Lucene search
K
PatchstackRecent

46606 matches found

Patchstack
Patchstack
added 2026/06/05 3:28 p.m.8 views

WordPress WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin <= 4.9.4 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Yousef Alraddadi - none in WordPress Plugin WP Maps versions = 4.9.4...

4.4CVSS5.4AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 2:37 p.m.12 views

WordPress MapPress Maps for WordPress plugin <= 2.96.6 - Unauthenticated Insecure Direct Object Reference vulnerability

Unauthenticated Insecure Direct Object Reference vulnerability discovered by Kitch - KitchGlobal in WordPress Plugin MapPress Maps for WordPress versions = 2.96.6...

5.3CVSS5.4AI score0.00813EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 2:31 p.m.8 views

WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Missing Authorization to Authenticated (Contributor+) Privileged Cloud API Operations vulnerability

Missing Authorization to Authenticated Contributor+ Privileged Cloud API Operations vulnerability discovered by Abi Wiranata in WordPress Plugin SEO Plugin by Squirrly SEO versions = 12.4.16...

4.3CVSS5.5AI score0.00296EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 2:28 p.m.9 views

WordPress Klamra Paycal for Aspaclaria plugin <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by KEVIN LEE crattack - OPCIA in WordPress Plugin Klamra Paycal for Aspaclaria versions = 1.1.4...

4.3CVSS5.5AI score0.00234EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 2:27 p.m.9 views

WordPress Smart Slider 3 plugin <= 3.5.1.36 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Read vulnerability discovered by Nguyen Khanh Hao in WordPress Plugin Smart Slider 3 versions = 3.5.1.36...

4.9CVSS5.5AI score0.00558EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 2:25 p.m.10 views

WordPress Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure vulnerability

Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by Anirudh Makkar in WordPress Plugin Essential Addons for Elementor versions = 6.6.4...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 2:23 p.m.8 views

WordPress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin <= 4.3.6 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Jamshed Yergashvoyev CVE Guy - Turan Security in WordPress Plugin LearnPress versions = 4.3.6...

5.3CVSS5.4AI score0.00353EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 2:22 p.m.7 views

WordPress Quick Playground plugin <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read vulnerability

Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Pablo Santiago in WordPress Plugin Quick Playground versions = 1.3.4...

4.4CVSS5.4AI score0.00315EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 2:20 p.m.9 views

WordPress MDJM Event Management plugin <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Mobile DJ Manager versions = 1.7.8.3...

7.2CVSS5.4AI score0.00659EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 2:19 p.m.8 views

WordPress LearnPress – Backup & Migration Tool plugin <= 4.1.4 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Read vulnerability discovered by Wannes Verwimp in WordPress Plugin LearnPress Export Import versions = 4.1.4...

4.9CVSS5.5AI score0.00646EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 2:17 p.m.8 views

WordPress EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by UKO - Korea univ. in WordPress Plugin EmbedPress versions = 4.5.3...

6.4CVSS5.4AI score0.00234EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 2:16 p.m.9 views

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Bao Luu Gia Nguyen in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.7...

4.4CVSS5.5AI score0.00214EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 2:1 p.m.11 views

WordPress WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin <= 1.10.0.4 - Unauthenticated Insufficient Verification of Data Authenticity vulnerability

Unauthenticated Insufficient Verification of Data Authenticity vulnerability discovered by Valatty in WordPress Plugin Contact Form by WPForms versions = 1.10.0.4...

5.3CVSS5.4AI score0.00202EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 1:57 p.m.9 views

WordPress OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin <= 1.2.0 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Yousef Alraddadi - none in WordPress Plugin OptinCraft – Drag & Drop Optins & Popup Builder for WordPress versions = 1.2.0...

4.9CVSS5.7AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 1:37 p.m.8 views

WordPress Click to Chat – HoliThemes plugin <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Valatty in WordPress Plugin Click to Chat versions = 4.39...

6.4CVSS5.4AI score0.00288EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 1:35 p.m.7 views

WordPress LearnPress – Backup & Migration Tool plugin <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection vulnerability

Authenticated Administrator+ PHP Object Injection vulnerability discovered by Wannes Verwimp in WordPress Plugin LearnPress Export Import versions = 4.1.4...

6.6CVSS5.5AI score0.0045EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 12:41 p.m.9 views

WordPress Page-list plugin <= 6.2 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by darkmode in WordPress Plugin Page-list versions = 6.2...

4.3CVSS5.5AI score0.00224EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 12:4 p.m.10 views

WordPress Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin <= 3.1.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Master Addons for Elementor versions = 3.1.0...

6.4CVSS5.4AI score0.00214EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 11:5 a.m.8 views

WordPress LatePoint – Calendar Booking Plugin for Appointments and Events plugin <= 5.6.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Kirasec in WordPress Plugin LatePoint versions = 5.6.0...

4.3CVSS5.5AI score0.00135EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 10:52 a.m.8 views

WordPress Simple SEO Slideshow plugin <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Simple SEO Slideshow versions = 1.2.8...

6.4CVSS5.4AI score0.00192EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 10:46 a.m.10 views

WordPress RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Feedzy versions = 5.1.7...

4.3CVSS5.5AI score0.0029EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 10:44 a.m.8 views

WordPress Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin <= 11.1.2 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Quiz And Survey Master versions = 11.1.2...

