Lucene search
K
PatchstackRecent

46704 matches found

Patchstack
Patchstack
added 2025/11/24 6:51 a.m.7 views

WordPress Mstore Mobile App plugin <= 2.08 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Mstore Mobile App versions = 2.08...

9.8CVSS7AI score0.00288EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/24 6:48 a.m.5 views

WordPress WP AUDIO GALLERY plugin <= 2.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via 'audioupload' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP AUDIO GALLERY versions = 2.0...

8.1CVSS7.1AI score0.0055EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/23 7:59 p.m.8 views

WordPress Groundhogg plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Groundhogg versions = 4.2.6...

6.5CVSS6.1AI score0.00151EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/23 7:1 p.m.8 views

WordPress Extensions for Leaflet Map plugin <= 4.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Extensions for Leaflet Map versions = 4.8...

6.5CVSS6.1AI score0.00132EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/23 3:0 p.m.7 views

WordPress ArtPlacer Widget plugin <= 2.22.9.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin ArtPlacer Widget versions = 2.22.9.2...

9.8CVSS8.1AI score0.00264EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/23 12:24 p.m.5 views

WordPress External Media plugin <= 1.0.36 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by mcdruid in WordPress Plugin External Media versions = 1.0.36...

4.9CVSS7.1AI score0.00119EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/23 1:36 a.m.16 views

WordPress Accordion Slider plugin <= 1.9.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Accordion Slider versions = 1.9.13...

6.5CVSS6.1AI score0.00132EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/22 7:23 p.m.5 views

WordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Timetics versions = 1.0.44...

7.5CVSS7AI score0.00287EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/22 1:52 p.m.7 views

WordPress Modula Image Gallery plugin <= 2.13.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan in WordPress Plugin Modula Image Gallery versions = 2.13.6...

4.3CVSS5.3AI score0.00197EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/22 1:0 p.m.7 views

WordPress Better Search plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Better Search versions = 4.2.1...

5.9CVSS5.3AI score0.00172EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/22 9:52 a.m.7 views

WordPress Custom Order Numbers for WooCommerce plugin <= 1.11.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Custom Order Numbers for WooCommerce versions = 1.11.0...

5.3CVSS7AI score0.00282EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/22 12:6 a.m.7 views

WordPress Booking Calendar Contact Form plugin <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dexbccfipn' Parameter vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Booking Calendar Contact Form versions = 1.2.60...

5.3CVSS7AI score0.00265EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/22 12:3 a.m.7 views

WordPress GSheetConnector For Ninja Forms plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ System Information Exposure vulnerability discovered by Bhayanak Atma in WordPress Plugin Ninja Forms Google Sheet Connector versions = 2.0.1...

4.3CVSS6.9AI score0.00175EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 11:58 p.m.10 views

WordPress Appointment Booking Calendar plugin <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter vulnerability

Missing Authorization to Arbitrary Booking Confirmation via 'cpabcipncheck' Parameter vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Appointment Booking Calendar versions = 1.3.96...

5.3CVSS7AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 11:13 p.m.8 views

WordPress BigBuy Dropshipping Connector for WooCommerce plugin <= 2.0.5 - Unauthenticated IP Spoofing to phpinfo() Exposure vulnerability

Unauthenticated IP Spoofing to phpinfo Exposure vulnerability discovered by Jarno Vos jarnovos in WordPress Plugin BigBuy Dropshipping Connector for WooCommerce versions = 2.0.5...

5.3CVSS7AI score0.00249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 11:12 p.m.7 views

WordPress Giveaways and Contests by RafflePress plugin <= 1.12.20 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Giveaways and Contests by RafflePress versions = 1.12.20...

5.3CVSS7AI score0.00111EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/21 10:54 p.m.9 views

WordPress Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin <= 2.4.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO versions = 2.4.7...

5.3CVSS5.4AI score0.00287EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 10:53 p.m.9 views

WordPress AudioTube plugin <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin AudioTube versions = 0.0.3...

6.4CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 10:48 p.m.6 views

WordPress Stock Tools plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Stock Tools versions = 1.1...

6.4CVSS5.7AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 10:47 p.m.4 views

WordPress Padlet Shortcode plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Padlet Shortcode versions = 1.3...

6.4CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 10:37 p.m.5 views

WordPress Tips Shortcode plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Tips Shortcode versions = 0.2.1...

6.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 10:24 p.m.9 views

WordPress UiPress lite plugin <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Settings Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin UiPress lite versions = 3.5.08...

4.3CVSS7AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 10:22 p.m.5 views

WordPress Islamic Phrases plugin <= 2.12.2015 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Islamic Phrases versions = 2.12.2015...

6.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 10:19 p.m.6 views

WordPress Return Refund and Exchange For WooCommerce plugin <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Order Message Read vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Order Message Read vulnerability discovered by Powpy in WordPress Plugin Return Refund and Exchange For WooCommerce versions = 4.5.5...

5.4CVSS7AI score0.00149EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 10:16 p.m.9 views

WordPress Import WP plugin <= 2.14.17 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by type5afe in WordPress Plugin Import WP versions = 2.14.17...

