Lucene search
K
PatchstackRecent

46606 matches found

Patchstack
Patchstack
added 2026/01/06 10:18 p.m.5 views

WordPress Rankology SEO and Analytics Tool plugin <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation vulnerability

Incorrect Authorization to Authenticated Editor+ Header & Footer Code Creation vulnerability discovered by SangNQ29 in WordPress Plugin Rankology SEO and Analytics Tool versions = 2.0...

2.7CVSS6.9AI score0.0021EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 10:17 p.m.6 views

WordPress aBlocks - WordPress Gutenberg Blocks plugin <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification vulnerability

WordPress aBlocks - WordPress Gutenberg Blocks plugin = 2.4.0 - Missing Authorization to Authenticated Subscriber+ Settings Modification vulnerability discovered by mahdi salhi CaptinSharky01 - CaptinSharku in WordPress Plugin aBlocks versions = 2.4.0...

5.4CVSS6.8AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 10:15 p.m.8 views

WordPress Key Figures plugin <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting via kf_field_figure_default_color_render vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via kffieldfiguredefaultcolorrender vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Key Figures versions = 1.1...

4.4CVSS5.6AI score0.00192EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 10:15 p.m.9 views

WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion vulnerability

WordPress LearnPress - WordPress LMS Plugin plugin = 4.3.2.2 - Insecure Direct Object Reference to Authenticated Instructor+ Teacher Material Deletion vulnerability discovered by Deniz Mert dennywise in WordPress Plugin LearnPress versions = 4.3.2.1...

5.4CVSS6.8AI score0.00295EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 10:12 p.m.5 views

WordPress Quote Comments plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Quote Comments versions = 3.0.0...

5.3CVSS6.8AI score0.00158EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 10:10 p.m.5 views

WordPress Newsletter Email Subscribe plugin <= 2.4 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Newsletter Email Subscribe versions = 2.4...

4.3CVSS6.8AI score0.00102EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 9:58 p.m.6 views

WordPress Simple User Meta Editor plugin <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via User Meta Value Field vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via User Meta Value Field vulnerability discovered by Bhumividh Treloges in WordPress Plugin Simple User Meta Editor versions = 1.0.0...

4.4CVSS5.6AI score0.00154EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 9:50 p.m.5 views

WordPress twinklesmtp - Email Service Provider For WordPress plugin <= 1.03 - Authenticated (Administrator+) Stored Cross-Site Scripting via Sender Settings vulnerability

WordPress twinklesmtp - Email Service Provider For WordPress plugin = 1.03 - Authenticated Administrator+ Stored Cross-Site Scripting via Sender Settings vulnerability discovered by Bhumividh Treloges in WordPress Plugin twinklesmtp versions = 1.03...

4.4CVSS5.6AI score0.00203EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 9:47 p.m.6 views

WordPress HelpDesk contact form plugin plugin <= 1.1.5 - Cross-Site Request Forgery to Settings Update via handle_query_args vulnerability

Cross-Site Request Forgery to Settings Update via handlequeryargs vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin HelpDesk contact form versions = 1.1.5...

4.3CVSS6.8AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 9:46 p.m.12 views

WordPress NS IE Compatibility Fixer plugin <= 2.1.5 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin NS Ie Compatibility Fixer versions = 2.1.5...

4.3CVSS6.8AI score0.00132EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 9:35 p.m.5 views

WordPress AMP for WP - Accelerated Mobile Pages plugin <= 1.1.9 - Cross-Site Request Forgery to Comment Submission vulnerability

WordPress AMP for WP - Accelerated Mobile Pages plugin = 1.1.9 - Cross-Site Request Forgery to Comment Submission vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin AMP for WP versions = 1.1.9...

4.3CVSS6.8AI score0.00132EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 9:27 p.m.4 views

WordPress WP-Members Membership Plugin plugin <= 3.5.4.4 - Unauthenticated Information Exposure via Unprotected Files vulnerability

Unauthenticated Information Exposure via Unprotected Files vulnerability discovered by thinnawarth mathuros in WordPress Plugin WP-Members versions = 3.5.4.4...

