Lucene search
K
PatchstackRecent

46681 matches found

Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•4 views

WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin Featured Image from URL versions = 5.2.7...

4.9CVSS5.9AI score0.00306EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•6 views

WordPress Ketchup Shortcodes plugin <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Ketchup Shortcodes versions = 0.1.2...

6.4CVSS5.4AI score0.00236EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•6 views

WordPress EKC Tournament Manager plugin < 2.2.2 - Delete Tournaments via CSRF vulnerability

Delete Tournaments via CSRF vulnerability discovered by Vuln Seeker Cybersecurity Team in WordPress Plugin EKC Tournament Manager versions 2.2.2...

5.4CVSS5.9AI score0.00156EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•6 views

WordPress Redirection for Contact Form 7 plugin <= 3.2.7 - Unauthenticated Arbitrary File Copy via move_file_to_upload vulnerability

Unauthenticated Arbitrary File Copy via movefiletoupload vulnerability discovered by LionTree in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.7...

8.1CVSS5.9AI score0.00339EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•7 views

WordPress WP Customer Area plugin < 8.2.5 - Bulk Delete via CSRF vulnerability

Bulk Delete via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Customer Area versions 8.2.5...

4.3CVSS5.9AI score0.00212EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•5 views

WordPress Essential WP Real Estate plugin <= 1.1.3 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Essential WP Real Estate versions = 1.1.3...

6.8CVSS5.4AI score0.0055EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•7 views

WordPress Front End Users plugin <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via forgot-password Shortcode vulnerability discovered by zaim in WordPress Plugin Front End Users versions = 3.2.30...

6.4CVSS5.4AI score0.00284EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•10 views

WordPress Cool Tag Cloud plugin <= 2.29 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Cool Tag Cloud versions = 2.29...

8.1CVSS5.4AI score0.00295EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•7 views

WordPress Magic Buttons for Elementor plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via magic-button Shortcode vulnerability discovered by Gilang - DJ in WordPress Plugin Magic Buttons for Elementor versions = 1.0...

6.4CVSS5.9AI score0.00198EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•7 views

WordPress WPGYM plugin < 67.8.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WPGYM versions 67.8.0...

7.5CVSS5.9AI score0.00327EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•7 views

WordPress WP Database Backup plugin < 5.2 - Unauthenticated OS Command Injection vulnerability

Unauthenticated OS Command Injection vulnerability discovered by WordFence in WordPress Plugin WP Database Backup versions 5.2...

9.8CVSS5.6AI score0.16682EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•10 views

WordPress Eventin plugin <= 4.0.26 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by mikemyers in WordPress Plugin Eventin versions = 4.0.26...

7.5CVSS5.5AI score0.00588EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•9 views

WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...

4.8CVSS5.9AI score0.00247EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•7 views

WordPress Digihood HTML Sitemap plugin <= 3.1.1 - Reflected Cross-Site Scripting via 'channel' vulnerability

Reflected Cross-Site Scripting via 'channel' vulnerability discovered by vgo0 in WordPress Plugin Digihood HTML Sitemap versions = 3.1.1...

6.1CVSS5.4AI score0.00411EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•3 views

WordPress Profiler - What Slowing Down Your WP plugin <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration vulnerability

WordPress Profiler - What Slowing Down Your WP plugin = 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration vulnerability discovered by ch4r0n - FPT Software in WordPress Plugin Profiler - What Slowing Down Your WP versions = 1.0.0...

5.3CVSS5.5AI score0.00226EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•7 views

WordPress GDPR Cookie Compliance plugin < 4.15.9 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.9...

3.5CVSS5.9AI score0.00247EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•9 views

WordPress GDPR Cookie Compliance plugin <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin GDPR Cookie Compliance versions = 4.15.6...

4.8CVSS5.4AI score0.004EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•5 views

WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Wishlist Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Premmerce Wishlist for WooCommerce versions = 1.1.10...

