Lucene search
K
PatchstackRecent

46684 matches found

Patchstack
Patchstack
added 2025/12/11 10:7 p.m.9 views

WordPress Player Leaderboard 1.0.0-1.0.2 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by kr0d in WordPress Plugin Player Leaderboard versions 1.0.0-1.0.2...

8.8CVSS6.8AI score0.00691EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 10:3 p.m.5 views

WordPress WatchTowerHQ plugin <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter vulnerability

Authenticated Administrator+ Arbitrary File Read via 'whtdownloadbigobjectorigin' Parameter vulnerability discovered by ChamlaVic in WordPress Plugin WatchTowerHQ versions = 3.15.0...

4.9CVSS6.8AI score0.00447EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 9:59 p.m.8 views

WordPress Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection vulnerability

Cross-Site Request Forgery to Google OAuth Connection vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin Foxtool All-in-One versions = 2.5.2...

4.3CVSS6.7AI score0.00145EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 9:34 p.m.5 views

WordPress Coding Blocks plugin <= 1.1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Coding Blocks versions = 1.1.0...

4.3CVSS6.8AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:56 p.m.6 views

WordPress Animated Pixel Marquee Creator plugin <= 1.0.0 - Cross-Site Request Forgery via 'marquee' Parameter vulnerability

Cross-Site Request Forgery via 'marquee' Parameter vulnerability discovered by ChamlaVic in WordPress Plugin Animated Pixel Marquee Creator versions = 1.0.0...

4.3CVSS6.8AI score0.00124EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:54 p.m.6 views

WordPress Vimeo SimpleGallery plugin <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin Vimeo SimpleGallery versions = 0.2...

5.3CVSS6.7AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:53 p.m.5 views

WordPress Paypal Payment Shortcode plugin <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'buttomimage' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Paypal Payment Shortcode versions = 1.01...

6.4CVSS5.6AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:52 p.m.5 views

WordPress BuddyTask plugin <= 1.3.0 - Missing Authorization to Authenticated (Subscriber+) Cross-Group Task Board Access and Manipulation vulnerability

Missing Authorization to Authenticated Subscriber+ Cross-Group Task Board Access and Manipulation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin BuddyTask versions = 1.3.0...

6.5CVSS6.7AI score0.00183EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:48 p.m.7 views

WordPress App Landing Template Blocks for WPBakery Page Builder plugin <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin App Landing Template Blocks for WPBakery Visual Composer Page Builder versions = 2.0.2...

6.4CVSS5.4AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:46 p.m.9 views

WordPress Hide Email Address plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Hide Email Address versions = 0.1...

6.4CVSS5.5AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:46 p.m.5 views

WordPress Data Visualizer plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Data Visualizer versions = 1.1...

6.4CVSS5.6AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:43 p.m.5 views

WordPress Better Elementor Addons plugin <= 1.5.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Better Elementor Addons versions = 1.5.5...

6.4CVSS5.3AI score0.00195EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:41 p.m.6 views

WordPress Simple Nivo Slider plugin <= 0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple Nivo Slider versions = 0.5.6...

6.4CVSS5.5AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 6:33 p.m.9 views

WordPress Reviews Sorted plugin <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'space' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'space' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Reviews Sorted versions = 2.4.2...

6.4CVSS5.6AI score0.00298EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 6:31 p.m.3 views

WordPress WP Coupons and Deals plugin <= 3.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Coupons and Deals versions = 3.2.4...

4.3CVSS7AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 6:28 p.m.7 views

WordPress Freshchat plugin <= 2.3.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Freshchat versions = 2.3.4...

4.3CVSS7AI score0.00107EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 6:21 p.m.5 views

WordPress SimplyConvert plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'simplyconvert_hash' Option vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'simplyconverthash' Option vulnerability discovered by Bhumividh Treloges - Siam Thanat Hack Co., Ltd. STH in WordPress Plugin SimplyConvert versions = 1.0...

4.4CVSS5.6AI score0.00189EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 6:18 p.m.6 views

WordPress LT Unleashed plugin <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion via 'template' Parameter vulnerability

Authenticated Contributor+ Local File Inclusion via 'template' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin LT Unleashed versions = 1.1.1...

7.5CVSS6.8AI score0.00509EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 6:17 p.m.7 views

WordPress LJUsers plugin <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'name' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin LJUsers versions = 1.2.0...

6.4CVSS5.6AI score0.00185EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 11:35 a.m.23 views

WordPress WP Job Portal plugin <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Long Nguyen in WordPress Plugin WP Job Portal versions = 2.4.0...

6.5CVSS6.8AI score0.00307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 9:42 a.m.8 views

WordPress Media Library Tools plugin <= 1.6.15 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Media Library Tools versions = 1.6.15...

9.8CVSS8.1AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:11 a.m.19 views

WordPress Elated Membership plugin <= 1.2 - Authentication Bypass via Social Login vulnerability

Authentication Bypass via Social Login vulnerability discovered by Foxyyy in WordPress Plugin Elated Membership versions = 1.2...

9.8CVSS6.8AI score0.00424EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 5:59 a.m.22 views

WordPress WP CarDealer plugin <= 1.2.16 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Foxyyy in WordPress Plugin WP CarDealer versions = 1.2.16...

