Lucene search
K
PatchstackRecent

46606 matches found

Patchstack
Patchstack
•added 2026/01/07 8:48 p.m.•9 views

WordPress Handmade Framework plugin <= 3.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Handmade Framework versions = 3.9...

7.5CVSS7AI score0.00383EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 6:53 p.m.•5 views

WordPress MediaPress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin MediaPress versions = 1.6.2...

6.5CVSS6AI score0.0017EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 6:17 p.m.•6 views

WordPress WPAdverts plugin <= 2.2.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin WPAdverts versions = 2.2.11...

6.5CVSS5.4AI score0.00264EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 3:34 p.m.•4 views

WordPress FiboSearch plugin <= 1.32.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin FiboSearch versions = 1.32.1...

7.5CVSS5.4AI score0.00222EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 3:33 p.m.•6 views

WordPress X Addons for Elementor plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin X Addons for Elementor versions = 1.0.23...

6.5CVSS6AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 3:18 p.m.•7 views

WordPress Jeg Elementor Kit plugin <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 3.0.1...

6.4CVSS5.7AI score0.00192EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 1:49 p.m.•8 views

WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin GA4WP: Google Analytics for WordPress versions = 2.10.0...

5.4CVSS7AI score0.0017EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 1:10 p.m.•4 views

WordPress Typify theme <= 3.0.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Typify versions = 3.0.2...

9.8CVSS7.1AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 1:1 p.m.•5 views

WordPress Racquet theme <= 1.12.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Racquet versions = 1.12.0...

7.1AI score0.00327EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 12:59 p.m.•6 views

WordPress Mitech theme <= 2.3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Mitech versions = 2.3.4...

9.8CVSS7.1AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 12:58 p.m.•5 views

WordPress Moody theme <= 2.7.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Moody versions = 2.7.3...

9.8CVSS7.1AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 12:58 p.m.•4 views

WordPress Atlas theme <= 2.1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Atlas versions = 2.1.0...

9.8CVSS7.1AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 12:57 p.m.•5 views

WordPress Navian theme <= 1.5.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Navian versions = 1.5.4...

9.8CVSS7.1AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 12:57 p.m.•5 views

WordPress Brook - Agency Business Creative theme <= 2.9.0 - Local File Inclusion vulnerability

WordPress Brook - Agency Business Creative theme = 2.9.0 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Brook versions = 2.9.0...

9.8CVSS7AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 12:56 p.m.•5 views

WordPress AeroLand theme <= 1.6.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme AeroLand versions = 1.6.6...

9.8CVSS7.1AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 12:53 p.m.•5 views

WordPress Oshine theme <= 7.2.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Oshine versions = 7.2.7...

9.8CVSS7AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 12:51 p.m.•6 views

WordPress Real Estate Pro plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Real Estate Pro versions = 2.1.4...

6.1CVSS6.1AI score0.00228EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 12:46 p.m.•5 views

WordPress Stackable plugin <= 3.19.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Stackable versions = 3.19.5...

5.4CVSS5.3AI score0.00252EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 12:44 p.m.•6 views

WordPress ListingHub plugin 1.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin ListingHub versions 1.2.6...

6.1CVSS6.1AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 12:30 p.m.•6 views

WordPress REHub Framework plugin <= 19.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin REHub Framework versions = 19.9.5...

9.8CVSS7AI score0.00287EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 12:27 p.m.•6 views

WordPress OchaHouse theme <= 2.2.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme OchaHouse versions = 2.2.8...

9.8CVSS7.1AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 12:27 p.m.•4 views

WordPress Rozy - Flower Shop theme <= 1.2.25 - Local File Inclusion vulnerability

WordPress Rozy - Flower Shop theme = 1.2.25 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rozy - Flower Shop versions = 1.2.25...

9.8CVSS7.1AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 12:12 p.m.•8 views

WordPress Awesome Hotel Booking plugin <= 1.0 - Incorrect Authorization to Unauthenticated Arbitrary Booking Modification vulnerability

Incorrect Authorization to Unauthenticated Arbitrary Booking Modification vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Awesome Hotel Booking versions = 1.0...

5.3CVSS6.8AI score0.00236EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 11:53 a.m.•5 views

WordPress Testimonial Master plugin <= 0.2.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Testimonial Master versions = 0.2.1...

6.1CVSS6.3AI score0.00324EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 11:49 a.m.•5 views

WordPress CoBlocks plugin <= 3.1.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin CoBlocks versions = 3.1.16...

6.5CVSS5.4AI score0.0013EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 11:41 a.m.•5 views

WordPress Starred Review plugin <= 1.4.2 - Reflected Cross-Site Scripting via PHP_SELF Variable vulnerability

Reflected Cross-Site Scripting via PHPSELF Variable vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Starred Review versions = 1.4.2...

6.1CVSS6.2AI score0.00313EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 11:35 a.m.•12 views

WordPress Post Like Dislike plugin <= 1.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Post Like Dislike versions = 1.0...

6.1CVSS6.2AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 11:31 a.m.•7 views

WordPress Stumble! for WordPress plugin <= 1.1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Stumble! for WordPress versions = 1.1.1...

6.1CVSS6.2AI score0.00264EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 11:25 a.m.•11 views

WordPress WP Widget Changer plugin <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin WP Widget Changer versions = 1.2.5...

