Lucene search
K
PatchstackRecent

46629 matches found

Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Memberlite Shortcodes plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Memberlite Shortcodes versions = 1.4...

6.4CVSS5.9AI score0.00254EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress WP Directorybox Manager plugin <= 2.5 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Foxyyy in WordPress Plugin WP Directorybox Manager versions = 2.5...

9.8CVSS5.3AI score0.00586EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.11 views

WordPress GiveWP plugin <= 3.19.2 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by PetrusViet in WordPress Plugin GiveWP versions = 3.19.2...

9.8CVSS5.5AI score0.01246EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.4 views

WordPress Online Payments - Get Paid with PayPal, Square & Stripe plugin <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Online Payments - Get Paid with PayPal, Square & Stripe plugin = 3.20.0 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Online Payments – Get Paid with PayPal, Square & Stripe versions = 3.20.0...

6.4CVSS5.3AI score0.00376EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress KiotViet Sync plugin <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by kr0d in WordPress Plugin KiotViet Sync versions = 1.8.5...

4.3CVSS5.9AI score0.00168EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes versions = 1.4.9...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Missing Authorization to Unauthenticated Information Exposure vulnerability

Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by Powpy in WordPress Plugin Ultimate Member Widgets for Elementor versions = 2.3...

5.3CVSS5.5AI score0.00208EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Robo Gallery plugin <= 3.2.22 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Robo Gallery versions = 3.2.22...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Xpro Addons For Elementor plugin <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'Site Title' widget vulnerability discovered by Prissy - Developer in WordPress Plugin Xpro Elementor Addons versions = 1.4.7.1...

6.4CVSS5.9AI score0.00289EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Generic Elements plugin <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Generic Elements versions = 1.2.8...

6.4CVSS5.9AI score0.0028EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Ads Pro plugin <= 4.95 - Unauthenticated SQL Injection via site_id vulnerability

Unauthenticated SQL Injection via siteid vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 4.95...

7.5CVSS5.9AI score0.00283EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Webcraftic Clearfy plugin <= 2.3.1 - Cross-Site Request Forgery to Clear Cache vulnerability

Cross-Site Request Forgery to Clear Cache vulnerability discovered by Whit Taylor in WordPress Plugin Clearfy Cache versions = 2.3.1...

5.3CVSS8.3AI score0.00133EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Arielbrailovsky-Viralad plugin <= 1.0.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by siyuan shao in WordPress Plugin ArielBrailovsky-ViralAd versions = 1.0.8...

7.5CVSS5.9AI score0.0042EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress NextGEN Gallery plugin <= 3.59.11 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin NextGEN Gallery versions = 3.59.11...

6.4CVSS5.9AI score0.00225EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress WP Featherlight plugin <= 1.3.4 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin WP Featherlight versions = 1.3.4...

6.4CVSS8.3AI score0.00299EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Link Whisper Free plugin <= 0.8.8 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin Link Whisper Free versions = 0.8.8...

6.1CVSS5.3AI score0.00172EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Outdoor plugin <= 1.3.2 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by John Lee in WordPress Theme Outdoor versions = 1.3.2...

7.5CVSS5.9AI score0.00342EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress WordPress Auction plugin <= 3.7 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WordPress Auction Plugin versions = 3.7...

4.8CVSS5.9AI score0.00311EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Survey & Poll plugin <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WordPress Survey & Poll versions = 1.7.5...

6.4CVSS8.3AI score0.00325EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Pagelayer plugin < 1.8.8 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Jeewan Kumar Bhatta in WordPress Plugin PageLayer versions 1.8.8...

4.8CVSS5.9AI score0.00266EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress NitroPack plugin <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Transient Update vulnerability discovered by Sean Murphy in WordPress Plugin NitroPack versions = 1.17.0...

4.3CVSS5.4AI score0.00271EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Unauthenticated Local File Inclusion via 'shortcode_name' Parameter vulnerability

Unauthenticated Local File Inclusion via 'shortcodename' Parameter vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Extensive VC Addons for WPBakery page builder versions = 1.9.1...

8.1CVSS5.4AI score0.00533EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Beaver Builder Plugin (Starter Version) plugin <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Tom Broucke - Otomaties in WordPress Plugin Beaver Builder Plugin Starter Version versions = 2.9.1...

7.2CVSS5.9AI score0.00531EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress Return Refund and Exchange For WooCommerce plugin <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Refund Request Cancellation vulnerability discovered by Powpy in WordPress Plugin Return Refund and Exchange For WooCommerce versions = 4.5.5...

4.3CVSS5.9AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Inpersttion For Theme plugin <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call vulnerability

Authenticated Contributor+ Arbitrary Function Call vulnerability discovered by Peter Thaleikis in WordPress Plugin Inpersttion For Theme versions = 1.0...

