Lucene search
K
PatchstackMost viewed

46578 matches found

Patchstack
Patchstack
•added 2019/11/15 12:0 a.m.•17 views

WordPress Social Photo Gallery plugin <= 1.0 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability found by Prestigia Seguridad in WordPress Social Photo Gallery plugin versions = 1.0. Solution 19.11.2019 - we were unable to find a patched version of this plugin...

7.8CVSS5.7AI score0.0176EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2019/11/14 12:0 a.m.•17 views

WordPress Blog2Social plugin <=5.8.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Blog2Social plugin versions =5.8.1. Solution Update the WordPress Blog2Social plugin to the latest available version at least 5.9.0...

6.1CVSS1.9AI score0.01336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/08/29 12:0 a.m.•17 views

WordPress Additional Variation Images for WooCommerce plugin <= 1.1.28 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found in WordPress Additional Variation Images for WooCommerce plugin versions = 1.1.28. Solution Update the WordPress Additional Variation Images for WooCommerce plugin to the latest available version at least 1.1.29...

5.4CVSS2.8AI score0.01038EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/08/29 12:0 a.m.•17 views

WordPress WP Social Feed Gallery plugin <= 2.4.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found in WordPress WP Social Feed Gallery plugin versions = 2.4.7. Solution Update the WordPress WP Social Feed Gallery plugin to the latest available version at least 2.4.8...

8.8CVSS3.6AI score0.00691EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/07/10 12:0 a.m.•17 views

WordPress Personalized WooCommerce Cart Page plugin <= 2.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Cryptography Laboratory in WordPress Personalized WooCommerce Cart Page plugin versions = 2.4. Solution Update the WordPress Personalized WooCommerce Cart Page plugin to the latest available version at least 2.5...

8.8CVSS3.1AI score0.01047EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/07/10 12:0 a.m.•17 views

WordPress Attendance Manager plugin <= 0.5.6 - Cross-Site Request Forgery CSRF and Cross-Site Scripting (XSS) vulnerabilities

Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS vulnerabilities found in WordPress Attendance Manager plugin versions = 0.5.6. Solution Update the WordPress Attendance Manager plugin to the latest available version at least 0.5.7...

2.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2019/07/02 12:0 a.m.•17 views

WordPress Widget Logic plugin <= 5.9.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability that leads to Remote Code Execution RCE found by Paul Dannewitz in WordPress Widget Logic plugin versions = 5.9.0. Solution Update the WordPress Widget Logic plugin to the latest available version at least 5.10.2...

8.8CVSS4.4AI score0.0111EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2019/01/08 12:0 a.m.•17 views

WordPress Two Factor Authentication plugin <= 1.3.12 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Martijn Korse in WordPress Two Factor Authentication plugin versions = 1.3.12. Solution Update the WordPress Two Factor Authentication plugin to the latest available version at least 1.3.13...

8.8CVSS4.1AI score0.01438EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2018/12/13 12:0 a.m.•17 views

WordPress Import users from CSV with meta plugin <= 1.12 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by Slawek Zytko in WordPress Import users from CSV with meta plugin versions = 1.12. Solution Update the WordPress Import users from CSV with meta plugin to the latest available version at least 1.12.1...

6.1CVSS2.2AI score0.00782EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2018/11/08 12:0 a.m.•17 views

WordPress RSVPMaker plugin <= 5.6.3 - SQL Injection (SQLi) vulnerabilities

SQL Injection SQLi vulnerabilities found in WordPress RSVPMaker plugin versions = 5.6.3. Solution Update the WordPress RSVPMaker plugin to the latest available version at least 5.6.4...

9.8CVSS3.3AI score0.02244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2018/09/09 12:0 a.m.•17 views

WordPress UserPro premium plugin <= 4.9.23 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Yonatan Correa in WordPress UserPro premium plugin versions = 4.9.23. Solution Update the WordPress UserPro premium plugin to the latest available version at least 4.9.24...