6.1CVSS6.2AI score0.00265EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 11:21 a.m.•6 views

WordPress AA Block country plugin <= 1.0.1 - Unauthenticated IP Address Spoofing via X-Forwarded-For Header vulnerability

Unauthenticated IP Address Spoofing via X-Forwarded-For Header vulnerability discovered by Ivan Cese in WordPress Plugin AA Block country versions = 1.0.1...

5.3CVSS6.8AI score0.00205EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 11:20 a.m.•11 views

WordPress Piraeus Bank WooCommerce Payment Gateway plugin <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change vulnerability

Missing Authorization to Unauthenticated Arbitrary Order Status Change vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Piraeus Bank WooCommerce Payment Gateway versions = 3.1.4...

5.3CVSS6.8AI score0.0036EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 11:18 a.m.•14 views

WordPress Stylish Order Form Builder plugin <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'productname' Parameter vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin Stylish Order Form Builder versions = 1.0...

6.4CVSS5.6AI score0.00243EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 11:8 a.m.•6 views

WordPress Ninja Tables plugin <= 5.2.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Ninja Tables versions = 5.2.4...

6.5CVSS8.1AI score0.00205EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 9:6 a.m.•5 views

WordPress Accordion plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NumeX in WordPress Plugin Accordion versions = 3.0.3...

6.5CVSS6.1AI score0.0014EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 8:7 a.m.•7 views

WordPress Unify plugin <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter vulnerability

Missing Authorization to Unauthenticated Option Deletion via 'unifyplugindowngrade' Parameter vulnerability discovered by Legion Hunter in WordPress Plugin Unify versions = 3.4.9...

5.3CVSS6.8AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 8:7 a.m.•7 views

WordPress Media Search Enhanced plugin <= 0.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nabil Irawan in WordPress Plugin Media Search Enhanced versions = 0.9.1...

7.6CVSS5.9AI score0.00279EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 8:5 a.m.•7 views

WordPress WP Enable WebP plugin <= 1.0 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin WP Enable WebP versions = 1.0...

8.8CVSS6.9AI score0.00433EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 8:0 a.m.•6 views

WordPress Docket Cache plugin <= 24.07.04 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Docket Cache versions = 24.07.04...

4.3CVSS7AI score0.00256EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 8:0 a.m.•5 views

WordPress SVG Map Plugin plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin SVG Map Plugin versions = 1.0.0...

6.1CVSS5.8AI score0.00115EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 7:54 a.m.•7 views

WordPress Premmerce WooCommerce Customers Manager plugin <= 1.1.14 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Premmerce WooCommerce Customers Manager versions = 1.1.14...

6.1CVSS6.1AI score0.00269EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 7:48 a.m.•4 views

WordPress WP Photo Album Plus plugin <= 9.1.05.008 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Photo Album Plus versions = 9.1.05.008...

7.1CVSS6.2AI score0.0023EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 7:46 a.m.•6 views

WordPress HBLPAY Payment Gateway for WooCommerce plugin <= 5.0.0 - Reflected Cross-Site Scripting via 'cusdata' Parameter vulnerability

Reflected Cross-Site Scripting via 'cusdata' Parameter vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin HBLPAY Payment Gateway for WooCommerce versions = 5.0.0...

6.1CVSS6.2AI score0.00168EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 7:38 a.m.•6 views

WordPress Bit Form - Contact Form Plugin plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay vulnerability

WordPress Bit Form - Contact Form Plugin plugin = 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay vulnerability discovered by andrea bocchetti in WordPress Plugin Bit Form versions = 2.21.6...

6.5CVSS6.8AI score0.0035EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 7:33 a.m.•4 views

WordPress Flashcard Plugin for WordPress plugin <= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal vulnerability

Authenticated Contributor+ Arbitrary File Read via Path Traversal vulnerability discovered by Bhumividh Treloges in WordPress Plugin Flashcard versions = 0.9...

6.5CVSS6.8AI score0.00298EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 7:29 a.m.•10 views

WordPress RSS Feed Widget plugin <= 3.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin RSS Feed Widget versions = 3.0.2...

5.4CVSS7AI score0.0017EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 7:23 a.m.•6 views

WordPress Customer Reviews for WooCommerce plugin <= 5.93.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via displayName Parameter vulnerability discovered by shark3y in WordPress Plugin Customer Reviews for WooCommerce versions = 5.93.1...

6.4CVSS5.5AI score0.00242EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 7:18 a.m.•8 views

WordPress EmailKit plugin <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path Traversal vulnerability

Authenticated Author+ Arbitrary File Read via Path Traversal vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin EmailKit versions = 1.6.1...

6.5CVSS6.9AI score0.00249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 7:17 a.m.•6 views

WordPress Bulk Landing Page Creator for WordPress LPagery plugin <= 2.4.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Bulk Landing Page Creator for WordPress LPagery versions = 2.4.9...

5.4CVSS6.8AI score0.00173EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/07 7:11 a.m.•11 views

WordPress User Activity Log plugin <= 2.2 - Unauthenticated Limited Options Update via Failed Login vulnerability

Unauthenticated Limited Options Update via Failed Login vulnerability discovered by shark3y in WordPress Plugin User Activity Log versions = 2.2...

7.5CVSS6.8AI score0.00335EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2026/01/07 6:56 a.m.•6 views

WordPress ShopMagic plugin <= 4.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Arif Shaikh in WordPress Plugin ShopMagic versions = 4.7.2...

5.3CVSS7AI score0.00184EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46606