5.3CVSS6.8AI score0.00255EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 8:5 p.m.6 views

WordPress teachPress plugin <= 9.0.12 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin teachPress versions = 9.0.12...

5.4CVSS7AI score0.00129EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 7:58 p.m.6 views

WordPress IMGspider plugin <= 2.3.12 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin IMGspider versions = 2.3.12...

9.1CVSS7AI score0.00141EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 7:37 p.m.7 views

WordPress BD Courier Order Ratio Checker plugin <= 2.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin BD Courier Order Ratio Checker versions = 2.0.1...

8.8CVSS7AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 6:3 p.m.5 views

WordPress myCred plugin <= 2.9.7.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin myCred versions = 2.9.7.3...

4.3CVSS5.3AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 5:5 p.m.5 views

WordPress The Events Calendar Countdown Addon plugin <= 1.4.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin The Events Calendar Countdown Addon versions = 1.4.15...

5.4CVSS7AI score0.00152EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 1:15 p.m.7 views

WordPress Essential Addons for Elementor plugin <= 6.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Essential Addons for Elementor versions = 6.5.3...

6.5CVSS6.1AI score0.00127EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 12:6 p.m.5 views

WordPress Hendon theme < 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Hendon versions 1.7...

8.1CVSS7AI score0.00434EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 12:1 p.m.5 views

WordPress Taskbuilder plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Taskbuilder versions = 4.0.9...

6.1CVSS6.1AI score0.00146EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 11:49 a.m.6 views

WordPress Listeo Core plugin < 2.0.19 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Listeo Core versions 2.0.19...

6.1CVSS6.1AI score0.00146EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 11:46 a.m.5 views

WordPress Curly theme < 3.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Curly versions 3.3...

8.1CVSS7AI score0.00434EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 11:45 a.m.4 views

WordPress Optimize theme < 2.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Optimize versions 2.4...

8.1CVSS7AI score0.00434EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 11:45 a.m.4 views

WordPress Wellspring theme < 2.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wellspring versions 2.8...

8.1CVSS7AI score0.00434EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 11:44 a.m.5 views

WordPress BulletProof Security plugin <= 6.9 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin BulletProof Security versions = 6.9...

7.5CVSS7AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 10:13 a.m.5 views

WordPress eHive Search plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin eHive Search versions = 2.5.0...

6.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 9:59 a.m.7 views

WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Better Business Reviews versions = 0.1.1...

5.4CVSS5.4AI score0.00275EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 9:52 a.m.8 views

WordPress Quiz and Survey Master (QSM) plugin <= 10.3.1 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads vulnerability

Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads vulnerability discovered by Rahul Sreenivasan Tr0j4n - Mobikwik in WordPress Plugin Quiz And Survey Master versions = 10.3.1...

6.5CVSS6.4AI score0.00229EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 9:45 a.m.9 views

WordPress Xagio SEO plugin <= 7.1.0.30 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Jack Taylor in WordPress Plugin Xagio SEO versions = 7.1.0.30...

6.4CVSS6.8AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 9:42 a.m.8 views

WordPress Ultimate Reviews plugin <= 3.2.16 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Doan Dinh Van in WordPress Plugin Ultimate Reviews versions = 3.2.16...

5.3CVSS5.4AI score0.00203EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 8:13 a.m.6 views

WordPress Timetics plugin <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification vulnerability

Missing Authorization to Unauthenticated Booking Details View And Modification vulnerability discovered by greenhats - Student in WordPress Plugin Timetics versions = 1.0.36...

6.5CVSS6.8AI score0.0021EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 8:7 a.m.10 views

WordPress Simply Schedule Appointments plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.5...

6.5CVSS6.9AI score0.00182EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 7:51 a.m.5 views

WordPress CBX Bookmark & Favorite plugin <= 2.0.4 - Authenticated (Subscriber+) SQL Injection via `orderby` Parameter vulnerability

Authenticated Subscriber+ SQL Injection via orderby Parameter vulnerability discovered by Muhamad Visat in WordPress Plugin CBX Bookmark & Favorite versions = 2.0.4...

