Lucene search
K
PatchstackRecent

46704 matches found

Patchstack
Patchstack
added 2025/11/25 4:13 p.m.6 views

WordPress Hotel Booking Lite plugin <= 5.2.3 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by benzdeus in WordPress Plugin Hotel Booking Lite versions = 5.2.3...

9.1CVSS7.5AI score0.00314EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/25 3:54 p.m.5 views

WordPress Quick Contact Form plugin <= 8.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Doan Dinh Van in WordPress Plugin Quick Contact Form versions = 8.2.5...

8.8CVSS7AI score0.00104EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/25 10:56 a.m.6 views

WordPress Elementor Website Builder plugin <= 3.33.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin Elementor Website Builder versions = 3.33.0...

4.3CVSS7AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/25 9:28 a.m.6 views

WordPress Fluent Booking plugin <= 1.9.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Theodoros Malachias in WordPress Plugin Fluent Booking versions = 1.9.11...

4.3CVSS7AI score0.00148EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/25 9:28 a.m.8 views

WordPress UsersWP plugin <= 1.2.47 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin UsersWP versions = 1.2.47...

9.8CVSS7AI score0.00216EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/25 7:38 a.m.7 views

WordPress Wishlist for WooCommerce plugin <= 1.1.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Powpy in WordPress Plugin Wishlist for WooCommerce versions = 1.1.3...

6.5CVSS7AI score0.00207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 7:31 a.m.5 views

WordPress ProjectList plugin <= 0.3.0 - Authenticated (Editor+) Arbitrary File Upload vulnerability

Authenticated Editor+ Arbitrary File Upload vulnerability discovered by Ivan Cese in WordPress Plugin ProjectList versions = 0.3.0...

7.2CVSS7AI score0.00536EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 7:27 a.m.8 views

WordPress Job Board by BestWebSoft plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via $GET Array Storage vulnerability discovered by Jamshed Yergashvoyev CVE Guy - Turan Security in WordPress Plugin Job Board by BestWebSoft versions = 1.2.1...

6.1CVSS6AI score0.00219EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 7:21 a.m.11 views

WordPress AI Engine for WordPress: ChatGPT, GPT Content Generator plugin <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read vulnerability

Authenticated Contributor+ Arbitrary File Read vulnerability discovered by Ryan Kozak in WordPress Plugin AI Engine for WordPress: ChatGPT, GPT Content Generator versions = 1.0.1...

6.5CVSS7AI score0.00461EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 7:12 a.m.4 views

WordPress Telegram Bot & Channel plugin <= 4.1 - Unauthenticated Stored Cross-Site Scripting via Telegram Username vulnerability

Unauthenticated Stored Cross-Site Scripting via Telegram Username vulnerability discovered by venom5iix in WordPress Plugin Telegram Bot & Channel versions = 4.1...

7.2CVSS5.8AI score0.00198EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 6:56 a.m.8 views

WordPress WavePlayer plugin <= 3.7.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by @zdenys in WordPress Plugin WavePlayer versions = 3.7.0...

9.8CVSS7AI score0.0041EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 6:51 a.m.8 views

WordPress EduKart Pro plugin <= 1.0.3 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin EduKart Pro versions = 1.0.3...

9.8CVSS7AI score0.00305EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 12:46 a.m.8 views

WordPress Attention Bar plugin <= 0.7.2.1 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by WPScan in WordPress Plugin Attention Bar versions = 0.7.2.1...

6.8CVSS8.1AI score0.00233EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 12:43 a.m.6 views

WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin <= 14 - Missing Authorization to Unauthenticated Information Disclosure vulnerability

Missing Authorization to Unauthenticated Information Disclosure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin OrderConvo versions = 14...

5.3CVSS6.6AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 12:42 a.m.9 views

WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages vulnerability

Missing Authorization to Unauthenticated User Impersonation in Order Messages vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin OrderConvo versions = 14...

