Lucene search
K
PatchstackRecent

46684 matches found

Patchstack
Patchstack
•added 2025/12/12 12:30 a.m.•7 views

WordPress Magical Posts Display plugin <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Magical Posts Display versions = 1.2.54...

6.4CVSS5.5AI score0.00185EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/12 12:29 a.m.•5 views

WordPress Simple Bike Rental plugin <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Booking Data Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Booking Data Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simple Bike Rental versions = 1.0.6...

5.3CVSS6.7AI score0.00204EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/12 12:24 a.m.•9 views

WordPress Events Manager – Calendar, Bookings, Tickets, and more! plugin <= 7.2.2.2 - Cross-Site Request Forgery to Location Deletion vulnerability

Cross-Site Request Forgery to Location Deletion vulnerability discovered by thinnawarth mathuros in WordPress Plugin Events Manager versions = 7.2.2.2...

4.3CVSS6.7AI score0.00104EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/12 12:23 a.m.•6 views

WordPress Events Manager plugin <= 7.2.2.2 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by thinnawarth mathuros in WordPress Plugin Events Manager versions = 7.2.2.2...

5.3CVSS6.6AI score0.00313EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/12 12:22 a.m.•8 views

WordPress AI Feeds plugin <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aife_post_meta' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'aifepostmeta' Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin AI Feeds versions = 1.0.22...

6.4CVSS5.5AI score0.00192EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/12 12:21 a.m.•10 views

WordPress Secure Copy Content Protection and Content Locking plugin <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File vulnerability

Unauthenticated Sensitive Information Exposure via Exposed CSV Export File vulnerability discovered by Deadbee - NA in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.9.2...

5.3CVSS6.7AI score0.00275EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/12 12:21 a.m.•6 views

WordPress Secure Copy Content Protection and Content Locking plugin <= 4.9.2 - Cross-Site Request Forgery to Data Export vulnerability

Cross-Site Request Forgery to Data Export vulnerability discovered by Deadbee - NA in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.9.2...

4.3CVSS6.7AI score0.00137EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/12 12:20 a.m.•7 views

WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution vulnerability

Missing Authentication to Unauthenticated Action Scheduler Task Execution vulnerability discovered by Adrian Lukita in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.10...

5.3CVSS6.8AI score0.00375EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/12 12:19 a.m.•7 views

WordPress PDF for Contact Form 7 + Drag and Drop Template Builder plugin <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Duplication vulnerability discovered by Legion Hunter in WordPress Plugin PDF for Contact Form 7 versions = 6.3.3...

5.3CVSS6.8AI score0.00204EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/12 12:18 a.m.•6 views

WordPress MailerLite – Signup forms (official) plugin <= 1.7.16 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by NosleeP++ in WordPress Plugin MailerLite versions = 1.7.16...

5.5CVSS5.5AI score0.00327EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/12 12:17 a.m.•7 views

WordPress WP Recipe Maker plugin <= 10.2.2 - Insecure Direct Object Reference to Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Sensitive Information Exposure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Recipe Maker versions = 10.2.2...

4.3CVSS7AI score0.00319EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/12 12:16 a.m.•6 views

WordPress WP Fastest Cache Premium plugin <= 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Blind Server-Side Request Forgery vulnerability

Missing Authorization to Authenticated Subscriber+ Blind Server-Side Request Forgery vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Fastest Cache Premium versions = 1.7.4...

3.5CVSS7AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/12 12:15 a.m.•7 views

WordPress BSK PDF Manager plugin <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by rajanhoyr in WordPress Plugin BSK PDF Manager versions = 3.7.1...

5.5CVSS5.5AI score0.0027EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:59 p.m.•7 views

WordPress Mailgun Subscriptions plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Mailgun Subscriptions versions = 1.3.1...

6.4CVSS5.6AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:57 p.m.•6 views

WordPress Guest Support plugin <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint vulnerability

Unauthenticated User Email Disclosure in guestsupporthandler AJAX Endpoint vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Guest Support versions = 1.2.3...