5.3CVSS7AI score0.00223EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 9:51 p.m.6 views

WordPress Checkbox plugin <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing vulnerability

Missing Authorization to Unauthenticated Log Clearing vulnerability discovered by Legion Hunter in WordPress Plugin Checkbox versions = 2.8.10...

5.3CVSS7AI score0.00196EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 9:24 p.m.8 views

WordPress WP Directory Kit plugin <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function vulnerability

Unauthenticated SQL Injection via select2ajax Function vulnerability discovered by tmrswrr in WordPress Plugin WP Directory Kit versions = 1.4.3...

7.5CVSS8.1AI score0.01422EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 5:50 p.m.6 views

WordPress PopupKit plugin <= 2.1.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin PopupKit versions = 2.1.5...

8.5CVSS8.1AI score0.00347EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/21 12:7 p.m.6 views

WordPress SupportCandy plugin <= 3.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin SupportCandy versions = 3.4.1...

4.3CVSS7AI score0.00098EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/21 9:15 a.m.6 views

WordPress GoDAM plugin <= 1.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin GoDAM versions = 1.4.6...

5.3CVSS7AI score0.00187EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/21 8:28 a.m.10 views

WordPress Zegen Core plugin <= 2.0.1 - Cross-Site Request Forgery to Arbitrary File Upload vulnerability

Cross-Site Request Forgery to Arbitrary File Upload vulnerability discovered by István Márton - Wordfence in WordPress Plugin Zegen Core versions = 2.0.1...

8.8CVSS7AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 8:26 a.m.8 views

WordPress LearnPress plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure vulnerability

Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure vulnerability discovered by Lucas Montes Nirox in WordPress Plugin LearnPress versions = 4.2.9.4...

5.3CVSS7AI score0.00914EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 8:23 a.m.6 views

WordPress FluentCRM plugin <= 2.9.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluentcrm_content' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'fluentcrmcontent' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Fluent CRM versions = 2.9.84...

6.4CVSS5.8AI score0.00252EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 8:21 a.m.9 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client' vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference via 'ehcrmticketsingleviewclient' vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.2.9...

4.3CVSS7AI score0.00252EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 8:21 a.m.9 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Role Removal vulnerability

Missing Authorization to Authenticated Subscriber+ Role Removal vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...

5.3CVSS7AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/21 6:37 a.m.8 views

WordPress Legal Pages plugin <= 1.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Legal Pages versions = 1.4.6...

4.3CVSS7AI score0.00222EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/21 5:2 a.m.6 views

WordPress ForumWP plugin <= 2.1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin ForumWP versions = 2.1.4...

4.3CVSS7AI score0.00193EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/21 4:26 a.m.6 views

WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin TI WooCommerce Wishlist versions = 2.10.0...

5.3CVSS7AI score0.00228EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/20 11:49 p.m.7 views

WordPress Magical Products Display plugin <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via MPD Pricing Table Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Magical Products Display versions = 1.1.29...

6.4CVSS5.7AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/20 11:48 p.m.7 views

WordPress Tainacan plugin <= 1.0.0 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Peb - NA in WordPress Plugin Tainacan versions = 1.0.0...

5.3CVSS7AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/20 11:47 p.m.8 views

WordPress WP Delete Post Copies plugin <= 6.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Teuniz - Teuniz.nl in WordPress Plugin WP Delete Post Copies versions = 6.0.2...

4.4CVSS5.8AI score0.0016EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/20 11:46 p.m.5 views

WordPress Groundhogg plugin <= 4.2.6.1 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by NAKLEH ZEIDAN in WordPress Plugin Groundhogg versions = 4.2.6.1...

4.9CVSS8.1AI score0.00268EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/20 11:41 p.m.8 views

WordPress HT Mega – Absolute Addons For Elementor plugin <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Tag Attribute Injection vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin HT Mega versions = 3.0.0...

6.4CVSS6AI score0.00186EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/20 11:31 p.m.7 views

WordPress Post Expirator plugin <= 4.9.1 - Authenticated (Author+) Missing Authorization to Post/Page Status Modification vulnerability

Authenticated Author+ Missing Authorization to Post/Page Status Modification vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Post Expirator versions = 4.9.1...

4.3CVSS7AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/20 11:27 p.m.11 views

WordPress Shortcode for Google Street View plugin <= 0.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Shortcode for Google Street View versions = 0.5.7...

6.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/20 11:25 p.m.7 views

WordPress WP Company Info plugin <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Company Info versions = 1.9.0...

6.4CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/20 11:15 p.m.7 views

WordPress 简数采集器 plugin <= 2.6.3 - Authenticated (Admin+) Arbitrary File Read vulnerability

Authenticated Admin+ Arbitrary File Read vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Keydatas versions = 2.6.3...

4.9CVSS7AI score0.0028EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/20 11:13 p.m.6 views

WordPress WPSite Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin WPSite Shortcode versions = 1.2...

6.4CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/20 10:57 p.m.5 views

WordPress Display Pages Shortcode plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Display Pages Shortcode versions = 1.1...

6.4CVSS5.7AI score0.00194EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/11/20 10:55 p.m.4 views

WordPress HotelRunner Booking Widget plugin <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Mohamed amine Ouamar in WordPress Plugin HotelRunner Booking Widget versions = 5.2.4...

6.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46704