Lucene search
K
PatchstackRecent

46606 matches found

Patchstack
Patchstack
added 2026/01/08 10:57 p.m.10 views

WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification vulnerability

WordPress Tutor LMS - eLearning and online course solution plugin = 3.9.3 - Missing Authorization to Authenticated Subscriber+ Arbitrary Coupon Modification vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.3...

4.3CVSS7AI score0.00202EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/08 10:56 p.m.6 views

WordPress WP Table Builder plugin <= 2.0.19 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation vulnerability

Incorrect Authorization to Authenticated Subscriber+ Arbitrary Table Creation vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Table Builder versions = 2.0.19...

4.3CVSS7AI score0.00242EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/08 10:49 p.m.5 views

WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass vulnerability

WordPress Tutor LMS - eLearning and online course solution plugin = 3.9.3 - Missing Authorization to Authenticated Subscriber+ Course Enrollment Bypass vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.3...

4.3CVSS7AI score0.00202EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/08 10:42 p.m.7 views

WordPress WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpgsv_map' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'wpgsvmap' Shortcode vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin WP Google Street View versions = 1.1.8...

6.4CVSS5.8AI score0.00199EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/08 10:41 p.m.5 views

WordPress BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast SEO + WooCommerce plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress BIALTY - Bulk Image Alt Text Alt tag, Alt Attribute with Yoast SEO + WooCommerce plugin = 2.2.1 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Bulk Auto Image Alt Text Alt tag, Alt attribute optimization image...

6.4CVSS5.7AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/08 10:40 p.m.5 views

WordPress BetterDocs plugin <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BetterDocs versions = 4.3.3...

6.5CVSS6.9AI score0.00321EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/08 10:39 p.m.8 views

WordPress IndieWeb plugin <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability discovered by Tharadol Suksamran in WordPress Plugin IndieWeb versions = 4.0.5...

6.4CVSS5.7AI score0.00205EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/01/08 10:36 p.m.7 views

WordPress Forminator Forms plugin <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export vulnerability

Missing Authorization to Authenticated Forminator User+ CSV Export vulnerability discovered by type5afe in WordPress Plugin Forminator versions = 1.49.1...

5.3CVSS6.9AI score0.00262EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/08 10:33 p.m.6 views

WordPress Post Expirator plugin <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow Manipulation vulnerability

Missing Authorization to Authenticated Contributor+ Workflow Manipulation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Post Expirator versions = 4.9.3...

5.4CVSS6.9AI score0.00296EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/08 10:31 p.m.6 views

WordPress weDocs plugin <= 2.1.15 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by DityaRA in WordPress Plugin weDocs versions = 2.1.15...

5.3CVSS6.9AI score0.00318EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/08 10:31 p.m.6 views

WordPress Clearfy plugin <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering vulnerability

Cross-Site Request Forgery to Update Notification Tampering vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Clearfy Cache versions = 2.4.0...

4.3CVSS6.9AI score0.00124EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/08 10:29 p.m.5 views

WordPress Japanized for WooCommerce plugin <= 2.7.17 - Missing Authorization to Unauthenticated Order Status Modification vulnerability

Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Japanized For WooCommerce versions = 2.7.17...

5.3CVSS6.9AI score0.00236EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/08 7:36 p.m.8 views

WordPress tagDiv Composer plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin tagDiv Composer versions = 5.4.2...

6.1CVSS5.3AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 6:46 p.m.6 views

WordPress BA Book Everything plugin <= 1.8.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin BA Book Everything versions = 1.8.16...

9.8CVSS5.4AI score0.00155EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 6:6 p.m.7 views

WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by Kishan Vyas in WordPress Plugin User Registration versions = 4.4.9...

8.1CVSS5.5AI score0.00162EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 2:41 p.m.5 views

WordPress GiveWP plugin <= 4.13.1 - Arbitrary Shortocde Execution vulnerability

Arbitrary Shortocde Execution vulnerability discovered by Kishan Vyas in WordPress Plugin GiveWP versions = 4.13.1...

7.8CVSS7.1AI score0.00233EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 2:18 p.m.6 views

WordPress Zorka theme <= 1.5.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Zorka versions = 1.5.7...

5.3CVSS7AI score0.00229EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 2:6 p.m.5 views

WordPress WP Quick Post Duplicator plugin <= 2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Quick Post Duplicator versions = 2.1...

4.3CVSS5.4AI score0.00218EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 1:58 p.m.3 views

WordPress NextGEN Download Gallery plugin <= 1.6.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin NextGEN Download Gallery versions = 1.6.2...

7AI score0.00018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 1:54 p.m.4 views

WordPress Kenta Companion plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Kenta Companion versions = 1.3.3...

4.3CVSS5.5AI score0.00098EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 1:46 p.m.4 views

WordPress Campaign Monitor for WordPress plugin <= 2.9.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Campaign Monitor for WordPress versions = 2.9.0...

4.3CVSS7AI score0.00202EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 1:35 p.m.5 views

WordPress WP Lead Capturing Pages plugin <= 2.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Lead Capturing Pages versions = 2.5...

9.8CVSS8.1AI score0.00372EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 1:22 p.m.6 views

WordPress Super Interactive Maps plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Super Interactive Maps versions = 2.3...