4.3CVSS7AI score0.00215EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 12:33 a.m.6 views

WordPress Chamber Dashboard Business Directory plugin <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export vulnerability

Missing Authorization to Unauthenticated Business Information Export vulnerability discovered by Legion Hunter in WordPress Plugin Chamber Dashboard Business Directory versions = 3.3.11...

5.3CVSS6.9AI score0.0024EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 12:32 a.m.5 views

WordPress Refund Request for WooCommerce plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Refund Status Update vulnerability

Missing Authorization to Authenticated Subscriber+ Refund Status Update vulnerability discovered by Powpy in WordPress Plugin Refund Request for WooCommerce versions = 1.0...

4.3CVSS7AI score0.00159EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 12:26 a.m.6 views

WordPress Locker Content plugin <= 1.0.0 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Locker Content versions = 1.0.0...

5.3CVSS6.9AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 12:11 a.m.8 views

WordPress Frontend File Manager plugin plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary File Renaming vulnerability discovered by t.t.brothers in WordPress Plugin Frontend File Manager versions = 23.4...

4.3CVSS7AI score0.00198EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 12:9 a.m.5 views

WordPress Social Images Widget plugin <= 2.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Social Images Widget versions = 2.1...

5.3CVSS7AI score0.00236EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 12:8 a.m.7 views

WordPress Autochat Automatic Conversation plugin <= 1.1.9 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Autochat Automatic Conversation versions = 1.1.9...

5.3CVSS7AI score0.00239EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 12:7 a.m.7 views

WordPress YouTube Subscribe plugin <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via Title and Channel ID vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin YouTube Subscribe versions = 3.0.0...

4.4CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 12:5 a.m.6 views

WordPress Conditional Maintenance Mode for WordPress plugin <= 1.0.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Conditionnal Maintenance Mode for WordPress versions = 1.0.0...

4.3CVSS7AI score0.00141EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 12:4 a.m.6 views

WordPress ProjectList plugin <= 0.3.0 - Authenticated (Editor+) SQL Injection via 'id' Parameter vulnerability

Authenticated Editor+ SQL Injection via 'id' Parameter vulnerability discovered by Ivan Cese in WordPress Plugin ProjectList versions = 0.3.0...

4.9CVSS8.1AI score0.00269EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/25 12:1 a.m.5 views

WordPress Just Highlight plugin <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Highlight Color' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Highlight Color' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Just Highlight versions = 1.0.3...

4.4CVSS5.8AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 11:59 p.m.7 views

WordPress Inline frame – Iframe plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Inline frame – Iframe versions = 0.1...

6.4CVSS5.8AI score0.00157EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 11:57 p.m.8 views

WordPress Ace Post Type Builder plugin <= 1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Custom Taxonomy Deletion via 'taxonomy' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Custom Taxonomy Deletion via 'taxonomy' Parameter vulnerability discovered by Legion Hunter in WordPress Plugin Ace Post Type Builder versions = 1.9...

5.3CVSS7AI score0.00229EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 11:55 p.m.6 views

WordPress ZWeb - Social Mobile plugin <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

WordPress ZWeb - Social Mobile plugin = 1.0.0 - Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Zweb Social Mobile versions = 1.0.0...

4.4CVSS5.8AI score0.00155EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 11:50 p.m.4 views

WordPress Bookme plugin <= 4.2 - Authenticated (Admin+) SQL Injection via 'filter[status]' Parameter vulnerability

Authenticated Admin+ SQL Injection via 'filterstatus' Parameter vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin Bookme – Free Online Appointment Booking and Scheduling Plugin versions = 4.2...

4.9CVSS8.1AI score0.0026EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 11:39 p.m.9 views

WordPress Peer Publish plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Peer Publish versions = 1.0...

