Lucene search
K
PatchstackRecent

46704 matches found

Patchstack
Patchstack
added 2025/12/05 11:55 p.m.8 views

WordPress TR Timthumb plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Peter Thaleikis in WordPress Plugin TR Timthumb versions = 1.0.4...

6.4CVSS5.5AI score0.00191EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/05 11:53 p.m.8 views

WordPress Yet Another WebClap for WordPress plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Yet Another WebClap for WordPress versions = 0.2...

6.4CVSS5.6AI score0.00202EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/05 11:51 p.m.7 views

WordPress weDocs plugin <= 2.1.14 - Missing Authorization to Settings Update vulnerability

Missing Authorization to Settings Update vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin weDocs versions = 2.1.14...

5.4CVSS6.8AI score0.00191EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/05 7:52 p.m.4 views

WordPress Post Cloner plugin <= 1.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Post Cloner versions = 1.0.0...

5.3CVSS7AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/05 7:38 p.m.5 views

WordPress SendPulse Email Marketing Newsletter plugin <= 2.2.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin SendPulse Email Marketing Newsletter versions = 2.2.1...

4.3CVSS7AI score0.00215EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/05 7:12 p.m.3 views

WordPress Portfolio and Projects plugin <= 1.5.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Portfolio and Projects versions = 1.5.5...

4.3CVSS7AI score0.00215EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/05 6:6 p.m.5 views

WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Certus Cybersecurity in WordPress Plugin Add Custom Codes versions = 4.80...

8.8CVSS7AI score0.00123EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/05 4:42 p.m.6 views

WordPress SMS Alert Order Notifications plugin <= 3.8.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin SMS Alert Order Notifications versions = 3.8.8...

5.3CVSS6.9AI score0.00183EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/05 4:29 p.m.4 views

WordPress Tablesome plugin <= 1.1.34 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Certus Cybersecurity in WordPress Plugin Tablesome versions = 1.1.34...

4.3CVSS7AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/05 3:34 p.m.7 views

WordPress Formstack Online Forms plugin <= 2.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Formstack Online Forms versions = 2.0.2...

5.3CVSS7AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/05 1:15 p.m.8 views

WordPress Constant Contact + WooCommerce plugin <= 2.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Constant Contact + WooCommerce versions = 2.4.1...

5.3CVSS7AI score0.00176EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/05 9:52 a.m.6 views

WordPress Master Addons for Elementor plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Master Addons for Elementor versions = 2.0.9.9.4...

6.5CVSS6.1AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/05 9:5 a.m.5 views

WordPress Custom Layouts – Post + Product grids made easy plugin <= 1.4.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Custom Layouts – Post + Product grids made easy versions = 1.4.12...

4.3CVSS7AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/05 8:51 a.m.7 views

WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Envo Extra versions = 1.9.11...

6.1CVSS5.9AI score0.00167EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/05 8:17 a.m.5 views

WordPress Thank You Page Customizer for WooCommerce plugin <= 1.1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Thank You Page Customizer for WooCommerce versions = 1.1.8...

8.1CVSS6.8AI score0.00197EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/05 8:7 a.m.10 views

WordPress Nouri.sh Newsletter plugin <= 1.0.1.3 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Nouri.sh Newsletter versions = 1.0.1.3...

6.1CVSS6.2AI score0.00204EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/05 7:59 a.m.10 views

WordPress Jabbernotification plugin <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO vulnerability

Reflected Cross-Site Scripting via admin.php PATHINFO vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Jabbernotification versions = 0.99-RC2...

6.1CVSS6.1AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/05 7:50 a.m.22 views

WordPress Time Sheets plugin <= 2.1.3 - Use of Known Vulnerable Component vulnerability

Use of Known Vulnerable Component vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Time Sheets versions = 2.1.3...

6.1CVSS6.2AI score0.0138EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2025/12/05 7:39 a.m.11 views

WordPress Twitscription plugin <= 0.1.1 - Reflected Cross-Site Scripting via admin.php PATH_INFO vulnerability

Reflected Cross-Site Scripting via admin.php PATHINFO vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Twitscription versions = 0.1.1...

6.1CVSS6.1AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/05 7:35 a.m.12 views

WordPress dream gallery plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action vulnerability discovered by dayea song - Ahnlab in WordPress Plugin dream gallery versions = 1.0...

6.1CVSS5.7AI score0.00119EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/05 7:32 a.m.13 views

WordPress WP-SOS-Donate Donation Sidebar Plugin plugin <= 0.9.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin WP-SOS-Donate versions = 0.9.2...

6.1CVSS6.1AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/05 7:16 a.m.8 views

WordPress My auctions allegro plugin <= 3.6.32 - Unauthenticated Local File Inclusion via controller vulnerability

Unauthenticated Local File Inclusion via controller vulnerability discovered by type5afe in WordPress Plugin My auctions allegro versions = 3.6.32...

8.1CVSS6.8AI score0.00666EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/05 7:11 a.m.4 views

WordPress My auctions allegro plugin <= 3.6.32 - Unauthenticated SQL Injection via auction_id vulnerability

Unauthenticated SQL Injection via auctionid vulnerability discovered by type5afe in WordPress Plugin My auctions allegro versions = 3.6.32...

