Lucene search
K
PatchstackRecent

46606 matches found

Patchstack
Patchstack
added 2026/01/05 10:33 p.m.8 views

WordPress GamiPress plugin <= 7.6.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Information Exposure vulnerability discovered by kr0d in WordPress Plugin GamiPress versions = 7.6.1...

4.3CVSS6.7AI score0.00172EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:10 p.m.5 views

WordPress Phlox plugin <= 2.17.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute vulnerability

Software : Phlox Type : Theme Vulnerable versions : = 2.17.7 Fixed in : 2.17.11 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-4776 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID :...

6.4CVSS6.1AI score0.00156EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:10 p.m.6 views

WordPress Phlox plugin <= 2.17.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-caption HTML Attribute vulnerability discovered by Webbernaut in WordPress Theme Phlox versions = 2.17.7...

6.4CVSS5.7AI score0.00156EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:1 p.m.5 views

WordPress Popupkit plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Subscriber Data Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Subscriber Data Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin PopupKit versions = 2.2.0...

5.3CVSS6.8AI score0.002EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:0 p.m.5 views

WordPress URL Image Importer plugin <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by bxdman in WordPress Plugin URL Image Importer versions = 1.0.7...

6.4CVSS5.6AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/05 9:58 p.m.7 views

WordPress Depicter plugin <= 4.0.7 - Missing Authorization to Unauthenticated Display Rule Updates vulnerability

Missing Authorization to Unauthenticated Display Rule Updates vulnerability discovered by Brizzle in WordPress Plugin Depicter Slider versions = 4.0.7...

5.3CVSS6.9AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/05 9:52 p.m.5 views

WordPress ilGhera Support System for WooCommerce plugin <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Ticket Deletion vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Woocommerce Support System versions = 1.2.6...

5.3CVSS6.9AI score0.00236EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/05 9:50 p.m.6 views

WordPress Page Expire Popup/Redirection for WordPress plugin <= 1.0 - Authenticated (Author+) SQL Injection via 'id' Shortcode Attribute vulnerability

Authenticated Author+ SQL Injection via 'id' Shortcode Attribute vulnerability discovered by WordFence in WordPress Plugin Page Expire Popup/Redirection for WordPress versions = 1.0...

6.5CVSS7.8AI score0.00242EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/05 9:47 p.m.7 views

WordPress Form Vibes – Database Manager for Forms plugin <= 1.4.13 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by tmrswrr in WordPress Plugin Form Vibes – Database Manager for Forms versions = 1.4.13...

4.9CVSS8AI score0.00266EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/05 3:29 p.m.5 views

WordPress Cookies and Content Security Policy plugin <= 2.34 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by MD ISMAIL in WordPress Plugin Cookies and Content Security Policy versions = 2.34...

7.5CVSS7AI score0.00352EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 1:10 p.m.5 views

WordPress Post and Page Builder by BoldGrid plugin <= 1.27.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Post and Page Builder by BoldGrid versions = 1.27.9...

5.4CVSS6.8AI score0.00152EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 12:45 p.m.8 views

WordPress Automotive Listings plugin <= 18.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Automotive Listings versions = 18.6...

9.8CVSS8.1AI score0.00289EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 11:55 a.m.5 views

WordPress Fluent Support plugin <= 1.10.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Fluent Support versions = 1.10.4...

8.8CVSS7AI score0.00253EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 11:47 a.m.6 views

WordPress Corpkit theme <= 2.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Corpkit versions = 2.0...

8.1CVSS7AI score0.0047EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 11:44 a.m.4 views

WordPress Corpkit theme <= 2.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Bonds in WordPress Theme Corpkit versions = 2.0...

9.8CVSS7AI score0.00326EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 11:41 a.m.7 views

WordPress Spiffy Calendar plugin <= 5.0.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Spiffy Calendar versions = 5.0.7...

8.1CVSS7AI score0.00162EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 11:38 a.m.6 views

WordPress Link Whisper Free plugin <= 0.8.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ryan Novotny in WordPress Plugin Link Whisper Free versions = 0.8.8...

6.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 11:36 a.m.6 views

WordPress JetEngine plugin <= 3.7.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin JetEngine versions = 3.7.7...

7.1CVSS6.1AI score0.00256EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 11:34 a.m.7 views

WordPress Grand Restaurant theme < 7.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand Restaurant versions 7.0.9...

6.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 11:6 a.m.4 views

WordPress Icegram plugin <= 3.1.35 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Icegram versions = 3.1.35...

6.5CVSS7AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 11:4 a.m.6 views

WordPress Lobo theme < 2.8.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lobo versions 2.8.6...

