Lucene search
K
PatchstackRecent

46578 matches found

Patchstack
Patchstack
added 2026/06/12 8:8 p.m.32 views

NPM: esbuild allows arbitrary file read when running the development server on Windows

NPM: esbuild allows arbitrary file read when running the development server on Windows vulnerability discovered by ? in WordPress Npm esbuild versions = 0.27.3, 0.28.1...

6AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/12 7:54 p.m.6 views

WordPress Meow Gallery plugin <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation vulnerability

Missing Authorization to Authenticated Author+ Shortcode creation vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin Meow Gallery versions = 5.4.4...

4.3CVSS5.2AI score0.00214EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/12 7:20 p.m.8 views

WordPress Page Builder: Pagelayer – Drag and Drop website builder plugin <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration vulnerability

Incorrect Authorization to Authenticated Contributor+ Mail Relay Configuration vulnerability discovered by Drew Webber mcdruid in WordPress Plugin PageLayer versions = 2.0.9...

4.3CVSS5.2AI score0.00204EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/12 7:6 p.m.5 views

WordPress Page Builder: Pagelayer – Drag and Drop website builder plugin <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin PageLayer versions = 2.0.9...

6.4CVSS5.2AI score0.00155EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/12 7:4 p.m.5 views

WordPress Canvas plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Theme Canvas versions = 2.5.2...

6.4CVSS5.2AI score0.00199EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/12 6:3 p.m.6 views

WordPress Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel plugin <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin FooGallery versions = 3.1.31...

6.4CVSS5.2AI score0.00203EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/12 3:8 p.m.4 views

NPM: Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step

NPM: Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step vulnerability discovered by ? in WordPress Npm budibase versions 3.39.0...

5.1CVSS5.8AI score0.00329EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/12 2:6 p.m.5 views

WordPress LWS Optimize – All-in-One Speed Booster & Cache Tools plugin <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read vulnerability

Authenticated Editor+ Arbitrary File Read vulnerability discovered by Omar Elshopky in WordPress Plugin LWS Optimize versions = 3.3.19...

4.9CVSS5.2AI score0.00336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/12 12:3 p.m.6 views

WordPress Kastell theme <= 2.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Kastell versions = 2.0...

8.1CVSS5.3AI score0.00428EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/12 12:2 p.m.6 views

WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability

Path Traversal vulnerability discovered by R2D2 in WordPress Plugin FastDup versions = 2.7.2...

9.6CVSS5.3AI score0.0034EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/12 11:53 a.m.6 views

WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin JetEngine versions = 3.8.10...

9.8CVSS5.5AI score0.00466EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/12 11:37 a.m.6 views

WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Nifty versions = 1.4.1...

9.8CVSS5.4AI score0.00556EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/12 11:32 a.m.7 views

WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Bonds in WordPress Plugin WordPress & WooCommerce Scraper Plugin, Import Data from Any Site versions = 1.0.7...

7.5CVSS5.3AI score0.00467EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/12 11:21 a.m.9 views

WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Plugin WordPress & WooCommerce Scraper Plugin, Import Data from Any Site versions = 1.0.7...

10CVSS5.3AI score0.00432EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/12 11:14 a.m.9 views

WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Phat RiO in WordPress Plugin BookPro versions = 1.1.0...

8.6CVSS5.3AI score0.0054EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/12 8:39 a.m.5 views

WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin SEO Redirection versions = 9.17...

7.1CVSS5.2AI score0.00145EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/12 8:31 a.m.9 views

WordPress Fediverse Embeds plugin <= 1.5.7 - Unauthenticated SSRF vulnerability

Unauthenticated SSRF vulnerability discovered by 0xBassia in WordPress Plugin Fediverse Embeds versions = 1.5.7...

7.5CVSS5.2AI score0.00234EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/12 3:34 a.m.8 views

WordPress Fediverse Embeds plugin <= 1.5.7 - Unauthenticated SSRF vulnerability

Unauthenticated SSRF vulnerability discovered by 0xBassia in WordPress Plugin Fediverse Embeds versions = 1.5.7...