5.3CVSS6.8AI score0.00294EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:49 p.m.•8 views

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write vulnerability

Missing Authorization to Unauthenticated Limited File Write vulnerability discovered by NumeX in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.7.1...

5.3CVSS6.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:48 p.m.•5 views

WordPress Ultra Addons for Contact Form 7 plugin <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF vulnerability

Missing Authorization to Authenticated Subscriber+ to Generate Form Submission PDF vulnerability discovered by shark3y in WordPress Plugin Ultimate Addons for Contact Form 7 versions = 3.5.33...

4.3CVSS7AI score0.00337EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:46 p.m.•13 views

WordPress Donation plugin <= 1.0 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Yousof Nahya in WordPress Plugin Donation versions = 1.0...

4.1CVSS7.8AI score0.00222EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:40 p.m.•6 views

WordPress Contact Form 7 with ChatWork plugin <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'apitoken' and 'roomid' Settings vulnerability discovered by Yahya Oumani cyb3rnoob in WordPress Plugin Contact Form 7 with ChatWork versions = 1.1.0...

4.4CVSS5.5AI score0.00195EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:35 p.m.•7 views

WordPress Resource Library for Logged In Users plugin <= 1.4 - Cross-Site Request Forgery to Multiple Administrative Actions vulnerability

Cross-Site Request Forgery to Multiple Administrative Actions vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Resource Library for Logged In Users versions = 1.4...

4.3CVSS6.8AI score0.00135EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:33 p.m.•8 views

WordPress WP Dropzone plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'callback' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'callback' Shortcode Attribute vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin WP Dropzone versions = 1.1.1...

6.4CVSS5.5AI score0.00236EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:32 p.m.•6 views

WordPress Wpik WordPress Basic Ajax Form plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Wpik WordPress Basic Ajax Form versions = 1.0...

6.4CVSS5.6AI score0.00195EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:31 p.m.•6 views

WordPress Rabbit Hole plugin <= 1.1 - Cross-Site Request Forgery to Settings Reset vulnerability

Cross-Site Request Forgery to Settings Reset vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Rabbit Hole versions = 1.1...

4.3CVSS6.7AI score0.00124EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:21 p.m.•7 views

WordPress Simple Theme Changer plugin <= 1.0. - Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability

Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Simple Theme Changer versions = 1.0...

4.3CVSS6.8AI score0.00158EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:14 p.m.•6 views

WordPress IMAQ Core plugin <= 1.2.1 - Cross-Site Request Forgery to URL Structure Update vulnerability

Cross-Site Request Forgery to URL Structure Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin IMAQ CORE versions = 1.2.1...

4.3CVSS6.7AI score0.0014EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:14 p.m.•5 views

WordPress Simple Theme Changer plugin <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update vulnerability

Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Simple Theme Changer versions = 1.0...

4.3CVSS6.8AI score0.00102EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:13 p.m.•8 views

WordPress WP Job Portal plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Long Nguyen in WordPress Plugin WP Job Portal versions = 2.4.4...

4.4CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:12 p.m.•8 views

WordPress LS Google Map Router plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Software : LS Google Map Router Type : Plugin Vulnerable versions : = 1.1.0 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-13850 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : b2117d151506...

6.1AI score0.00181EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:11 p.m.•7 views

WordPress LS Google Map Router plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin LS Google Map Router versions = 1.1.0...

6.4CVSS5.5AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:10 p.m.•5 views

WordPress Product Filtering by Categories, Tags, Price Range for WooCommerce plugin <= 1.1.6 - Missing Authorization to Unauthenticated plugin Settings Modification vulnerability

Missing Authorization to Unauthenticated plugin Settings Modification vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Filter Plus versions = 1.1.6...

5.3CVSS6.7AI score0.00239EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:9 p.m.•8 views

WordPress FX Currency Converter plugin <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin FX Currency Converter versions = 0.2.0...