6.5CVSS8AI score0.01077EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 7:14 a.m.10 views

WordPress ForumWP – Forum & Discussion Board plugin <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Display Name vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Display Name vulnerability discovered by Sergej Ljubojevic in WordPress Plugin ForumWP versions = 2.1.6...

6.4CVSS5.6AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 6:47 a.m.5 views

WordPress FS Registration Password plugin <= 1.0.1 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Drew Webber mcdruid in WordPress Plugin FS Registration Password versions = 1.0.1...

9.8CVSS6.8AI score0.00343EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 6:26 a.m.8 views

WordPress BuddyPress Xprofile Custom Field Types plugin <= 1.2.8 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin BuddyPress Xprofile Custom Field Types versions = 1.2.8...

7.2CVSS6.8AI score0.00615EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 6:21 a.m.6 views

WordPress EduBlink Core plugin <= 2.0.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin EduBlink Core versions = 2.0.7...

7.5CVSS5.4AI score0.00306EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 6:18 a.m.6 views

WordPress FastDup plugin <= 2.7 - Authenticated (Contributor+) Path Traversal via 'dir_path' REST Parameter vulnerability

Authenticated Contributor+ Path Traversal via 'dirpath' REST Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin FastDup versions = 2.7...

6.5CVSS6.9AI score0.00318EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 6:12 a.m.11 views

WordPress AS Password Field In Default Registration Form plugin <= 2.0.0 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Drew Webber mcdruid in WordPress Plugin AS Password Field In Default Registration Form versions = 2.0.0...

9.8CVSS6.8AI score0.00317EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 6:10 a.m.6 views

WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

5.4AI score0.002EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 6:9 a.m.8 views

WordPress Download Manager plugin <= 3.3.40 - Unauthenticated Limited Privilege Escalation via updatePassword vulnerability

Unauthenticated Limited Privilege Escalation via updatePassword vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Download Manager versions = 3.3.40...

7.3CVSS6.9AI score0.00168EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/06 5:40 a.m.7 views

WordPress EduBlink theme <= 2.0.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme EduBlink versions = 2.0.7...

5.3CVSS5.4AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 5:6 a.m.5 views

WordPress AffiliateX plugin <= 1.3.9.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin AffiliateX versions = 1.3.9.3...

5.4CVSS7AI score0.00152EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 4:1 a.m.10 views

WordPress Easy Form Builder plugin <= 3.9.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Easy Form Builder versions = 3.9.6...

8.8CVSS7AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/06 3:13 a.m.5 views

WordPress FireStorm Professional Real Estate plugin <= 2.7.11 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Mrreee in WordPress Plugin FireStorm Professional Real Estate versions = 2.7.11...

7.6CVSS8.1AI score0.00279EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:44 p.m.10 views

WordPress Quiz And Survey Master plugin <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Quiz Results Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Quiz And Survey Master versions = 10.3.1...

4.3CVSS6.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:42 p.m.8 views

WordPress LearnPress – WordPress LMS Plugin plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification vulnerability

Missing Authentication to Unauthenticated Course Modification vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin LearnPress versions = 4.3.2...

5.3CVSS6.8AI score0.00232EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:41 p.m.5 views

WordPress MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion vulnerability

for Online Courses and Education plugin = 3.7.6 Missing Authorization to Authenticated Subscriber+ Posts and Media Creation, Modification and Deletion vulnerability discovered by thinnawarth mathuros in WordPress Plugin MasterStudy LMS versions = 3.7.6...

5.4CVSS6.8AI score0.00146EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:39 p.m.6 views

WordPress TaxoPress plugin <= 3.41.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Tag Modification vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Post Tag Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin TaxoPress versions = 3.41.0...

4.3CVSS6.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:37 p.m.8 views

WordPress Table Field Add-on for ACF and SCF plugin <= 1.3.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table Cell Content vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Table Cell Content vulnerability discovered by shark3y in WordPress Plugin Table Field Add-on for ACF and SCF versions = 1.3.30...

6.4CVSS5.5AI score0.00159EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46606