Lucene search
K
PatchstackRecent

46618 matches found

Patchstack
Patchstack
added 2025/12/31 9:30 a.m.6 views

WordPress Hotel Listing plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Hotel Listing versions = 1.4.0...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 9:28 a.m.6 views

WordPress Super Logos Showcase plugin <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Super Logos Showcase versions = 2.8...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 9:27 a.m.9 views

WordPress Universal Video Player plugin <= 3.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Universal Video Player versions = 3.8.4...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 9:5 a.m.5 views

WordPress Consulting theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Software : Consulting Type : Theme Vulnerable versions : = 1.5.0 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-63032 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : d51407236b71 Credits :...

6.5CVSS6.1AI score0.00168EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 9:5 a.m.8 views

WordPress Consulting theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Consulting versions = 1.5.0...

6.5CVSS6.1AI score0.00168EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 9:3 a.m.7 views

WordPress Zoho ZeptoMail plugin <= 3.3.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Zoho ZeptoMail versions = 3.3.1...

7.1CVSS6AI score0.00089EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 8:59 a.m.5 views

WordPress Melos theme <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Melos versions = 1.6.0...

6.5CVSS6.1AI score0.00133EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 8:59 a.m.5 views

WordPress Melos theme <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Software : Melos Type : Theme Vulnerable versions : = 1.6.0 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-62136 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : c0fa8aca5616 Credits : Peter...

6.5CVSS6.1AI score0.00133EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 8:57 a.m.5 views

WordPress Everest Backup plugin <= 2.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Everest Backup versions = 2.3.9...

8.1CVSS6.7AI score0.00174EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 8:55 a.m.6 views

WordPress Shuttle theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Shuttle versions = 1.5.0...

6.5CVSS6.1AI score0.00141EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 8:55 a.m.6 views

WordPress Shuttle theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Software : Shuttle Type : Theme Vulnerable versions : = 1.5.0 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-62137 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : af47e07068e3 Credits : Pet...

6.5CVSS6.1AI score0.00141EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 8:54 a.m.8 views

WordPress Funnelforms Free plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Funnelforms Free versions = 3.8...

6.5CVSS5.9AI score0.00137EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 8:52 a.m.5 views

WordPress Series plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Series versions = 2.0.1...

6.5CVSS5.9AI score0.00141EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 8:50 a.m.8 views

WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BuddyPress Activity Shortcode versions = 1.1.8...

6.5CVSS5.9AI score0.00137EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 8:49 a.m.6 views

WordPress Sermon Manager plugin <= 2.30.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Sermon Manager versions = 2.30.0...

6.5CVSS5.8AI score0.00141EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 8:46 a.m.3 views

WordPress MX Time Zone Clocks plugin <= 5.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin MX Time Zone Clocks versions = 5.1.1...

6.5CVSS5.8AI score0.00141EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 8:45 a.m.6 views

WordPress WordPress Tooltips plugin <= 10.9.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin WordPress Tooltips versions = 10.9.3...

6.5CVSS5.8AI score0.00133EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 8:43 a.m.6 views

WordPress Knowledge Base documentation & wiki plugin – BasePress plugin <= 2.17.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Knowledge Base documentation & wiki plugin – BasePress versions = 2.17.0.1...

6.5CVSS5.8AI score0.00141EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 8:28 a.m.7 views

WordPress ListingPro Reviews theme <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin ListingPro Reviews versions 2.9.11...

7.1CVSS5.4AI score0.00228EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 7:23 a.m.7 views

WordPress Knowband Mobile App Builder for wooCommerce plugin < 3.0.0 - Unauthenticated Arbitrary User Deletion vulnerability

Unauthenticated Arbitrary User Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Knowband Mobile App Builder versions 3.0.0...

7.5CVSS6.7AI score0.00213EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 7:23 a.m.5 views

WordPress Ultimate Post Kit plugin < 4.0.16 - Unauthenticated Arbitrary Post Content Disclosure vulnerability

Unauthenticated Arbitrary Post Content Disclosure vulnerability discovered by Drtime in WordPress Plugin Ultimate Post Kit versions 4.0.16...

5.3CVSS6.8AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 6:15 a.m.7 views

WordPress WP Email Capture plugin <= 3.12.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Arif Shaikh in WordPress Plugin WP Email Capture versions = 3.12.5...

8.8CVSS7AI score0.00106EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 5:54 a.m.4 views

WordPress Custom Style plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Custom Style versions = 1.0...

7.1CVSS6.8AI score0.00094EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 5:35 a.m.6 views

WordPress Noindex by Path plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Noindex by Path versions = 1.0...