6.1CVSS6.1AI score0.00237EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 1:18 p.m.8 views

WordPress Magic Responsive Slider and Carousel WordPress plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Magic Responsive Slider and Carousel WordPress versions = 1.6...

6.1CVSS6.1AI score0.00237EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 1:18 p.m.7 views

WordPress Magic Slider plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Magic Slider versions = 2.2...

6.1CVSS6.1AI score0.00237EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 1:16 p.m.7 views

WordPress Image&Video FullScreen Background plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Image&Video FullScreen Background versions = 1.6.7...

6.1CVSS6.1AI score0.00263EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 1:16 p.m.7 views

WordPress Anarkali theme <= 1.0.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Anarkali versions = 1.0.9...

9.8CVSS7.1AI score0.00561EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 1:15 p.m.6 views

WordPress Depot theme <= 1.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Depot versions = 1.16...

9.8CVSS7.1AI score0.00504EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 1:15 p.m.6 views

WordPress Amuli theme <= 2.3.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Amuli versions = 2.3.0...

9.8CVSS7.1AI score0.00504EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 1:14 p.m.7 views

WordPress Athens theme <= 1.1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Athens versions = 1.1.6...

9.8CVSS7.1AI score0.00519EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 1:13 p.m.7 views

WordPress HTML5 Video Player with Playlist & Multiple Skins plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin HTML5 Video Player with Playlist & Multiple Skins versions = 5.3.5...

6.1CVSS6.1AI score0.00263EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 10:19 a.m.7 views

WordPress HTML5 Video Player plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin HTML5 Video Player versions = 5.3.5...

6.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 10:16 a.m.7 views

WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability

CSS Injection vulnerability discovered by Krissaphat Jankaew in WordPress Plugin Easy Media Download versions = 1.1.11...

5.4CVSS7.3AI score0.00243EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 8:59 a.m.5 views

WordPress Famous - Responsive Image And Video Grid Gallery WordPress Plugin plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress Famous - Responsive Image And Video Grid Gallery WordPress Plugin plugin = 1.4 - Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Famous - Responsive Image And Video Grid Gallery WordPress Plugin versions = 1.4...

6.1CVSS6.1AI score0.00228EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 8:31 a.m.5 views

WordPress CountDown With Image or Video Background plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin CountDown With Image or Video Background versions = 1.5...

6.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 8:13 a.m.6 views

WordPress Felan Framework plugin <= 1.1.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Felan Framework versions = 1.1.3...

9.8CVSS8.1AI score0.00359EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 8:12 a.m.4 views

WordPress Felan Framework plugin <= 1.1.3 - Account Takeover vulnerability

Account Takeover vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Felan Framework versions = 1.1.3...

9.8CVSS7AI score0.00429EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 8:6 a.m.6 views

WordPress VideoPro theme <= 2.3.8.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme VideoPro versions = 2.3.8.1...

7.1AI score0.00466EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 8:6 a.m.7 views

WordPress Workreap (theme's plugin) plugin <= 3.3.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin Workreap theme's plugin versions = 3.3.6...

9.8CVSS8.1AI score0.00321EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 8:0 a.m.5 views

WordPress nK Themes Helper plugin <= 1.7.9 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Plugin nK Themes Helper versions = 1.7.9...

9.1CVSS7AI score0.00217EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 7:57 a.m.7 views

WordPress WP Virtual Assistant plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Virtual Assistant versions = 3.1...

5.4CVSS5.4AI score0.00222EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 7:55 a.m.7 views

WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Arbitrary Content Deletion vulnerability

WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin = 1.25 - Arbitrary Content Deletion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Attractive Donations System - Easy Stripe & Paypal donations versions = 1.25...

8.1CVSS7AI score0.0038EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 7:46 a.m.6 views

WordPress WooCommerce Orders & Customers Exporter plugin <= 5.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WooCommerce Orders & Customers Exporter versions = 5.4...

9.8CVSS8.1AI score0.00321EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 7:45 a.m.4 views

WordPress Blockons plugin <= 1.2.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Blockons versions = 1.2.15...

9.8CVSS7AI score0.00287EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 7:41 a.m.4 views

WordPress Ultimate Gift Cards For WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin Ultimate Gift Cards For WooCommerce versions = 3.2.4...

5.3CVSS5.4AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/08 6:56 a.m.7 views

WordPress Tutor LMS plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure via tutororderdetails vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.3...

6.5CVSS6.9AI score0.00207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/08 5:9 a.m.9 views

WordPress Quiz And Survey Master plugin <= 10.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Quiz And Survey Master versions = 10.3.3...

8.8CVSS5.4AI score0.00152EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/07 10:43 p.m.6 views

WordPress Gutenverse Form plugin <= 2.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by andrea bocchetti in WordPress Plugin Gutenverse Form versions = 2.3.2...

6.4CVSS5.7AI score0.00273EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/07 10:31 p.m.7 views

WordPress Folders plugin <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement vulnerability

Missing Authorization to Authenticated Author+ Media Replacement vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Folders versions = 3.1.5...

4.3CVSS7AI score0.00158EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/07 10:18 p.m.4 views

WordPress Block Slider plugin <= 2.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin Block Slider versions = 2.2.3...

6.5CVSS7AI score0.00269EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46606