5.3CVSS5.9AI score0.00286EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•6 views

WordPress Service Finder Bookings plugin <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password vulnerability

Authenticated Subscriber+ Privilege Escalation via changecandidatepassword vulnerability discovered by Foxyyy in WordPress Plugin Service Finder Booking versions = 6.0...

8.8CVSS5.9AI score0.00342EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•6 views

WordPress RESTful Content Syndication plugin 1.1.0 - 1.5.0 - Authenticated (Author+) Arbitrary File Upload vulnerability

WordPress RESTful Content Syndication plugin 1.1.0 - 1.5.0 - Authenticated Author+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin RESTful Content Syndication versions 1.1.0-1.5.0...

8.8CVSS5.3AI score0.00493EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•8 views

WordPress g-FFL Cockpit plugin <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure vulnerability

Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by Ryan Kozak in WordPress Plugin g-FFL Cockpit versions = 1.7.1...

5.3CVSS5.9AI score0.00239EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•10 views

WordPress Elementor plugin <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Tonn in WordPress Plugin Elementor Website Builder versions = 3.29.0...

6.4CVSS5.4AI score0.00165EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•5 views

WordPress Divi theme <= 4.27.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Theme Divi versions = 4.27.1...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•7 views

WordPress ProfileGrid plugin <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management vulnerability

Missing Authorinzation to Authenticated Subscriber+ Join Group Requests Management vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ProfileGrid versions = 5.9.4.4...

4.3CVSS5.9AI score0.00276EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•5 views

WordPress Essential Addons for Elementor plugin <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Event Calendar Widget vulnerability discovered by zer0gh0st in WordPress Plugin Essential Addons for Elementor versions = 6.1.12...

6.4CVSS5.9AI score0.00176EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•5 views

WordPress Unilevel MLM Plan plugin <= 1.1.0 - Reflected Cross-Site Scripting via 'page' vulnerability

Reflected Cross-Site Scripting via 'page' vulnerability discovered by vgo0 in WordPress Plugin Unilevel MLM Plan versions = 1.1.0...

6.1CVSS5.4AI score0.00347EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•5 views

WordPress Maps for WP plugin <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Maps for WP versions = 1.2.4...

6.4CVSS5.4AI score0.00278EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•10 views

WordPress Form Builder CP plugin <= 1.2.41 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Form Builder CP versions = 1.2.41...

6.5CVSS6AI score0.00434EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•8 views

WordPress WP - Bulk SMS - by SMS.to plugin <= 1.0.12 - Reflected Cross-Site Scripting vulnerability

WordPress WP - Bulk SMS - by SMS.to plugin = 1.0.12 - Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin WP – Bulk SMS versions = 1.0.12...

6.1CVSS5.4AI score0.00341EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•16 views

WordPress WordPress Simple PayPal Shopping Cart plugin <= 5.1.3 - Insecure Direct Object Reference via 'quantity' vulnerability

Insecure Direct Object Reference via 'quantity' vulnerability discovered by Jack Taylor in WordPress Plugin Simple Shopping Cart versions = 5.1.3...

5.3CVSS5.9AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•8 views

WordPress WordPress Auction plugin <= 3.7 - Editor+ SQL Injection vulnerability

Editor+ SQL Injection vulnerability discovered by Thanh Kieu in WordPress Plugin WordPress Auction Plugin versions = 3.7...

9.8CVSS6AI score0.00606EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•16 views

WordPress Premium Age Verification / Restriction for WordPress plugin <= 3.0.2 - Unauthenticated Arbitrary File Read and Write via remote_tunnel.php vulnerability

Unauthenticated Arbitrary File Read and Write via remotetunnel.php vulnerability discovered by ch4r0n - FPT Software in WordPress Plugin Premium Age Verification / Restriction for WordPress versions = 3.0.2...