9.8CVSS6.7AI score0.003EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 5:10 a.m.4 views

WordPress Buttoner for Elementor plugin <= 1.0.6 - Settings Change vulnerability

Settings Change vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Buttoner for Elementor versions = 1.0.6...

5.4CVSS7AI score0.00141EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 5:6 a.m.5 views

WordPress Reformer for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Reformer for Elementor versions = 1.0.6...

5.4CVSS7AI score0.00138EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 5:1 a.m.5 views

WordPress Modalier for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Modalier for Elementor versions = 1.0.6...

5.4CVSS7AI score0.00138EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 4:58 a.m.7 views

WordPress Huger for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Huger for Elementor versions = 1.1.5...

5.4CVSS7AI score0.00138EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 4:48 a.m.5 views

WordPress Lottier plugin <= 1.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Lottier versions = 1.1.1...

5.4CVSS7AI score0.00168EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 4:44 a.m.4 views

WordPress Lottier for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Lottier for Elementor versions = 1.0.9...

5.4CVSS7AI score0.00168EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 4:40 a.m.6 views

WordPress Lottier for WPBakery plugin <= 1.1.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Lottier for WPBakery versions = 1.1.7...

5.4CVSS7AI score0.00168EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 4:27 a.m.6 views

WordPress Laser plugin <= 1.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Laser versions = 1.1.1...

5.4CVSS7AI score0.00168EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 4:23 a.m.4 views

WordPress Masker for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Masker for Elementor versions = 1.1.4...

5.4CVSS7AI score0.00168EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 4:19 a.m.4 views

WordPress Spoter for Elementor plugin <= 1.04 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Spoter for Elementor versions = 1.04...

5.4CVSS7AI score0.00168EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 4:1 a.m.5 views

WordPress Grider for Elementor plugin <= 1.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Grider for Elementor versions = 1.0.8...

5.4CVSS7AI score0.00168EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 1:15 a.m.6 views

WordPress RTL Tester plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin RTL Tester versions = 1.2...

4.3CVSS7AI score0.00107EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/11 12:42 a.m.6 views

WordPress Widgets for Google Reviews plugin <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via trustindex Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Widgets for Google Reviews versions = 13.2.1...

6.4CVSS5.5AI score0.00221EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 12:41 a.m.5 views

WordPress List Category Posts plugin <= 0.91.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode vulnerability

Authenticated Contributor+ SQL Injection via Plugin's Shortcode vulnerability discovered by Khanh Nguyen - BlueRock - BlueRock in WordPress Plugin List category posts versions = 0.91.0...

6.5CVSS7.8AI score0.00286EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 12:40 a.m.8 views

WordPress RSS Aggregator by Feedzy plugin <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Feedzy versions = 5.1.1...

5.8CVSS6.8AI score0.00223EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/10 6:16 p.m.5 views

WordPress Homey Core plugin <= 2.4.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Homey Core versions = 2.4.3...

5.3CVSS7AI score0.00277EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/10 1:24 p.m.4 views

WordPress Coder for Elementor plugin <= 1.0.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Coder for Elementor versions = 1.0.13...

5.4CVSS7AI score0.00168EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/10 1:6 p.m.4 views

WordPress Crumber plugin <= 1.0.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Crumber versions = 1.0.10...

5.4CVSS7AI score0.00275EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/10 11:16 a.m.5 views

WordPress Nelio Popups plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Nelio Popups versions = 1.3.0...

6.1CVSS6.1AI score0.00132EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/10 9:25 a.m.5 views

WordPress Comparimager for Elementor plugin <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Comparimager for Elementor versions = 1.0.1...

5.4CVSS7AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/10 9:17 a.m.8 views

WordPress Scroller plugin <= 2.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Scroller versions = 2.0.2...

5.4CVSS7AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/10 7:58 a.m.12 views

WordPress Simple Download Counter plugin <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal vulnerability

Authenticated Administrator+ Arbitrary File Read via Path Traversal vulnerability discovered by ChamlaVic in WordPress Plugin Simple Download Counter versions = 2.2.2...

4.9CVSS6.8AI score0.00439EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/10 7:1 a.m.3 views

WordPress Uper for Elementor plugin <= 1.0.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Uper for Elementor versions = 1.0.5...

5.4CVSS7AI score0.0022EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/10 7:0 a.m.12 views

WordPress Custom Admin Menu plugin <= 1.0.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Yousof Nahya in WordPress Plugin Custom Admin Menu versions = 1.0.0...

7.1CVSS6.2AI score0.00186EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/10 6:56 a.m.6 views

WordPress Audier For Elementor plugin <= 1.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Audier For Elementor versions = 1.0.9...

5.4CVSS7AI score0.0022EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/10 6:51 a.m.4 views

WordPress Motionger for Elementor plugin <= 2.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Motionger for Elementor versions = 2.0.4...

8.8CVSS7AI score0.0022EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/10 6:45 a.m.5 views

WordPress Searcher for Elementor plugin <= 1.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Searcher for Elementor versions = 1.0.3...

8.8CVSS7AI score0.0022EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46684