Lucene search
K
PatchstackRecent

46684 matches found

Patchstack
Patchstack
added 2025/12/19 9:56 p.m.6 views

WordPress Amazon affiliate lite Plugin plugin <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Amazon affiliate lite versions = 1.0.0...

4.4CVSS5.5AI score0.002EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/19 9:53 p.m.9 views

WordPress F70 Lead Document Download plugin <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Media File Download vulnerability

Missing Authorization to Unauthenticated Arbitrary Media File Download vulnerability discovered by ChamlaVic in WordPress Plugin F70 Lead Document Download versions = 1.4.4...

5.3CVSS6.7AI score0.00236EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/19 8:23 a.m.5 views

WordPress Bit Assist plugin <= 1.5.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Bit Assist versions = 1.5.11...

8.8CVSS7AI score0.00228EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/19 7:32 a.m.6 views

WordPress SlimStat Analytics plugin <= 5.3.2 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Slimstat Analytics versions = 5.3.2...

6.1CVSS5.6AI score0.00377EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/19 7:21 a.m.13 views

WordPress HTML5 Audio Player plugin 2.4.0-2.5.1 - Unauthenticated Server-Side Request Forgery vulnerability

Unauthenticated Server-Side Request Forgery vulnerability discovered by kr0d in WordPress Plugin Html5 Audio Player versions 2.4.0-2.5.1...

7.2CVSS6.8AI score0.00186EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/19 7:12 a.m.8 views

WordPress Hummingbird plugin <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File vulnerability

Unauthenticated Sensitive Information Exposure via Log File vulnerability discovered by ISMAILSHADOW in WordPress Plugin Hummingbird versions = 3.18.0...

7.5CVSS6.7AI score0.01986EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/19 3:36 a.m.6 views

WordPress Twitch Player plugin <= 2.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Twitch Player versions = 2.1.3...

9.8CVSS7AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/18 10:20 p.m.7 views

WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.7 - Missing Authorization to Authenticated (Contributor+) Gallery Management vulnerability

Missing Authorization to Authenticated Contributor+ Gallery Management vulnerability discovered by JongHwan Shin zzzsleep in WordPress Plugin Image Photo Gallery Final Tiles Grid versions = 3.6.7...

5.4CVSS6.7AI score0.00251EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/18 10:19 p.m.6 views

WordPress myCred plugin <= 2.9.7.1 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by Rafshanzani Suhada in WordPress Plugin myCred versions = 2.9.7.1...

4.3CVSS6.6AI score0.00208EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/18 10:17 p.m.5 views

WordPress Colibri Page Builder plugin <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Colibri Page Builder versions = 1.0.345...

6.4CVSS5.3AI score0.00275EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/18 10:16 p.m.7 views

WordPress BA Book Everything plugin <= 1.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via babe-search-form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via babe-search-form Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BA Book Everything versions = 1.8.14...

6.4CVSS5.6AI score0.00155EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/18 10:10 p.m.5 views

WordPress Simply Schedule Appointments plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.16...

5.3CVSS6.7AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/18 9:57 p.m.4 views

WordPress Sweet Energy Efficiency plugin <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Graph Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Graph Deletion vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Sweet Energy Efficiency versions = 1.0.6...

4.3CVSS6.8AI score0.00202EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/18 9:44 p.m.8 views

WordPress Prime Slider – Addons for Elementor plugin <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Deadbee - NA in WordPress Plugin Prime Slider – Addons For Elementor versions = 4.0.9...

4.3CVSS6.8AI score0.00279EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/18 9:4 p.m.8 views

WordPress HUSKY – Products Filter Professional for WooCommerce plugin <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr' vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference via 'woofaddsubscr' vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin HUSKY versions = 1.3.7.3...

4.3CVSS6.8AI score0.003EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/18 12:53 p.m.6 views

WordPress Evergreen Post Tweeter plugin <= 1.8.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Skalucy in WordPress Plugin Evergreen Post Tweeter versions = 1.8.9...

