Lucene search
K
PatchstackRecent

46704 matches found

Patchstack
Patchstack
added 2025/11/27 7:11 p.m.9 views

WordPress Hydra Booking plugin <= 1.1.32 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Hydra Booking versions = 1.1.32...

8.5CVSS8.1AI score0.00286EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2025/11/27 4:51 p.m.5 views

WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mdr in WordPress Plugin Ultimate Member Widgets for Elementor versions = 2.3...

7.5CVSS7AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/27 2:35 p.m.5 views

WordPress Hostel plugin <= 1.1.5.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Hostel versions = 1.1.5.9...

7.1CVSS6.1AI score0.00145EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/27 2:21 p.m.8 views

WordPress Bold Page Builder plugin <= 5.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Poystick in WordPress Plugin Bold Page Builder versions = 5.5.2...

6.3CVSS5.8AI score0.00162EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/27 11:39 a.m.10 views

WordPress Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) plugin <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by WordFence in WordPress Plugin Unlimited Elements for Elementor Premium versions = 2.0...

7.2CVSS5.8AI score0.00265EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 11:38 a.m.8 views

WordPress Unlimited Elements For Elementor and Unlimited Elements For Elementor plugin <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by WordFence in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0...

7.2CVSS5.8AI score0.00265EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 11:30 a.m.9 views

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter vulnerability

Unauthenticated Server-Side Request Forgery via 'pineconeurl' Parameter vulnerability discovered by blue0x1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.0...

6.5CVSS7.1AI score0.00249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 11:26 a.m.6 views

WordPress Blubrry PowerPress plugin <= 11.15.2 - Authenticated (Contributor+) Arbitrary File Upload via 'powerpress_edit_post' vulnerability

Authenticated Contributor+ Arbitrary File Upload via 'powerpresseditpost' vulnerability discovered by ISMAILSHADOW in WordPress Plugin PowerPress Podcasting versions = 11.15.2...

8.8CVSS7AI score0.0052EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 10:49 a.m.9 views

WordPress KiviCare plugin <= 3.6.13 - SQL Injection vulnerability

SQL Injection vulnerability discovered by benzdeus in WordPress Plugin KiviCare versions = 3.6.13...

4.3CVSS8.1AI score0.00213EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/27 10:47 a.m.6 views

WordPress WP Directory Kit plugin <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter vulnerability

Reflected Cross-Site Scripting via 'orderby' Parameter vulnerability discovered by blue0x1 in WordPress Plugin WP Directory Kit versions = 1.4.5...

6.1CVSS6.3AI score0.00219EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 9:54 a.m.5 views

WordPress Customer Reviews Collector for WooCommerce plugin <= 4.6.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Customer Reviews Collector for WooCommerce versions = 4.6.1...

6.1CVSS6.3AI score0.00175EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 9:51 a.m.5 views

WordPress Simple Folio plugin <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Simple Folio versions = 1.1.0...

6.4CVSS5.8AI score0.00157EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 9:47 a.m.7 views

WordPress Houzez plugin <= 4.1.6 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Alex Thomas - Wordfence in WordPress Theme Houzez versions = 4.1.6...

6.1CVSS5.8AI score0.00175EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 9:45 a.m.6 views

WordPress Folders plugin <= 3.1.5 - Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation vulnerability

Incorrect Authorization to Authenticated Contributor+ Folder Content Manipulation vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Folders versions = 3.1.5...

4.3CVSS7AI score0.00198EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 9:41 a.m.6 views

WordPress SKT PayPal for WooCommerce plugin <= 1.4 - Unauthenticated Payment Bypass vulnerability

Unauthenticated Payment Bypass vulnerability discovered by ch4r0n - FPT Software in WordPress Plugin SKT PayPal for WooCommerce versions = 1.4...

7.5CVSS7AI score0.00284EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 9:6 a.m.7 views

WordPress Tiare Membership plugin <= 1.2 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by シルAsuna in WordPress Plugin Tiare Membership versions = 1.2...