6.1CVSS2AI score0.01345EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2018/06/20 12:0 a.m.•17 views

WordPress wpForo Forum plugin <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Ryan Dewhurst Security in WordPress wpForo Forum plugin versions = 1.4.11. Solution Update the WordPress wpForo Forum plugin to the latest available version at least 1.4.12...

6.1CVSS2AI score0.0363EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2018/06/03 12:0 a.m.•17 views

WordPress WooCommerce Category Banner Management plugin <= 1.1.0 - Unauthenticated Settings Change Vulnerability

Unauthenticated Settings Change Vulnerability found by ThreatPress Research Team in WordPress WooCommerce Category Banner Management plugin versions = 1.1.0. Solution Update the WordPress WooCommerce Category Banner Management plugin to the latest available version at least 1.1.1...

5.3CVSS3AI score0.00945EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
•added 2018/06/03 12:0 a.m.•17 views

WordPress Advance Search for WooCommerce plugin <= 1.0.9 - Stored Cross-site scripting (XSS) vulnerability

Stored Cross-site scripting XSS vulnerability found by ThreatPress Research Team in WordPress Advance Search for WooCommerce plugin versions = 1.0.9. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

6.1CVSS1.2AI score0.00802EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
•added 2018/03/15 12:0 a.m.•17 views

WordPress WP Support Plus Responsive Ticket System plugin <=9.0.2 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities

Multiple Authenticated SQL Injection SQLi vulnerabilities found by 00theway in WordPress WP Support Plus Responsive Ticket System plugin versions =9.0.2. Solution Update the WordPress WP Support Plus Responsive Ticket System plugin to the latest available version at least 9.0.3...

9.8CVSS3.3AI score0.02125EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2017/12/20 12:0 a.m.•17 views

WordPress AccessPress Anonymous Post Pro plugin <=3.1.8 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability found by Colette Chamberland in WordPress AccessPress Anonymous Post Pro plugin versions =3.1.8. Improper sanitization leads make it possible to upload any file with any extension. Solution Update the WordPress AccessPress Anonymous Post Pro...

9.8CVSS3.8AI score0.19151EPSS
Exploits6References1Affected Software1
Patchstack
Patchstack
•added 2017/12/02 12:0 a.m.•17 views

WordPress amtyThumb posts plugin 8.1.3 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found in WordPress amtyThumb posts plugin version 8.1.3. Solution 02.12.2017 - no information about the patched version. The last version released one year ago. Looks like abandoned plugin, use with caution, or uninstall...

6.1CVSS2AI score0.03419EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2017/11/07 12:0 a.m.•17 views

WordPress WP Simple Booking Calendar Premium <= 5.8–5.16 - Unauthenticated Data leak

When the tooltip function is disabled, the booking notes are still posted to the source code. Solution Update the plugin to 5.17...

1.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2017/09/25 12:0 a.m.•17 views

WordPress VaultPress plugin <=1.9 - Unauthenticated RCE vulnerability

Unauthenticated Remote Code Execution RCE vulnerability found by Slavco in WordPress VaultPress plugin version 1.89-1.9. Solution Update the VaultPress plugin to the latest available version at least 1.9.1...

4.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2017/08/26 12:0 a.m.•17 views

WordPress Bad Behavior Plugin <= 2.2.18 - Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerabilities

Cross-Site Request Forgery CSRF/Cross-Site Scripting XSS vulnerabilities were found in WordPress Bad Behavior Plugin in 2.2.18 version. In the file /bad-behavior-wordpress-admin.php, settings are saved without any sanitization. When they are outputted on front-end, there's no escaping done...

2.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2017/08/05 12:0 a.m.•17 views

WordPress PressForward plugin <= 5.2.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by DefenseCode in WordPress PressForward plugin versions = 5.2.3. Solution Update the WordPress PressForward plugin to the latest available version at least 5.2.4...

6.1CVSS2.4AI score0.00757EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2017/07/21 12:0 a.m.•17 views

WordPress IBPS Online Exam plugin <=1.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found in WordPress IBPS Online Exam plugin =1.0 versions. Blind SQL Injection possible when logged in as a student. Solution 2017.07.29 - We were unable to find information about patched release of WordPress IBPS Online Exam plugin. Also, we were...