7.1CVSS6.7AI score0.00096EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 5:31 a.m.6 views

WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Skalucy in WordPress Plugin Custom Post Status versions = 1.1.0...

7.1CVSS5.9AI score0.00096EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 5:28 a.m.6 views

WordPress Recent Posts From Each Category plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Recent Posts From Each Category versions = 1.4...

7.1CVSS6.8AI score0.00096EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 5:26 a.m.4 views

WordPress Social Profilr plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Social Profilr versions = 1.0...

7.1CVSS6.8AI score0.00094EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 5:24 a.m.5 views

WordPress SensitiveTagCloud plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin SensitiveTagCloud versions = 1.4.1...

7.1CVSS6.8AI score0.00094EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 4:37 a.m.6 views

WordPress WP-EasyArchives plugin <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin WP-EasyArchives versions = 3.1.2...

7.1CVSS6.8AI score0.00094EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 4:33 a.m.4 views

WordPress Simple Archive Generator plugin <= 5.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Simple Archive Generator versions = 5.2...

7.1CVSS6.8AI score0.00094EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 4:31 a.m.7 views

WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Behance Portfolio Manager versions = 1.7.5...

7.1CVSS6.8AI score0.00094EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress WP Maps plugin < 4.7.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Maps versions 4.7.2...

4.8CVSS5.9AI score0.00236EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress AHAthat Plugin plugin <= 1.6 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Régis SENET in WordPress Plugin AHAthat versions = 1.6...

7.2CVSS5.9AI score0.00479EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.4 views

WordPress Wishlist plugin <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Wishlist versions = 1.0.43...

6.4CVSS5.4AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress URL Image Importer plugin <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin URL Image Importer versions 1.0-1.0.6...

8.8CVSS5.3AI score0.00603EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Auto Thickbox plugin <= 3.5 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Auto Thickbox versions = 3.5...

6.4CVSS5.9AI score0.00225EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Solidres plugin <= 0.9.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Solidres – Hotel booking plugin versions = 0.9.4...

7.1CVSS8.3AI score0.00285EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress Qi Blocks plugin < 1.4 - Contributor+ Stored XSS vi Countdown Block vulnerability

Contributor+ Stored XSS vi Countdown Block vulnerability discovered by Krugov Artyom in WordPress Plugin Qi Blocks versions 1.4...

5.4CVSS5.9AI score0.00204EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore vulnerability

Missing Authorization to Authenticated Subscriber+ Ticket Restore vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...

4.3CVSS5.9AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress IDonate plugin 2.0.0 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via admin_donor_profile_view Function vulnerability

WordPress IDonate plugin 2.0.0 - 2.1.9 - Missing Authorization to Authenticated Subscriber+ Sensitive Information Disclosure via admindonorprofileview Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.0.0-2.1.9...

6.5CVSS5.9AI score0.0029EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Sermon Manager plugin <= 2.30.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Sermon Manager versions = 2.30.0...

6.4CVSS5.9AI score0.00187EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Premmerce Brands for WooCommerce plugin <= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update vulnerability

Missing Authorization To Authenticated Subscriber+ Brand Permalink Settings Update vulnerability discovered by WordFence in WordPress Plugin Premmerce Brands for WooCommerce versions = 1.2.13...

4.3CVSS5.9AI score0.00238EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress LazyTasks plugin <= 1.2.29 - Missing Authorization to Uanuthenticated Privilege Escalation vulnerability

Missing Authorization to Uanuthenticated Privilege Escalation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin LazyTasks versions = 1.2.29...

9.8CVSS5.9AI score0.00311EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Relevanssi <= 4.24.5 - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights vulnerability

Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights vulnerability discovered by Jack Taylor in WordPress Plugin Relevanssi versions = 4.24.5...

4.7CVSS5.4AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress ElementsKit Elementor Addons and Templates plugin <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Widget vulnerability discovered by Hardik Raval in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.5.2...

6.4CVSS5.3AI score0.00249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.3 views

WordPress BlossomThemes Social Feed plugin <= 2.0.5 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin BlossomThemes Social Feed versions = 2.0.5...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Starter Templates by FancyWP plugin <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Starter Templates by FancyWP versions = 2.0.0...

9.1CVSS5.3AI score0.00397EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Simplebooklet PDF Viewer and Embedder plugin <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Simplebooklet PDF Viewer and Embedder versions = 1.1.2...

6.4CVSS5.3AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.13 views

WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...

4.8CVSS5.9AI score0.00247EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress GoZen Forms plugin <= 1.1.5 - Unauthenticated SQL Injection via emdedSc() vulnerability

Unauthenticated SQL Injection via emdedSc vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin GoZen Forms versions = 1.1.5...

7.5CVSS5.9AI score0.00361EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46618