6.3CVSS5.5AI score0.0033EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress CRM Memberships plugin <= 2.5 - Missing Authorization to Unauthenticated 'ntzcrm_add_new_tag' AJAX Action vulnerability

Missing Authorization to Unauthenticated 'ntzcrmaddnewtag' AJAX Action vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CRM Memberships versions = 2.5...

5.3CVSS5.9AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress ContentStudio plugin <= 1.3.7 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Contentstudio versions = 1.3.7...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Webcake plugin <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Webcake versions = 1.1...

4.3CVSS5.9AI score0.00206EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via SQLREPORT Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via SQLREPORT Shortcode vulnerability discovered by Gilang - DJ in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions = 5.25.11...

6.4CVSS5.9AI score0.00198EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin <= 2.4.1 - Reflected Cross-Site Scripting vulnerability

WordPress ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin = 2.4.1 - Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin ClickWhale versions = 2.4.1...

6.1CVSS5.3AI score0.0034EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress ProfileGrid plugin <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection vulnerability

Authenticated Subscriber+ PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ProfileGrid versions = 5.9.4.5...

8.8CVSS7.3AI score0.00561EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Ebook Store plugin < 5.8015 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Ebook Store versions 5.8015...

6.1CVSS5.9AI score0.00207EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Advanced iFrame plugin <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Host Header vulnerability discovered by omstaendlig in WordPress Plugin Advanced iFrame versions = 2024.5...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Course Booking System plugin <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export vulnerability

Missing Authorization to Unauthenticated Booking Data Export vulnerability discovered by Powpy in WordPress Plugin Course Booking System versions = 6.1.5...

5.3CVSS5.9AI score0.00213EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Qubely plugin <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'align' and 'UniqueID' vulnerability discovered by Nishiv - Developer in WordPress Plugin Qubely versions = 1.8.12...

6.5CVSS7.3AI score0.003EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Zigaform plugin <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Zigaform – Price Calculator & Cost Estimation Form Builder Lite versions = 7.4.7...

6.4CVSS5.3AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Hide Categories Or Products On Shop Page plugin <= 1.0.7 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Hide Categories Or Products On Shop Page versions = 1.0.7...

4.3CVSS5.9AI score0.00102EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Paid Membership Plugin plugin < 4.15.20 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin ProfilePress versions 4.15.20...

3.5CVSS5.9AI score0.00296EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress GravityForms plugin 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter vulnerability

WordPress GravityForms plugin 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'stylesettings' parameter vulnerability discovered by mikemyers in WordPress Plugin Gravity Forms versions 2.9.0.1-2.9.1.3...

5.4CVSS5.4AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress WP Abstracts plugin <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin WP Abstracts versions = 2.7.2...

6.1CVSS5.5AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin <= 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

WordPress Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin = 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin PostX versions = 5.0.3...

7.5CVSS5.5AI score0.00277EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress Bold Page Builder plugin <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'data-text' Parameter vulnerability discovered by Webbernaut in WordPress Plugin Bold Page Builder versions = 5.3.5...

6.4CVSS5.9AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.4 views

WordPress WP Enabled SVG plugin <= 0.2 - Author+ Stored XSS via SVG vulnerability

Author+ Stored XSS via SVG vulnerability discovered by Pierre Rudloff in WordPress Plugin WP Enabled SVG versions = 0.2...

4.8CVSS5.4AI score0.00401EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Binary MLM Woocommerce plugin <= 2.0 - Reflected Cross-Site Scripting via 'page' vulnerability

Reflected Cross-Site Scripting via 'page' vulnerability discovered by vgo0 in WordPress Plugin Binary MLM Woocommerce versions = 2.0...

6.1CVSS5.4AI score0.00327EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.4 views

WordPress B Slider- Gutenberg Slider Block for WP plugin <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation vulnerability

Authenticated Subscriber+ Missing Authorization to Arbitrary Plugin Installation vulnerability discovered by wesley wcraft in WordPress Plugin B Slider versions = 1.1.30...

8.8CVSS5.5AI score0.00548EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Sertifier Certificate & Badge Maker plugin <= 1.19 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Sertifier Certificate & Badge Maker versions = 1.19...

4.3CVSS5.9AI score0.00103EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress WP Google Map plugin < 1.9.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP Google Map versions 1.9.4...

4.3CVSS5.9AI score0.00299EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress WP jQuery DataTable plugin <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP jQuery DataTable versions = 4.0.1...

6.4CVSS5.4AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress SKU Generator for WooCommerce plugin <= 1.6.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin SKU Generator for WooCommerce versions = 1.6.2...

6.1CVSS5.4AI score0.00316EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Zoho Flow plugin <= 2.14.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by wesley wcraft in WordPress Plugin Zoho Flow versions = 2.14.1...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46629