1.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2017/06/11 12:0 a.m.•17 views

WordPress Plugin WP Jobs <=1.4 - SQL Injection

WordPress Plugin WP Job version 1.4 and earlier releases vulnerable to SQL injection. This vulnerability allows authenticated users to execute arbitrary SQL commands via the "jobid" parameter to wp-admin/edit.php. Issue fixed in WP Jobs plugin version 1.5, please update as soon as possible...

8.8CVSS4.3AI score0.04929EPSS
Exploits4References3Affected Software1
Patchstack
Patchstack
•added 2016/11/17 12:0 a.m.•17 views

WordPress Post Indexer Plugin <= 3.0.6.1 - PHP Object Injection

Because of this vulnerability, the blog makes an automated encrypted HTTP request to premium.wpmudev.org and then the returned value passes to unserialize. It is possible to premium.wpmudev.org or any one to return a string which contains a bad encoded object that executes arbitrary code. Solutio...

2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2016/10/05 12:0 a.m.•17 views

WordPress WP Editor plugin <= 1.2.6.2 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress WP Editor plugin versions = 1.2.6.2. Solution Update the WordPress WP Editor plugin to the latest available version at least 1.2.6.3...

6.1CVSS1.6AI score0.0093EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
•added 2016/07/20 12:0 a.m.•17 views

WordPress Photoxhibit Plugin <= 2.1.8 - Reflected XSS

This plugin is prone to a cross site scripting vulnerability. Solution Update the plugin...

6.1CVSS2.2AI score0.02177EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2016/06/14 12:0 a.m.•17 views

WordPress SEO by Yoast Plugin <= 3.2.5 - Cross Site Scripting

This plugin is prone to an unspecified cross site scripting vulnerability. Solution Update the plugin...

2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2016/04/12 12:0 a.m.•17 views

WordPress Anti Plagiarism Plugin <= 3.60 - Cross-Site Scripting (XSS)

This plugin is prone to a cross site scripting vulnerability, because the variable "m" appears to send unsanitized data back to the users browser. Solution Update the plugin...

6.1CVSS3.8AI score0.04195EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2016/03/10 12:0 a.m.•17 views

WordPress WP Advanced Comment Plugin 0.10 - Persistent XSS

Because of this persistent XSS vulnerability, an attacker can change the value of "name="commentmetavalue" " parameter. Solution Upgrade the plugin...

4.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2016/02/18 12:0 a.m.•17 views

WordPress Bloom Plugin <= 1.1.0 - Privilege Escalation

This plugin is prone to a privilege escalation vulnerability. Solution Update the plugin...

3.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2016/02/08 12:0 a.m.•17 views

WordPress WP User Frontend Plugin 2.3.10 - Unrestricted File Upload

Because of this vulnerability, anyone can upload files to the web server by performing certain "wpuffileupload" or "wpufinsertimage" actions. Solution Upgrade the plugin...

1.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2016/02/04 12:0 a.m.•17 views

WordPress User Meta Manager Plugin 3.4.6 - Blind SQL Injection

Because of this vulnerability, arbitrary MySQL commands can be passed to "ummuser" GET parameter by a registered user. Solution Update the plugin...

3.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/09/29 12:0 a.m.•17 views

WordPress Cool Video Gallery Plugin <= 1.9 - Command Injection

This vulnerability in lib/core.php allows an attacker to execute arbitrary code via shell metacharacters in the "Width of preview image". Solution Update the plugin...

7.5CVSS7.3AI score0.05232EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2015/08/25 12:0 a.m.•17 views

WordPress Simple Fields Plugin <= 1.4.10 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/07/16 12:0 a.m.•17 views

WordPress Quiz And Survey Master Plugin <= 4.4.2 - Blind SQL Injection

Because of this vulnerability, authenticated users can execute arbitrary SQL commands. Solution Update the plugin...