9.8CVSS5.4AI score0.0055EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•6 views

WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bp_nouveau_ajax_media_save' function vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'bpnouveauajaxmediasave' function vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...

6.4CVSS5.3AI score0.00218EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•6 views

WordPress Beaver Builder Plugin (Starter Version) plugin <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Tom Broucke - Otomaties in WordPress Plugin Beaver Builder Plugin Starter Version versions = 2.9.1...

7.2CVSS5.9AI score0.00531EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•4 views

WordPress Raptive Ads plugin <= 3.6.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Parasimpaticki in WordPress Plugin Raptive Ads versions = 3.6.3...

6.1CVSS5.4AI score0.00334EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•7 views

WordPress Link Whisper Free plugin <= 0.8.8 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin Link Whisper Free versions = 0.8.8...

6.1CVSS5.3AI score0.00172EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•6 views

WordPress Top Comments plugin <= 1.0 - Admin+ Stored Cross-Site Scripting vulnerability

Admin+ Stored Cross-Site Scripting vulnerability discovered by Steven Pereira aka Cursed, Anjali Kumari aka HexJello & Muktanand Kale aka Muktimantras in WordPress Plugin Top Comments versions = 1.0...

4.8CVSS5.9AI score0.00271EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•4 views

WordPress BlossomThemes Social Feed plugin <= 2.0.5 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin BlossomThemes Social Feed versions = 2.0.5...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•7 views

WordPress LA-Studio Element Kit for Elementor plugin <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Table of Contents Widget vulnerability discovered by Webbernaut in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.4.9...

6.4CVSS5.9AI score0.00343EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•9 views

WordPress Bold Page Builder plugin <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'data-text' Parameter vulnerability discovered by Webbernaut in WordPress Plugin Bold Page Builder versions = 5.3.5...

6.4CVSS5.9AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•8 views

WordPress MelaPress Login Security Premium plugin 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin MelaPress Login Security Premium versions 2.1.0...

8.2CVSS5.9AI score0.0033EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•6 views

WordPress Essential Addons for Elementor plugin <= 6.0.4 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 6.0.4...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•12 views

WordPress Pure WC Variation Swatches plugin <= 1.1.7 - Unauthenticated Settings Update vulnerability

Unauthenticated Settings Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Pure WC Variation Swatches versions = 1.1.7...

5.3CVSS6.7AI score0.00175EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•6 views

WordPress Arielbrailovsky-Viralad plugin <= 1.0.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by siyuan shao in WordPress Plugin ArielBrailovsky-ViralAd versions = 1.0.8...

7.5CVSS5.9AI score0.0042EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•5 views

WordPress Activity Plus Reloaded for BuddyPress plugin <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Activity Plus Reloaded for BuddyPress versions = 1.1.1...

5.4CVSS5.3AI score0.00231EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•7 views

WordPress WP Church Donation plugin <= 1.7 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin WP Church Donation versions = 1.7...

7.2CVSS5.4AI score0.00336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/31 12:0 a.m.•6 views

WordPress Premium Addons for Elementor plugin <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content' vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure via 'gettemplatecontent' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Premium Addons for Elementor versions = 4.11.53...

5.3CVSS5.5AI score0.00715EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/30 11:14 p.m.•6 views

WordPress Easy Digital Downloads plugin <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect vulnerability

Unvalidated Redirect in Password Reset Flow via eddredirect vulnerability discovered by shark3y in WordPress Plugin Easy Digital Downloads versions = 3.6.2...

4.3CVSS6.7AI score0.0031EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2025/12/30 10:53 p.m.•7 views

WordPress WP-CalDav2ICS plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin WP-CalDav2ICS versions = 1.3.4...

7.1CVSS6.7AI score0.00093EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2025/12/30 10:33 p.m.•9 views

WordPress MAS Videos plugin <= 1.3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin MAS Videos versions = 1.3.4...

7.5CVSS5.4AI score0.00331EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46681