin versions = 7.4.1. Solution Update the WordPress AcyMailing SMTP Newsletter plugin to the latest available version at least 7.5.0...

6.1CVSS2.6AI score0.01939EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/04/27 12:0 a.m.17 views

WordPress Pods plugin <= 2.7.26 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WhiteSource in WordPress Pods plugin versions = 2.7.26. Solution Update the WordPress Pods plugin to the latest available version at least 2.7.27...

5.4CVSS1.8AI score0.0076EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/03/26 12:0 a.m.17 views

WordPress Patreon WordPress plugin <= 1.7.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Jetpack Scan team in WordPress Patreon WordPress plugin versions = 1.7.1. Solution Update the WordPress Patreon WordPress plugin to the latest available version at least 1.7.2...

9.6CVSS1.9AI score0.01758EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/01/19 12:0 a.m.17 views

WordPress 123ContactForm plugin <= 1.5.6 - Validation Bypass via Plugin Verification vulnerability

Validation Bypass via Plugin Verification vulnerability found by Sucuri in WordPress 123ContactForm plugin versions = 1.5.6. Solution 2021-01-20 - we were unable to find a patched version of this plugin. Notification from WordPress plugin repository: "This plugin has been closed as of October 27,...

3.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/12/29 12:0 a.m.17 views

WordPress Site Offline plugin <= 1.4.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities found in WordPress Site Offline plugin versions = 1.4.2. Solution Update the WordPress Site Offline plugin to the latest available version at least 1.4.4...

8.8CVSS3.6AI score0.0097EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2020/11/20 12:0 a.m.17 views

WordPress weForms plugin <= 1.4.7 - CSV Injection vulnerability

CSV Injection vulnerability found by Mohamad Pishdar in WordPress weForms plugin versions = 1.4.7. Solution 2020-11-20 - we were unable to find information about the fix for this vulnerability...

9.8CVSS2.9AI score0.02983EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2020/10/29 12:0 a.m.17 views

WordPress <= 5.5.1 - XML-RPC Privilege Escalation vulnerability

XML-RPC Privilege Escalation vulnerability found by Justin Tran in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...

3.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/10/21 12:0 a.m.17 views

WordPress Simple Download Monitor plugin <= 3.8.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found by Gen Sato Mitsui Bussan Secure Directions in WordPress Simple Download Monitor plugin versions = 3.8.8 . Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.8.9...

6.1CVSS2.7AI score0.00931EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/07/21 12:0 a.m.17 views

WordPress TC Custom JavaScript plugin <= 1.2.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress TC Custom JavaScript plugin versions = 1.2.1. Solution Update the WordPress TC Custom JavaScript plugin to the latest available version at least 1.2.2...

6.1CVSS1.8AI score0.01367EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2020/07/17 12:0 a.m.17 views

WordPress Email Subscribers & Newsletters <= 4.5.0.1 - Authenticated SQL injection (SQLi) vulnerability

Authenticated SQL injection SQLi vulnerability found by Tenable in WordPress Email Subscribers & Newsletters versions = 4.5.0.1. Solution Update the WordPress Email Subscribers & Newsletters to the latest available version at least 4.5.1...

4.9CVSS2.8AI score0.01966EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/07/16 12:0 a.m.17 views

WordPress All In One SEO Pack plugin <= 3.6.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress All In One SEO Pack plugin versions = 3.6.1. Solution Update the WordPress All In One SEO Pack plugin to the latest available version at least 3.6.2...

5.4CVSS2AI score0.00837EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/06/17 12:0 a.m.17 views

WordPress Testimonial Rotator plugin <= 3.0.2 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Vu Dong in WordPress Testimonial Rotator plugin versions = 3.0.2. Solution Update the WordPress Testimonial Rotator plugin to the latest available version at least 3.0.3...

5.4CVSS2.1AI score0.00708EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/05/28 12:0 a.m.17 views

WordPress PageLayer – Drag and Drop website builder plugin <= 1.1.1 - Unprotected AJAX and Nonce Disclosure to Stored Cross-Site Scripting (XSS)

Unprotected AJAX and Nonce Disclosure to Stored Cross-Site Scripting XSS discovered by WordFence in WordPress PageLayer – Drag and Drop website builder plugin versions = 1.1.1. Solution Update the WordPress PageLayer – Drag and Drop website builder plugin to the latest available version at least...

7.4CVSS1.4AI score0.01089EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/05/22 12:0 a.m.17 views

WordPress ThirstyAffiliates plugin <= 3.9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by minhtuanact in WordPress ThirstyAffiliates plugin versions = 3.9.2. Solution Update the WordPress ThirstyAffiliates plugin to the latest available version at least 3.9.3...

5.4CVSS2.5AI score0.00653EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2020/05/04 12:0 a.m.17 views

WordPress Advanced Order Export For WooCommerce plugin <= 3.1.3 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered by Jack Misiura in WordPress Advanced Order Export For WooCommerce plugin versions = 3.1.3. Solution Update the WordPress Advanced Order Export For WooCommerce plugin to the latest available version at least 3.1.4...

6.1CVSS2.6AI score0.01955EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
added 2020/03/26 12:0 a.m.17 views

WordPress IMPress for IDX Broker plugin <= 2.6.1 - Authenticated Post Creation, Modification, and Deletion vulnerability

Authenticated Post Creation, Modification, and Deletion vulnerability discovered by WordFence in WordPress IMPress for IDX Broker plugin versions = 2.6.1. Solution Update the WordPress IMPress for IDX Broker plugin to the latest available version at least 2.6.2...

6.5CVSS3.2AI score0.00961EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2020/02/17 12:0 a.m.17 views

WordPress wpCentral plugin <= 1.5.0 - Improper Access Control vulnerability leading to Privilege Escalation

Improper Access Control vulnerability leading to Privilege Escalation discovered by WordFence in WordPress wpCentral plugin versions = 1.5.0. Solution Update the WordPress wpCentral plugin to the latest available version at least 1.5.1...

9CVSS4AI score0.08173EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/01/30 12:0 a.m.17 views

WordPress RegistrationMagic plugin <= 4.6.0.1 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found by Spider Sec Ltd. in WordPress RegistrationMagic plugin versions = 4.6.0.1. Solution Update the WordPress Registration Magic plugin to the latest available version at least 4.6.0.3...

8.1CVSS2.4AI score0.01919EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2020/01/29 12:0 a.m.17 views

WordPress Merge + Minify + Refresh plugin <= 1.10.6 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by NinTechNet in WordPress Merge + Minify + Refresh plugin versions = 1.10.6. Solution Update the WordPress Merge + Minify + Refresh plugin to the latest available version at least 1.10.7...

3.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/01/22 12:0 a.m.17 views

WordPress Ultimate Addons for Beaver Builder <= 1.24.3 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered in WordPress Ultimate Addons for Beaver Builder versions = 1.24.3. Solution Update the WordPress Ultimate Addons for Beaver Builder to the latest available version at least 1.25.0...

1.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2019/11/21 12:0 a.m.17 views

WordPress Jetpack plugin <=7.9 - Shortcode embedding system vulnerability

Shortcode embedding system vulnerability found by Adham Sadaqah in WordPress Jetpack plugin versions =7.9. Solution Update the WordPress Jetpack plugin to the latest available version at least 7.9.1...

2.8AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities5000