4.3CVSS7AI score0.00129EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 11:37 p.m.4 views

WordPress atec Duplicate Page & Post plugin <= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data Exposure vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Post Duplication and Data Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin atec Duplicate Page & Post versions = 1.2.20...

5.3CVSS6.8AI score0.00226EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 11:26 p.m.7 views

WordPress Blog2Social plugin <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Trashing vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Blog2Social versions = 8.7.0...

5.4CVSS7AI score0.00221EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 6:59 p.m.7 views

WordPress Show Variations as Single Products Woocommerce plugin <= 2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Show Variations as Single Products Woocommerce versions = 2.0...

5.3CVSS7AI score0.00177EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/24 10:43 a.m.10 views

WordPress Simple User Registration plugin <= 6.6 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simple User Registration versions = 6.6...

7.2CVSS5.8AI score0.00198EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 10:8 a.m.5 views

WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin PropertyHive versions = 2.1.12...

7.5CVSS7AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/24 9:19 a.m.6 views

WordPress EchBay Admin Security plugin <= 1.3.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin EchBay Admin Security versions = 1.3.0...

6.1CVSS6.3AI score0.00175EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 9:18 a.m.9 views

WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin PropertyHive versions = 2.1.12...

5.3CVSS7AI score0.00153EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/24 8:32 a.m.5 views

WordPress ANAC XML Bandi di Gara plugin <= 7.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin ANAC XML Bandi di Gara versions = 7.7...

7.1CVSS6.1AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/24 8:23 a.m.7 views

WordPress Flo Forms plugin <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG Upload vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin Flo Forms versions = 1.0.43...

7.1CVSS5.8AI score0.00267EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 8:20 a.m.5 views

WordPress Tainacan plugin <= 1.0.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Peb - NA in WordPress Plugin Tainacan versions = 1.0.0...

6.1CVSS6.4AI score0.00219EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 8:13 a.m.4 views

WordPress WPBookit plugin <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Ryan Kozak in WordPress Plugin WPBookit versions = 1.0.6...

7.2CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 8:10 a.m.10 views

WordPress S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin <= 1.7.8 - Authenticated (Editor+) Arbitrary File Upload vulnerability

Authenticated Editor+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin S2B AI Assistant versions = 1.7.8...

7.2CVSS7AI score0.00873EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 7:33 a.m.7 views

WordPress UiPress lite plugin <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by abrahack in WordPress Plugin UiPress lite versions = 3.5.08...

6.5CVSS6.9AI score0.00217EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 7:29 a.m.7 views

WordPress UiPress lite plugin <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by abrahack in WordPress Plugin UiPress lite versions = 3.5.08...

6.4CVSS5.8AI score0.00178EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 7:27 a.m.6 views

WordPress OneClick Chat to Order plugin <= 1.0.8 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure vulnerability discovered by Md Shofiur Rahman - Pentest Testing Corp in WordPress Plugin OneClick Chat to Order versions = 1.0.8...

7.5CVSS7AI score0.00315EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 7:24 a.m.11 views

WordPress CP Contact Form with PayPal plugin <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation vulnerability

Missing Authorization to Unauthenticated Arbitrary Payment Confirmation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin CP Contact Form with Paypal versions = 1.3.56...

7.5CVSS7AI score0.00324EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 7:22 a.m.8 views

WordPress Realty Portal plugin <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Realty Portal versions = 0.4.1...

8.8CVSS7AI score0.00332EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 7:15 a.m.7 views

WordPress Vitepos plugin <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution vulnerability

Authenticated Subscriber+ Arbitrary File Upload to Remote Code Execution vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin Vitepos versions = 3.3.0...

8.8CVSS7.5AI score0.006EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 7:1 a.m.8 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by ifoundbug in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...

9.8CVSS7AI score0.00642EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 6:51 a.m.6 views

WordPress Mstore Mobile Multivendor plugin <= 9.0.1 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Mstore Mobile App versions = 9.0.1...

9.8CVSS7AI score0.00288EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46704