6.4CVSS5.6AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:9 p.m.•7 views

WordPress Divelogs Widget plugin <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Divelogs Widget versions = 1.5...

6.4CVSS5.6AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:4 p.m.•4 views

WordPress GPXpress plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin GPXpress versions = 1.3...

6.4CVSS5.5AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:3 p.m.•8 views

WordPress Truefy Embed plugin <= 1.1.0 - Cross-Site Request Forgery to 'truefy_embed_options_update' Settings Update vulnerability

Cross-Site Request Forgery to 'truefyembedoptionsupdate' Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Truefy Embed versions = 1.1.0...

4.3CVSS6.8AI score0.00124EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 11:2 p.m.•9 views

WordPress NewStatPress plugin <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NewStatPress versions = 1.4.3...

6.4CVSS5.6AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:59 p.m.•6 views

WordPress WPGancio plugin <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin WPGancio versions = 1.12...

6.4CVSS5.6AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:58 p.m.•6 views

WordPress VigLink SpotLight By ShortCode plugin <= 1.0.a - Authenticated (Contributor+) Stored Cross-Site Scripting via 'float' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'float' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin VigLink SpotLight By ShortCode versions = 1.0.a...

6.4CVSS5.6AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:52 p.m.•4 views

WordPress Purchase and Expense Manager plugin <= 1.1.2 - Cross-Site Request Forgery to Arbitrary Purchase Record Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Purchase Record Deletion vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Purchase and Expense Manager versions = 1.1.2...

4.3CVSS6.8AI score0.00124EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:50 p.m.•7 views

WordPress TWW Protein Calculator plugin <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Header' Setting vulnerability discovered by ChamlaVic in WordPress Plugin TWW Protein Calculator versions = 1.0.24...

4.4CVSS5.5AI score0.00195EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:46 p.m.•5 views

WordPress BUKAZU Search widget plugin <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin BUKAZU Search widget versions = 3.3.2...

6.4CVSS5.8AI score0.00236EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:46 p.m.•7 views

WordPress WP Flot plugin <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin WP Flot versions = 0.2.2...

6.4CVSS5.6AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:45 p.m.•7 views

WordPress Zenost Shortcodes plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin Zenost Shortcodes versions = 1.0...

6.4CVSS5.8AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:43 p.m.•5 views

WordPress Simple post listing plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple post listing versions = 0.2...

6.4CVSS5.8AI score0.00152EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:40 p.m.•7 views

WordPress Easy Map Creator plugin <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Easy Map Creator versions = 3.0.2...

6.4CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:38 p.m.•7 views

WordPress Ayo Shortcodes plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Ayo Shortcodes versions = 0.2...

6.4CVSS5.8AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:37 p.m.•6 views

WordPress Kirim.Email WooCommerce Integration plugin <= 1.2.9 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Kirim.Email WooCommerce Integration versions = 1.2.9...

4.3CVSS7AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:13 p.m.•7 views

WordPress DebateMaster plugin <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Color Options via 'debate' Shortcode vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Color Options via 'debate' Shortcode vulnerability discovered by ChamlaVic in WordPress Plugin DebateMaster versions = 1.0.0...

4.4CVSS5.5AI score0.00258EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:11 p.m.•7 views

WordPress Upcoming for Calendly plugin <= 1.2.4 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Upcoming for Calendly versions = 1.2.4...

4.3CVSS6.8AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:11 p.m.•6 views

WordPress URL Media Uploader plugin <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload vulnerability

Missing Authorization to Authenticated Contributor+ Safe File Upload vulnerability discovered by jsonc in WordPress Plugin URL Media Uploader versions = 1.0.1...

4.3CVSS6.7AI score0.00196EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/12/11 10:10 p.m.•7 views

WordPress BMLT WordPress Plugin plugin <= 3.11.4 - Cross-Site Request Forgery to Settings Creation and Deletion vulnerability

Cross-Site Request Forgery to Settings Creation and Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin BMLT WordPress Plugin versions = 3.11.4...

4.3CVSS6.7AI score0.00124EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46684