8.8CVSS6.1AI score0.00097EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/18 12:50 p.m.7 views

WordPress DesignThemes LMS Addon plugin <= 2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes LMS Addon versions = 2.6...

8.1CVSS7AI score0.00219EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/18 12:45 p.m.5 views

WordPress HomeFix Elementor Portfolio plugin <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin HomeFix Elementor Portfolio versions = 1.0.1...

8.8CVSS7AI score0.00219EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/18 12:15 p.m.6 views

WordPress WeDesignTech Portfolio plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WeDesignTech Portfolio versions = 1.0.2...

8.1CVSS7AI score0.00219EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/18 9:3 a.m.4 views

WordPress WP Adminify plugin <= 4.0.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin WP Adminify versions = 4.0.6.1...

8.8CVSS7AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/18 8:33 a.m.6 views

WordPress WP Adminify plugin <= 4.0.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin WP Adminify versions = 4.0.6.1...

8.8CVSS7AI score0.00201EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/18 8:10 a.m.7 views

WordPress Google Calendar Events plugin <= 3.5.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Doan Dinh Van in WordPress Plugin Google Calendar Events versions = 3.5.9...

8.1CVSS7AI score0.00247EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/18 7:45 a.m.6 views

WordPress Ultimate Member plugin <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'value' vulnerability discovered by tiborisaak in WordPress Plugin Ultimate Member versions = 2.11.0...

6.4CVSS5.5AI score0.00255EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/18 7:29 a.m.4 views

WordPress DirectoryPress plugin <= 3.6.26 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin DirectoryPress versions = 3.6.26...

5.4CVSS5.4AI score0.00233EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/18 7:23 a.m.7 views

WordPress Demo Importer Plus plugin <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Site Reset and Privilege Escalation vulnerability discovered by shark3y in WordPress Plugin Demo Importer Plus versions = 2.0.8...

8.8CVSS6.6AI score0.00302EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/18 6:55 a.m.5 views

WordPress DirectoryPress plugin <= 3.6.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin DirectoryPress versions = 3.6.25...

5.4AI score0.00228EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/17 10:58 p.m.8 views

WordPress OpenID Connect Generic Client plugin <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin OpenID Connect Generic Client versions = 3.10.0...

6.4CVSS5.6AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/17 10:57 p.m.5 views

WordPress NextGEN Gallery plugin <= 3.59.12 - Authenticated (Contributor+) Local File Inclusion via 'template' vulnerability

Authenticated Contributor+ Local File Inclusion via 'template' vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin NextGEN Gallery versions = 3.59.12...

8.8CVSS6.8AI score0.00707EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/17 10:56 p.m.7 views

WordPress Events Manager plugin <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'eventslistgrouped' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Events Manager versions = 7.2.2.1...

6.4CVSS5.6AI score0.00356EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/17 10:54 p.m.5 views

WordPress Embed Any Document plugin <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Embed Any Document versions = 2.7.10...

6.4CVSS5.6AI score0.00242EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/17 10:18 p.m.12 views

WordPress Live Composer – Free WordPress Website Builder plugin <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Page Builder: Live Composer versions = 2.0.2...

6.4CVSS5.3AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/17 10:16 p.m.8 views

WordPress Ultimate Member plugin <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass vulnerability

Authenticated Subscriber+ Profile Privacy Setting Bypass vulnerability discovered by Boris Bogosavac in WordPress Plugin Ultimate Member versions = 2.11.0...

4.3CVSS6.8AI score0.00288EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/17 8:53 p.m.7 views

WordPress My auctions allegro plugin <= 3.6.33 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin My auctions allegro versions = 3.6.33...

8.8CVSS7AI score0.00106EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/17 3:36 p.m.5 views

WordPress WPBakery Visual Composer WHMCS Elements plugin <= 1.0.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin WPBakery Visual Composer WHMCS Elements versions = 1.0.4.3...