5.2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/07/10 12:0 a.m.•17 views

WordPress GD bbPress Attachments Plugin <= 2.2 - XSS

This vulnerability is in forms/panels.php. It allows an attacker to inject arbitrary web script or HTML via the "tab" parameter that is in the gdbbpressattachments page to wp-admin/edit.php. Solution Update the plugin...

4.3CVSS2AI score0.02055EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/07/10 12:0 a.m.•17 views

WordPress Swim Team Plugin <= 1.44.10777 - Absolute Path Traversal

This vulnerability is in include/user/download.php. It allows an attacker to read arbitrary files via a full pathname in the "file" parameter. Solution Update the plugin...

5.3CVSS5.6AI score0.32714EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2015/07/05 12:0 a.m.•17 views

WordPress S3Bubble Cloud Video With Adverts & Analytics 0.7 - Arbitrary File Download

S3Bubble Cloud Video With Adverts & Analytics plugin is prone to an arbitrary file download vulnerability. It allows an attacker to download arbitrary files from the web server and get potentially sensitive information. Solution Update the plugin...

3.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/05/15 12:0 a.m.•17 views

WordPress Download Manager Plugin <= 2.2.2 - XSS

This plugin is prone to admin.php cid parameter cross site scripting vulnerability. Solution Update the plugin...

2.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2015/05/15 12:0 a.m.•17 views

WordPress Annonces Plugin <= 1.2.0.1 - Shell Upload

This plugin is prone to a shell upload vulnerability. Solution Update plugin...

1.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/05/15 12:0 a.m.•17 views

WordPress Banners Lite Plugin <= 1.4.0 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
•added 2015/05/15 12:0 a.m.•17 views

WordPress eShop Magic Plugin <= 0.1 - Local File Inclusion

This plugin is prone to eshop-magic/download.php file parameter traversal arbitrary file access vulnerability. It allows attackers to disclose sensitive information. Solution Update the plugin...

3.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/03/31 12:0 a.m.•17 views

WordPress SP Project & Document Manager Plugin 2.5.3 - Blind SQL Injection

SP Project & Document Manager plugin is prone to a blind SQL injection that is in the thumbnails function location: /wp-content/plugins/sp-client-document-manager/ajax.php. Solution Upgrade the plugin...

1.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/03/14 12:0 a.m.•17 views

WordPress SEO by Yoast Plugin <= 1.7.3 - Multiple Vulnerabilities

Multiple cross-site request forgery vulnerabilities exist in admin/class-bulk-editor-list-table.php. Because of these vulnerabilities, the attackers can hijack the authentication of certain users for requests that conduct SQL injection attacks. Solution Update the plugin...

6.8CVSS3.9AI score0.01521EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/01/13 12:0 a.m.•17 views

WordPress Another WordPress Classifieds Plugin - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the query string to the default URI. Solution Update the plugin...

4.3CVSS3AI score0.01633EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/01/08 12:0 a.m.•17 views

WordPress Flashy Theme <= 1.3 - XSS

This vulnerability allows the attackers to inject arbitrary web script or HTML via unspecified vectors. Solution This theme is no longer being developed or maintained. It is recommended to stop using it...

4.3CVSS3.3AI score0.01973EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2015/01/08 12:0 a.m.•17 views

WordPress Banner Effect Header Plugin <= 1.2.6 - Multiple Vulnerabilities

A cross site request forgery and cross site scripting are in this plugin. Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks via the "bannereffectemail" parameter, that is in the BannerEffectOption...

6.8CVSS3.5AI score0.01151EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2015/01/02 12:0 a.m.•17 views

WordPress Frontend Uploader Plugin <= 0.9.2 - XSS

This vulnerability allows the attackers to inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS2.8AI score0.06701EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/12/11 12:0 a.m.•17 views

WordPress TwitterDash Plugin <= 2.1 - CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...

6.8CVSS3.4AI score0.01001EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2014/12/07 12:0 a.m.•17 views

WordPress Bird Feeder Plugin <= 1.2.3 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution This plugin is closed...

6.8CVSS3.6AI score0.01151EPSS
Exploits4References1Affected Software1
Total number of security vulnerabilities5000