5.3CVSS5.4AI score0.00229EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 1:27 p.m.3 views

NPM: joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas

NPM: joi has an uncaught RangeError on deeply nested input through recursive link schemas vulnerability discovered by ? in WordPress Npm joi versions 17.13.4...

5.8AI score0.00039EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/11 1:18 p.m.10 views

WordPress Speed Optimizer plugin < 7.7.9 - Unauthenticated Stored XSS via Minify Library vulnerability

Unauthenticated Stored XSS via Minify Library vulnerability discovered by Matthew Rollings in WordPress Plugin Speed Optimizer versions 7.7.9...

8.8CVSS5.4AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 1:17 p.m.10 views

WordPress Clearfy Cache plugin < 2.4.2 - Unauthenticated Stored XSS via Minify Library vulnerability

Unauthenticated Stored XSS via Minify Library vulnerability discovered by Matthew Rollings in WordPress Plugin Clearfy Cache versions 2.4.2...

8.8CVSS5.4AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 1:17 p.m.8 views

WordPress Autoptimize plugin < 3.1.15 - Unauthenticated Stored XSS via Minify Library vulnerability

Unauthenticated Stored XSS via Minify Library vulnerability discovered by Matthew Rollings in WordPress Plugin Autoptimize versions 3.1.15...

8.8CVSS5.4AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 1:10 p.m.6 views

WordPress Email Encoder plugin < 2.4.7 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Email Encoder Bundle versions 2.4.7...

6.1CVSS5.4AI score0.00213EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 1:4 p.m.6 views

WordPress EventPress theme < 22.2 – Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by ? in WordPress Theme EventPress versions 22.2...

7.1CVSS5.4AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 12:59 p.m.7 views

WordPress WP Maps plugin < 4.9.3 - Subscriber+ Local File Inclusion vulnerability

Subscriber+ Local File Inclusion vulnerability discovered by Mustafa Ahmed in WordPress Plugin WP Maps versions 4.9.3...

7.5CVSS5.4AI score0.00383EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 12:57 p.m.8 views

WordPress Ajax Load More plugin < 7.8.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Ajax Load More versions 7.8.4...

7.1CVSS5.4AI score0.00184EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 12:51 p.m.6 views

WordPress Decent Comments plugin < 3.0.2 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Vaibhav Narkhede in WordPress Plugin Decent Comments versions 3.0.2...

5.8CVSS5.4AI score0.00271EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 12:49 p.m.6 views

WordPress Presto Player plugin <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Presto Player versions = 4.2.0...

6.4CVSS5.4AI score0.00239EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 12:33 p.m.7 views

WordPress Restaurant Cafeteria theme <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability

Subscriber+ Arbitrary Plugin Installation/Activation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Restaurant Cafeteria versions = 0.4.6...

5.4CVSS5.4AI score0.0022EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 12:21 p.m.7 views

WordPress Fortis For WooCommerce plugin < 1.3.1 - Sensitive API Key Disclosure vulnerability

Sensitive API Key Disclosure vulnerability discovered by WPScan Team in WordPress Plugin Fortis for WooCommerce versions 1.3.1...

7.5CVSS5.4AI score0.00404EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 12:9 p.m.11 views

WordPress Powerpack for LearnDash plugin < 1.3.0 - Unauthenticated Arbitrary Option Update vulnerability

Unauthenticated Arbitrary Option Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin PowerPack for LearnDash versions 1.3.0...

9.8CVSS7.8AI score0.00303EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 12:6 p.m.11 views

WordPress Magic Export & Import plugin < 1.2.0 - Unauthenticated PII Disclosure vulnerability

Unauthenticated PII Disclosure vulnerability discovered by Hoang Phuong in WordPress Plugin Magic Export & Import versions 1.2.0...

5.3CVSS5.5AI score0.0027EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 12:6 p.m.8 views

WordPress WP Photo Album Plus plugin < 9.1.11.001 - Unauthenticated SQL Injection via 'wppa-supersearch' Parameter vulnerability

Unauthenticated SQL Injection via 'wppa-supersearch' Parameter vulnerability discovered by Daniel Púa - devploit in WordPress Plugin WP Photo Album Plus versions 9.1.11.001...