9.8CVSS7AI score0.00305EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 8:36 a.m.6 views

WordPress Pool Services theme <= 3.3 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pool Services versions = 3.3...

9.1CVSS7.1AI score0.00202EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/27 8:19 a.m.4 views

WordPress The Aisle theme <= 2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Aisle versions = 2.9...

8.8CVSS7AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/27 8:12 a.m.4 views

WordPress Powerlift theme < 3.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Powerlift versions 3.2.1...

8.8CVSS7AI score0.00239EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/27 8:2 a.m.9 views

WordPress Tiger Premium theme <= 101.2.1 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by István Márton - Wordfence in WordPress Theme Tiger versions = 101.2.1...

8.8CVSS7AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 8:1 a.m.8 views

WordPress Tiger Premium theme <= 101.2.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by シルAsuna in WordPress Theme Tiger versions = 101.2.1...

9.8CVSS7AI score0.00305EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 7:6 a.m.7 views

WordPress FindAll Membership plugin <= 1.0.4 - Authentication Bypass via Social Login vulnerability

Authentication Bypass via Social Login vulnerability discovered by István Márton - Wordfence in WordPress Plugin FindAll Membership versions = 1.0.4...

9.8CVSS7.1AI score0.00416EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 6:48 a.m.4 views

WordPress Houzez plugin <= 4.1.6 - Authenticated (Subscriber+) PHP Object Injection via Saved Search vulnerability

Authenticated Subscriber+ PHP Object Injection via Saved Search vulnerability discovered by Alex Thomas - Wordfence in WordPress Theme Houzez versions = 4.1.6...

6.3CVSS7.4AI score0.00224EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 12:45 a.m.10 views

WordPress WP Fastest Cache plugin <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions vulnerability

Missing Authorization to Authenticated Subscriber+ DB Cleanup Actions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Fastest Cache versions = 1.4.0...

4.3CVSS7AI score0.00191EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 12:36 a.m.8 views

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads vulnerability

Missing Authorization to Unauthenticated Media File Uploads vulnerability discovered by blue0x1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.0...

5.3CVSS7AI score0.00249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 12:35 a.m.5 views

WordPress Quick View for WooCommerce plugin <= 2.2.17 - Unauthenticated Private Product Disclosure vulnerability

Unauthenticated Private Product Disclosure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Quick View for WooCommerce versions = 2.2.17...

5.3CVSS7AI score0.00223EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 12:32 a.m.7 views

WordPress QODE Wishlist for WooCommerce plugin <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist Update vulnerability

Unauthenticated Insecure Direct Object Reference to Wishlist Update vulnerability discovered by WordFence in WordPress Plugin QODE Wishlist for WooCommerce versions = 1.2.7...

5.3CVSS7AI score0.00229EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 12:30 a.m.6 views

WordPress Hide Category by User Role for WooCommerce plugin <= 2.3.1 - Missing Authorization to Unauthenticated Cache Flushing vulnerability

Missing Authorization to Unauthenticated Cache Flushing vulnerability discovered by Legion Hunter in WordPress Plugin Hide Category by User Role for WooCommerce versions = 2.3.1...

5.3CVSS7AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 12:29 a.m.10 views

WordPress Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin <= 19.12.0 - Cross-Site Request Forgery to Account Disconnection vulnerability

Cross-Site Request Forgery to Account Disconnection vulnerability discovered by Deadbee - NA in WordPress Plugin Poll, Survey & Quiz Maker Plugin by Opinion Stage versions = 19.12.0...

4.3CVSS7AI score0.00129EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/27 12:27 a.m.9 views

WordPress StaffList plugin <= 3.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin StaffList versions = 3.2.6...

4.4CVSS5.7AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/26 11:52 p.m.9 views

WordPress SortTable Post plugin <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin SortTable Post versions = 4.2...

