Lucene search
K
PatchstackRecent

46681 matches found

Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Starter Templates by FancyWP plugin <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Starter Templates by FancyWP versions = 2.0.0...

9.1CVSS5.3AI score0.00397EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress CBX Map for Google Map & OpenStreetMap plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin CBX Map for Google Map & OpenStreetMap versions = 2.0.1...

6.4CVSS5.9AI score0.00216EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress OceanWP theme <= 3.6.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Theme OceanWP versions = 3.6.0...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress WP Ghost plugin <= 5.4.01 - Unauthenticated Limited File Read vulnerability

Unauthenticated Limited File Read vulnerability discovered by mikemyers in WordPress Plugin Hide My WP Ghost versions = 5.4.01...

7.5CVSS5.9AI score0.00529EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Total Contest Lite plugin < 2.9.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin TotalContest Lite versions 2.9.0...

6.1CVSS8.3AI score0.00315EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Easy Image Gallery plugin <= 1.5.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Easy Image Gallery versions = 1.5.2...

6.4CVSS5.9AI score0.00274EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Norby AI plugin <= 1.0.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Norby AI versions = 1.0.3...

4.3CVSS5.9AI score0.00124EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Ocean Extra plugin <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'oceangalleryid' vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ocean Extra versions = 2.4.6...

6.4CVSS5.9AI score0.00238EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress XCloner plugin <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save() vulnerability

Cross-Site Request Forgery in XclonerRemoteStorage:save vulnerability discovered by Rafshanzani Suhada in WordPress Plugin XCloner versions = 4.8.2...

4.3CVSS5.9AI score0.00102EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Jetpack Boost plugin < 3.4.7 - Admin+ SSRF vulnerability

Admin+ SSRF vulnerability discovered by Miguel Xavier Penha Neto in WordPress Plugin Jetpack Boost versions 3.4.7...

9.1CVSS5.9AI score0.00468EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.4...

7.2CVSS5.5AI score0.00194EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress tagDiv Composer plugin <= 5.3 - Reflected Cross-Site Scripting via 'data' vulnerability

Reflected Cross-Site Scripting via 'data' vulnerability discovered by Truoc Phan - Techlab Corporation in WordPress Plugin tagDiv Composer versions = 5.3...

6.1CVSS5.4AI score0.00266EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Unlimited Elements For Elementor plugin <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.135...

6.4CVSS8.3AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Responsive Thumbnail Slider plugin < 1.0.1 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Arash Khazaei in WordPress Plugin Thumbnail carousel slider versions 1.0.1...

8.8CVSS5.5AI score0.02104EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress Simple Map No Api plugin <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by zaim in WordPress Plugin Simple Map No Api versions = 1.9...

6.4CVSS5.4AI score0.00278EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress Ninja Forms plugin < 3.10.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Ninja Forms versions 3.10.1...

4.8CVSS5.9AI score0.00214EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress WP Front-end login and register plugin <= 2.1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Yamil in WordPress Plugin WP Front-end login and register versions = 2.1.0...

6.1CVSS5.5AI score0.00207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Qyrr plugin <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by CVEhunter in WordPress Plugin Qyrr versions = 2.0.7...

6.4CVSS5.3AI score0.00361EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Spexo Addons for Elementor plugin <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by zer0gh0st in WordPress Plugin Sastra Essential Addons for Elementor versions = 1.0.23...

6.4CVSS5.9AI score0.00222EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Jobify theme <= 4.2.7 - Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary Image Upload, and Image Generation vulnerability

Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary Image Upload, and Image Generation vulnerability discovered by Lucio Sá in WordPress Theme Jobify versions = 4.2.7...

6.5CVSS5.4AI score0.00314EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.4 views

WordPress Motors - Car Dealer, Classifieds & Listing plugin <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation vulnerability

WordPress Motors - Car Dealer, Classifieds & Listing plugin = 1.4.57 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion and Listing Template Creation vulnerability discovered by Thanh Nam Tran in WordPress Plugin Motors versions = 1.4.57...

4.3CVSS8.4AI score0.00288EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress Golo theme <= 1.7.0 - Authentication Bypass to Account Takeover vulnerability

Authentication Bypass to Account Takeover vulnerability discovered by Foxyyy in WordPress Theme Golo versions = 1.7.0...

9.8CVSS5.5AI score0.00434EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts vulnerability

Authenticated Admin+ PHP Object Injection via wpaicgexportprompts vulnerability discovered by Tran Anh Duc in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...

7.2CVSS7.3AI score0.00642EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Ninja Forms plugin < 3.10.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ninja Forms versions 3.10.1...

4.8CVSS5.9AI score0.00214EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress WP Maps plugin < 4.7.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Maps versions 4.7.2...

4.8CVSS5.9AI score0.00219EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress BM Content Builder plugin <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_page_options_save vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting via uxcbpageoptionssave vulnerability discovered by István Márton - Wordfence in WordPress Plugin BM Content Builder versions = 3.16.2.1...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress RomethemeKit For Elementor plugin <= 1.5.2 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Elementor Templates vulnerability discovered by Ankit Patel in WordPress Plugin RTMKit versions = 1.5.2...