8.6CVSS5.7AI score0.00328EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 12:4 p.m.10 views

WordPress Login with Salesforce plugin <= 1.0.2 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Login with Salesforce versions = 1.0.2...

9.1CVSS5.4AI score0.0024EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 11:48 a.m.8 views

WordPress WP eCommerce plugin <= 3.15.1 - Coupon Deletion via CSRF vulnerability

Coupon Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eCommerce versions = 3.15.1...

4.3CVSS5.4AI score0.00098EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 11:48 a.m.9 views

WordPress Feeds for YouTube plugin < 2.6.4 - Subscriber+ License Data Deletion vulnerability

Subscriber+ License Data Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Feeds for YouTube versions 2.6.4...

5.4CVSS5.4AI score0.00231EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 11:24 a.m.9 views

WordPress Lazy Blocks plugin < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML vulnerability

Admin+ Stored XSS via Custom Block Frontend HTML vulnerability discovered by Luca Jungnickel in WordPress Plugin Lazy Blocks versions 4.3.0...

3.5CVSS5.4AI score0.00138EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 9:0 a.m.11 views

WordPress Schema & Structured Data for WP & AMP plugin < 1.60 - Unauthenticated Arbitrary Media Upload vulnerability

Unauthenticated Arbitrary Media Upload vulnerability discovered by 0xBassia in WordPress Plugin Schema & Structured Data for WP & AMP versions 1.60...

9.1CVSS5.4AI score0.00426EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 8:30 a.m.9 views

WordPress Spam protection, Honeypot, Anti-Spam by CleanTalk plugin < 6.79 - Unauthenticated Stored XSS via Comment Shortcode Bypass vulnerability

Unauthenticated Stored XSS via Comment Shortcode Bypass vulnerability discovered by Matthew Rollings in WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk versions 6.79...

8.8CVSS5.4AI score0.00296EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 8:25 a.m.9 views

WordPress Open User Map PRO plugin <= 1.4.31 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Hunter Jensen skid in WordPress Plugin Open User Map PRO versions = 1.4.31...

4.7CVSS5.4AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 8:12 a.m.11 views

WordPress XStore theme < 9.7.3 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Ahmed Makawi in WordPress Theme XStore versions 9.7.3...

8.6CVSS5.4AI score0.00282EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 4:37 a.m.7 views

WordPress Agile Store Locator plugin < 1.6.6 - Admin+ Stored XSS via map_style vulnerability

Admin+ Stored XSS via mapstyle vulnerability discovered by Luca Jungnickel in WordPress Plugin Store Locator WordPress versions 1.6.6...

3.5CVSS5.4AI score0.00138EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/10 7:33 p.m.3 views

NPM: Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload

NPM: Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload vulnerability discovered by ? in WordPress Npm baileys versions 6.7.22...

5.8AI score0.00018EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/10 5:34 p.m.8 views

WordPress UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc vulnerability

Unauthenticated Authentication Bypass via UpdraftCentral udrpc vulnerability discovered by vtim in WordPress Plugin UpdraftPlus versions = 1.26.4...

8.1CVSS5.5AI score0.03578EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2026/06/10 2:37 p.m.8 views

WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP Migrate Lite versions = 2.7.8...

4.7CVSS5.3AI score0.00116EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/10 9:40 a.m.4 views

WordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin VikRentCar versions = 1.4.5...

7.5CVSS5.3AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/10 9:35 a.m.5 views

WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin WCMultiShipping versions = 3.0.2...

8.5CVSS5.9AI score0.00339EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/10 9:22 a.m.7 views

WordPress PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget plugin <= 4.2.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget versions = 4.2.3...

7.4CVSS5.3AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/10 9:14 a.m.6 views

WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Austin Ginder in WordPress Plugin JetBlog versions = 2.4.8...

7.5CVSS5.3AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/10 9:7 a.m.6 views

WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by VanTastic in WordPress Plugin Taskbuilder versions = 5.0.7...

8.5CVSS5.9AI score0.00339EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46578