6.4CVSS5.8AI score0.00157EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/26 11:51 p.m.10 views

WordPress Shouty plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shouty Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via shouty Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Shouty versions = 0.2.1...

6.4CVSS5.8AI score0.00189EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/26 11:50 p.m.6 views

WordPress Google Drive upload and download link plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Google Drive upload and download link versions = 1.0...

6.4CVSS5.9AI score0.00189EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/26 11:48 p.m.6 views

WordPress Soundslides plugin <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundslides Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via soundslides Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Soundslides versions = 1.4.2...

6.4CVSS5.8AI score0.00195EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/26 11:44 p.m.6 views

WordPress Reuters Direct plugin <= 3.0.0 - Cross-Site Request Forgery to Settings Reset vulnerability

Cross-Site Request Forgery to Settings Reset vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Reuters Direct versions = 3.0.0...

4.3CVSS7AI score0.00106EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/26 11:43 p.m.4 views

WordPress wp-twitpic plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin wp-twitpic versions = 1.0...

6.4CVSS5.7AI score0.00189EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/26 1:6 p.m.6 views

WordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Featured Post Creative versions = 1.5.5...

4.3CVSS7AI score0.00153EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/26 12:48 p.m.6 views

WordPress All In One SEO Pack plugin <= 4.8.6.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Abu Hurayra in WordPress Plugin All In One SEO Pack versions = 4.8.6.1...

6.5CVSS7AI score0.00279EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/26 12:42 p.m.10 views

WordPress eRoom plugin <= 1.5.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mohamad Fattyr in WordPress Plugin eRoom versions = 1.5.6...

5.8CVSS7AI score0.00163EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/26 12:8 p.m.5 views

WordPress ANAC XML Viewer plugin <= 1.8.2 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin ANAC XML Viewer versions = 1.8.2...

4.9CVSS7.1AI score0.00194EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/26 9:29 a.m.11 views

WordPress WP Webhooks plugin <= 3.3.8 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Webhooks versions = 3.3.8...

6.5CVSS7.3AI score0.00372EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/26 8:58 a.m.4 views

WordPress Travelfic Toolkit plugin <= 1.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan in WordPress Plugin Travelfic Toolkit versions = 1.3.3...

4.3CVSS5.3AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/26 7:59 a.m.6 views

WordPress WP ERP plugin <= 1.16.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin WP ERP versions = 1.16.6...

6.5CVSS7AI score0.00217EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/26 6:48 a.m.15 views

WordPress AI Feeds plugin <= 1.0.11 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin AI Feeds versions = 1.0.11...

9.8CVSS7AI score0.00856EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2025/11/26 6:41 a.m.14 views

WordPress CIBELES AI plugin <= 1.10.8 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin CIBELES AI versions = 1.10.8...

9.8CVSS7AI score0.00856EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2025/11/26 6:26 a.m.10 views

WordPress Sneeit Framework plugin <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback vulnerability

Unauthenticated Remote Code Execution in sneeitarticlespaginationcallback vulnerability discovered by Tonn in WordPress Plugin Sneeit Framework versions = 8.3...

9.8CVSS7.5AI score0.43399EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2025/11/26 3:22 a.m.5 views

WordPress oik plugin <= 4.15.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin oik versions = 4.15.3...

6.5CVSS6.1AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/26 2:37 a.m.7 views

WordPress Essential Widgets plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mdr in WordPress Plugin Essential Widgets versions = 2.2.2...

6.5CVSS6.1AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/26 1:38 a.m.5 views

WordPress Donation Thermometer plugin <= 2.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Donation Thermometer versions = 2.2.6...

6.5CVSS6.1AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/25 10:27 p.m.10 views

WordPress Search Exclude plugin <= 2.5.7 – Missing Authorization to Authenticated (Contributor+) Search Settings Modification via REST API vulnerability

Missing Authorization to Authenticated Contributor+ Search Settings Modification via REST API vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Search Exclude versions = 2.5.7...

4.3CVSS7AI score0.00159EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46704