9.8CVSS8.1AI score0.00253EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:51 a.m.5 views

WordPress Depicter Slider plugin <= 4.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Edisc1 in WordPress Plugin Depicter Slider versions = 4.0.4...

6.5CVSS7AI score0.00255EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:44 a.m.4 views

WordPress Neo Ocular theme < 1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Neo Ocular versions 1.2...

9.8CVSS7AI score0.00412EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:42 a.m.8 views

WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Woffice Core versions = 5.4.30...

8.1CVSS7AI score0.0027EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:40 a.m.6 views

WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Woffice versions = 5.4.30...

6.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:37 a.m.7 views

WordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin GetGenie versions = 4.3.0...

8.8CVSS5.4AI score0.00232EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 10:30 a.m.5 views

WordPress Photography theme < 7.7.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Photography versions 7.7.5...

8.1CVSS7AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 9:58 a.m.5 views

WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Traveler versions = 3.2.6...

8.1CVSS7AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 9:57 a.m.6 views

WordPress Jobify theme <= 4.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Jobify versions = 4.3.0...

6.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 9:33 a.m.5 views

WordPress Demo Importer Plus plugin <= 2.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Demo Importer Plus versions = 2.0.8...

4.3CVSS7AI score0.00152EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 8:0 a.m.6 views

WordPress Sugar Calendar (Lite) plugin <= 3.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Sugar Calendar Lite versions = 3.9.1...

4.3CVSS5.4AI score0.00198EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 7:5 a.m.14 views

WordPress Team plugin < 5.0.11 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Team versions 5.0.11...

8.6CVSS6.7AI score0.0156EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/01/05 7:5 a.m.8 views

WordPress FlexTable Google Sheets Connector plugin < 3.19.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Nguyễn Phước Thiện in WordPress Plugin FlexTable versions 3.19.2...

3.5CVSS6AI score0.00154EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/05 6:22 a.m.11 views

WordPress DeepDigital theme <= 1.0.2 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme DeepDigital versions = 1.0.2...

5.3CVSS7.1AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 5:58 a.m.9 views

WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by daroo in WordPress Plugin Timetics versions = 1.0.46...

9.8CVSS7AI score0.0037EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/05 5:12 a.m.6 views

WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Absolute Addons For Elementor versions = 1.0.14...

4.3CVSS7AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/04 4:32 p.m.5 views

WordPress WP MapIt plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP MapIt versions = 3.0.3...

4.3CVSS7AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/04 4:22 p.m.6 views

WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by John P in WordPress Theme Oneline Lite versions = 6.6...

4.3CVSS7AI score0.00152EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/04 2:36 p.m.7 views

WordPress My auctions allegro plugin <= 3.6.33 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by theviper17 in WordPress Plugin My auctions allegro versions = 3.6.33...

7.5CVSS7AI score0.00484EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/04 1:52 p.m.7 views

WordPress Form to Chat App plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Form to Chat App versions = 1.2.5...

6.5CVSS6.1AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/04 8:22 a.m.8 views

WordPress Add Polylang support for Customizer plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Add Polylang support for Customizer versions = 1.4.5...

4.3CVSS7AI score0.00107EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/04 4:47 a.m.8 views

WordPress CTX Feed plugin <= 6.6.18 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin CTX Feed versions = 6.6.18...

5.3CVSS7AI score0.00314EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/03 5:40 p.m.5 views

WordPress Smart Auto Upload Images plugin <= 1.2.2 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by lilmingwa13 in WordPress Plugin Smart Auto Upload Images versions = 1.2.2...

6.4CVSS5.5AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/03 1:37 p.m.9 views

WordPress Wanderland theme <= 1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wanderland versions = 1.5...

5.3CVSS7AI score0.00235EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/03 1:10 p.m.5 views

WordPress Don Peppe theme <= 1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Don Peppe versions = 1.3...

4.3CVSS7AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/03 12:43 p.m.7 views

WordPress Prowess theme <= 1.8.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Prowess versions = 1.8.1...

5.3CVSS7AI score0.00272EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/03 12:38 p.m.4 views

WordPress Apimo Connector plugin <= 2.6.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rapid0nion in WordPress Plugin Apimo Connector versions = 2.6.5...

5.3CVSS5.4AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/02 3:1 p.m.7 views

WordPress Verdure theme <= 1.6 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Verdure versions = 1.6...

5.4CVSS7AI score0.00229EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/02 2:49 p.m.9 views

WordPress Sweet Jane theme <= 1.2 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sweet Jane versions = 1.2...

5.4CVSS7AI score0.00229EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/02 2:41 p.m.5 views

WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PhotoMe versions 5.7.2...

5.4CVSS5.4AI score0.00141EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46606