4.3CVSS5.3AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress VK All in One Expansion Unit plugin <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin VK All in One Expansion Unit versions = 9.112.1...

6.4CVSS5.9AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Takeads plugin <= 1.0.13 - Missing Authorization to Plugin Settings Deletion vulnerability

Missing Authorization to Plugin Settings Deletion vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Takeads versions = 1.0.13...

4.3CVSS5.9AI score0.00177EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Eyewear prescription form plugin <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Category Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary WooCommerce Category Deletion vulnerability discovered by WordFence in WordPress Plugin Eyewear prescription form versions = 6.0.1...

5.3CVSS5.9AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Feedback Modal for Website plugin <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'export_data' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'exportdata' Parameter vulnerability discovered by Legion Hunter in WordPress Plugin Feedback Modal for Website versions = 1.0.1...

5.3CVSS5.9AI score0.00257EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress SSP Debug plugin <= 1.0.0 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin SSP Debug versions = 1.0.0...

5.3CVSS5.9AI score0.00247EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Cookie Notice & Compliance for GDPR / CCPA versions = 2.5.8...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Music Sheet Viewer plugin <= 4.1 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Peter Thaleikis in WordPress Plugin Music Sheet Viewer versions = 4.1...

7.5CVSS5.5AI score0.0052EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Kona Gallery Block plugin <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Nishiv - Developer in WordPress Plugin Kona Gallery Block versions = 1.7...

6.4CVSS5.3AI score0.00212EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Team Rosters plugin <= 4.7 - Reflected Cross-Site Scripting via 'tab' vulnerability

Reflected Cross-Site Scripting via 'tab' vulnerability discovered by vgo0 in WordPress Plugin Team Rosters versions = 4.7...

6.1CVSS5.4AI score0.00317EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Crelly Slider plugin < 1.4.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Crelly Slider versions 1.4.7...

3.8CVSS5.9AI score0.00331EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress 3DPrint Lite plugin <= 2.1.3.6 - Authenticated (Admin+) SQL Injection via 'coating_text' vulnerability

Authenticated Admin+ SQL Injection via 'coatingtext' vulnerability discovered by WordFence in WordPress Plugin 3DPrint Lite versions = 2.1.3.6...

4.9CVSS5.9AI score0.00359EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Booking Calendar plugin <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via bookingcalendar Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Booking Calendar versions = 10.14.6...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.11 views

WordPress Simple User Registration plugin <= 6.3 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Chuck - None in WordPress Plugin Simple User Registration versions = 6.3...

9.8CVSS5.9AI score0.02055EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress Service Finder Bookings plugin < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover vulnerability

Authenticated Subscriber+ Privilege Escalation via Account Takeover vulnerability discovered by Thái An in WordPress Plugin Service Finder Booking versions 6.1...

8.8CVSS5.9AI score0.00277EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bbp_topic_title' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'bbptopictitle' vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...

6.4CVSS5.3AI score0.00218EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Dynamic AJAX Product Filters for WooCommerce plugin <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via className Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Dynamic AJAX Product Filters for WooCommerce versions = 1.3.7...

6.4CVSS5.9AI score0.00223EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.4 views

WordPress Email Subscribers plugin < 5.7.45 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Subscribers & Newsletters versions 5.7.45...

4.8CVSS5.9AI score0.00292EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Binary MLM Plan plugin <= 3.0 - Unauthenticated Limited Privilege Escalation vulnerability

Unauthenticated Limited Privilege Escalation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Binary MLM Plan versions = 3.0...

6.5CVSS5.3AI score0.0031EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Accessiy By CodeConfig Accessibility plugin <= 1.0.2 - Authenticated (Subscriber+) Missing Authorization to Modify Accessibility Settings vulnerability

Authenticated Subscriber+ Missing Authorization to Modify Accessibility Settings vulnerability discovered by Peerapat Samatathanyakorn - Thai Team CVE in WordPress Plugin CodeConfig Accessibility versions = 1.0.2...

4.3CVSS5.9AI score0.00218EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Ultimate Dashboard plugin < 3.8.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Ultimate Dashboard versions 3.8.6...

3.5CVSS5.9AI score0.00219EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Twitter Bootstrap Collapse aka Accordian Shortcode plugin <= 1.0 - Stored XSS via Shortcode vulnerability

Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Twitter Bootstrap Collapse aka Accordian Shortcode versions = 1.0...

5.4CVSS5.9AI score0.00258EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.3 views

WordPress School Management System plugin <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload vulnerability

Authenticated Student+ Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin School Management versions = 93.2.0...

8.8CVSS5.5AI score0.00519EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Likes and Dislikes Plugin plugin <= 1.0.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Likes and Dislikes versions = 1.0.0...

7.5CVSS5.9AI score0.00476EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities46681