6.1CVSS6.1AI score0.00172EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/17 3:17 p.m.5 views

WordPress Simple Keyword to Link plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Simple Keyword to Link versions = 1.5...

8.8CVSS6.9AI score0.00106EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/17 9:59 a.m.5 views

WordPress My auctions allegro plugin <= 3.6.34 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin My auctions allegro versions = 3.6.34...

5.4CVSS5.9AI score0.00172EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/17 9:38 a.m.5 views

WordPress DesignThemes Core plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes Core versions = 1.6...

6.1CVSS6.1AI score0.00166EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/17 9:34 a.m.5 views

WordPress Claspo – Popups, Spin the Wheel & Email Capture plugin <= 1.0.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Claspo – Popups, Spin the Wheel & Email Capture versions = 1.0.7...

7.5CVSS7AI score0.00219EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/17 9:16 a.m.6 views

WordPress DesignThemes Portfolio Addon plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes Portfolio Addon versions = 1.5...

6.1CVSS6.1AI score0.00156EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/17 7:31 a.m.17 views

WordPress HTML Forms – Simple WordPress Forms Plugin plugin <= 1.6.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin HTML Forms versions = 1.6.0...

6.1CVSS5.4AI score0.00215EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/17 7:25 a.m.5 views

WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ModelTheme Addons for WPBakery and Elementor versions 1.5.6...

5.4CVSS6.1AI score0.00139EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/17 7:25 a.m.8 views

WordPress Zephyr Project Manager plugin <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery vulnerability

Authenticated Custom+ Arbitrary File Read And Server-Side Request Forgery vulnerability discovered by type5afe in WordPress Plugin Zephyr Project Manager versions = 3.3.203...

4.9CVSS6.8AI score0.00589EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/17 7:24 a.m.7 views

WordPress Better Messages plugin <= 2.10.2 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin BP Better Messages versions = 2.10.2...

6.1CVSS5.5AI score0.00172EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/17 7:12 a.m.7 views

WordPress WP Social Ninja plugin <= 4.0.1 - Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification vulnerability

Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification vulnerability discovered by shark3y in WordPress Plugin WP Social Ninja versions = 4.0.1...

6.5CVSS6.7AI score0.00217EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/17 5:42 a.m.5 views

WordPress Ninja Forms plugin <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token vulnerability discovered by WordFence in WordPress Plugin Ninja Forms versions = 3.13.2...

7.5CVSS6.7AI score0.00364EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2025/12/17 3:42 a.m.6 views

WordPress Watu Quiz plugin <= 3.4.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Watu Quiz versions = 3.4.5...

8.1CVSS7AI score0.00189EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/17 12:0 a.m.7 views

WordPress Download Plugins and Themes from Dashboard plugin <= 1.9.6 - Cross-Site Request Forgery to Bulk Plugin/Theme Archival vulnerability

Cross-Site Request Forgery to Bulk Plugin/Theme Archival vulnerability discovered by bosz in WordPress Plugin Download Plugins and Themes from Dashboard versions = 1.9.6...

4.3CVSS6.7AI score0.00104EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/16 11:22 p.m.5 views

WordPress Converter for Media plugin <= 6.3.2 - Missing Authorization to Authenticated (Subscriber+) Optimized Image Deletion via regenerate-attachment REST Endpoint vulnerability

Missing Authorization to Authenticated Subscriber+ Optimized Image Deletion via regenerate-attachment REST Endpoint vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Converter for Media versions = 6.3.2...

4.3CVSS6.8AI score0.00234EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/16 11:16 p.m.7 views

WordPress WP Cookie Consent plugin <= 4.0.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by shark3y in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.0.7...

5.3CVSS6.7AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/16 11:4 p.m.5 views

WordPress WP Recipe Maker plugin <= 10.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Abhinav Jaswal wrathexe - Self employed in WordPress Plugin WP Recipe Maker versions = 10.2.3...

6.4CVSS5.6AI score0.00279EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46684