7.5CVSS7.8AI score0.00273EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/05 7:8 a.m.10 views

WordPress User Verification plugin <= 2.0.44 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by luckybuddy in WordPress Plugin User Verification versions = 2.0.44...

9.8CVSS5.4AI score0.00433EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/05 5:28 a.m.6 views

WordPress MultiParcels Shipping For WooCommerce plugin <= 1.30.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin MultiParcels Shipping For WooCommerce versions = 1.30.12...

4.3CVSS7AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/04 11:32 p.m.10 views

WordPress Wp Social Login and Register Social Counter plugin <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter Tampering vulnerability

Missing Authorization in Cache REST Endpoints to Social Counter Tampering vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Wp Social versions = 3.1.3...

5.3CVSS6.8AI score0.00328EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 11:31 p.m.8 views

WordPress User Generator and Importer plugin <= 1.2.2 - Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation vulnerability

Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation vulnerability discovered by Ivan Cese in WordPress Plugin User Generator and Importer versions = 1.2.2...

8.8CVSS6.7AI score0.00154EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 11:30 p.m.7 views

WordPress Projectopia – WordPress Project Management plugin <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Projectopia versions = 5.1.19...

5.3CVSS6.8AI score0.00286EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 11:29 p.m.7 views

WordPress CryptX plugin <= 4.0.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CryptX versions = 4.0.5...

6.4CVSS5.9AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 11:28 p.m.8 views

WordPress Trail Manager plugin <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by ChamlaVic in WordPress Plugin Trail Manager versions = 1.0.0...

4.4CVSS5.5AI score0.00202EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 11:26 p.m.7 views

WordPress ARK Related Posts plugin <= 2.19 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin ARK Related Posts versions = 2.19...

4.3CVSS6.8AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 11:26 p.m.7 views

WordPress Thai Lottery Widget plugin <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Peerapat Samatathanyakorn in WordPress Plugin Thai Lottery Widget versions = 2.5...

6.4CVSS5.5AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 11:17 p.m.6 views

WordPress WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion vulnerability

Cross-Site Request Forgery to Vendor Product Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WC Vendors Marketplace versions = 2.6.4...

4.3CVSS6.7AI score0.00102EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 11:15 p.m.6 views

WordPress Weekly Planner plugin <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Weekly Planner versions = 1.0...

4.4CVSS5.5AI score0.00166EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 11:5 p.m.10 views

WordPress Live CSS Preview plugin <= 2.1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Live CSS Preview versions = 2.1.4...

4.3CVSS5.4AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 11:4 p.m.5 views

WordPress Voidek Employee Portal plugin <= 1.0.6 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Voidek Employee Portal versions = 1.0.6...

5.3CVSS6.7AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 11:3 p.m.6 views

WordPress Payaza plugin <= 0.3.8 - Missing Authorization to Unauthenticated Order Status Update vulnerability

Missing Authorization to Unauthenticated Order Status Update vulnerability discovered by Legion Hunter in WordPress Plugin Payaza versions = 0.3.8...

5.3CVSS6.8AI score0.00189EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 10:59 p.m.6 views

WordPress Torod plugin <= 1.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Torod versions = 1.9...

4.3CVSS6.7AI score0.00124EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 10:50 p.m.5 views

WordPress Time Sheets plugin <= 2.1.3 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin Time Sheets versions = 2.1.3...

4.3CVSS6.7AI score0.00102EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 10:28 p.m.7 views

WordPress FitVids for WordPress plugin <= 4.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin FitVids for WordPress versions = 4.0.1...

4.4CVSS5.5AI score0.00154EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/04 7:33 p.m.5 views

WordPress Image Cleanup plugin <= 1.9.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Image Cleanup versions = 1.9.2...

5.3CVSS7AI score0.0024EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/04 7:29 p.m.4 views

WordPress AdForest theme <= 6.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme AdForest versions = 6.0.11...

5.3CVSS7AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/04 7:28 p.m.5 views

WordPress Image Cleanup plugin <= 1.9.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Image Cleanup versions = 1.9.2...

4.3CVSS7AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/04 7:3 p.m.5 views

WordPress User Spam Remover plugin <= 1.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin User Spam Remover versions = 1.1...

5.3CVSS7AI score0.0024EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/04 6:44 p.m.6 views

WordPress SMTP Mail plugin <= 1.3.51 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin SMTP Mail versions = 1.3.51...

4.3CVSS7AI score0.00107EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/04 6:25 p.m.6 views

WordPress Media Library Downloader plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Media Library Downloader versions = 1.4.0...

4.3CVSS7AI score0.00107EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/04 6:21 p.m.5 views

WordPress Custom Sidebars by ProteusThemes plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Custom Sidebars by ProteusThemes versions = 1.0.3...

4.3CVSS7AI score0.00107EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/04 5:3 p.m.5 views

WordPress WP Google Analytics Events plugin <= 2.8.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Plugin WP Google Analytics Events versions = 2.8.2...

5.3CVSS7AI score0.0024EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/04 2:29 p.m.4 views

WordPress Happy Addons for Elementor plugin <= 3.20.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mdr in WordPress Plugin Happy Addons for Elementor versions = 3.20.3...

4.3CVSS7AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/04 12:46 p.m.5 views

WordPress WP ERP plugin <= 1.16.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP ERP versions = 1.16.7...

5.3CVSS7AI score0.00272EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46704