4.9CVSS5.7AI score0.00352EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 10:43 a.m.9 views

WordPress WPvivid — Backup, Migration & Staging plugin <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory Deletion vulnerability

Authenticated Admin+ Arbitrary Directory Deletion vulnerability discovered by blue0x1 in WordPress Plugin WPvivid Backup and Migration versions = 0.9.128...

3.8CVSS5.5AI score0.00263EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 10:37 a.m.9 views

WordPress Shared Files plugin <= 1.7.64 - Path Traversal vulnerability

Path Traversal vulnerability discovered by kai63001 in WordPress Plugin Shared Files versions = 1.7.64...

7.5CVSS5.5AI score0.00326EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/05 10:36 a.m.9 views

WordPress Frontend User Notes plugin <= 2.1.1 - Cross-Site Request Forgery to Note Content Modification vulnerability

Cross-Site Request Forgery to Note Content Modification vulnerability discovered by Mohamed Wajih Hichri Assaults - TEK-UP in WordPress Plugin Frontend User Notes versions = 2.1.1...

4.3CVSS5.5AI score0.00132EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 10:34 a.m.11 views

WordPress Express Payment For Stripe plugin <= 1.28.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Stripe Express versions = 1.28.0...

6.4CVSS5.4AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 10:28 a.m.8 views

WordPress Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin <= 1.8.11.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Attachment Deletion vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Attachment Deletion vulnerability discovered by Khanh Nguyen - BlueRock in WordPress Plugin Charitable versions = 1.8.11.1...

4.3CVSS5.5AI score0.00285EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 10:26 a.m.7 views

WordPress Alba Board plugin <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Disclosure vulnerability discovered by Teerachai Somprasong in WordPress Plugin Alba Board versions = 2.1.3...

4.3CVSS5.5AI score0.00272EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 9:40 a.m.10 views

WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin JetSearch versions = 3.5.17...

9.3CVSS5.7AI score0.00346EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2026/06/05 9:37 a.m.9 views

WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by endy in WordPress Plugin WP User Manager versions = 2.9.16...

9.9CVSS5.5AI score0.00506EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/05 9:30 a.m.8 views

WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by dodoh4t in WordPress Plugin WP Travel Engine versions = 6.7.10...

7.5CVSS5.5AI score0.00252EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/05 9:29 a.m.10 views

WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by dodoh4t in WordPress Plugin Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons versions = 1.4.8...

7.4CVSS5.5AI score0.00264EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/05 9:10 a.m.10 views

WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin User Registration Stripe versions = 1.3.12...

8.2CVSS5.4AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/05 9:8 a.m.7 views

WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by VanTastic in WordPress Plugin LatePoint versions = 5.5.1...

7.5CVSS5.5AI score0.00287EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2026/06/05 9:0 a.m.7 views

WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions = 1.1.4...

9.8CVSS5.5AI score0.00476EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2026/06/05 9:0 a.m.8 views

WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.1.1...

9.8CVSS5.5AI score0.00476EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2026/06/05 8:59 a.m.8 views

WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.2.1...

9.8CVSS5.5AI score0.00476EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2026/06/05 8:59 a.m.10 views

WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions = 1.1.4...

9.8CVSS5.5AI score0.00476EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2026/06/05 8:58 a.m.12 views

WordPress Ad Manager Wd plugin <= 1.0.11 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by ? in WordPress Plugin Ad Manager Wd versions = 1.0.11...

9.8CVSS5.4AI score0.0046EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 8:49 a.m.11 views

WordPress Hybrid Composer plugin <= 1.4.6 Unauthenticated Settings Change vulnerability

WordPress Hybrid Composer plugin = 1.4.6 Unauthenticated Settings Change vulnerability discovered by ? in WordPress Plugin Hybrid Composer versions = 1.4.6...

9.8CVSS5.4AI score0.00347EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/05 4:6 a.m.12 views

WordPress Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns plugin <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery vulnerability

WordPress Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns plugin = 6.1.3 - Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Shambles in WordPress Plugin Essential Blocks for Gutenberg versions = 6.1.3...

7.2CVSS5.8AI score0.00213EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 12:0 a.m.8 views

WordPress Debug Log Manager – Conveniently Monitor and Inspect Errors plugin <= 2.5.0 - Unauthenticated Improper Output Neutralization for Logs vulnerability

Unauthenticated Improper Output Neutralization for Logs vulnerability discovered by Endang Alfarisi in WordPress Plugin Debug Log Manager versions = 2.5.0...

5.3CVSS5.4AI score0.00261EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 12:0 a.m.12 views

WordPress Event Monster – Event Manager, Ticket Booking & Registration plugin <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability

Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability discovered by NAKLEH ZEIDAN in WordPress Plugin Event Management Tickets Booking versions = 2.1.0...

5.3CVSS5.5AI score0.00165EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 12:0 a.m.9 views

WordPress Admin Columns plugin <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution vulnerability

Authenticated Contributor+ PHP Object Injection to Remote Code Execution vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Admin Columns versions = 7.0.18...

8.8CVSS5.7AI score0.00652EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 12:0 a.m.10 views

WordPress WP Go Maps – Google Maps, OpenStreetMap, Leaflet Map plugin <= 10.0.09 - Unauthenticated Sensitive Information Disclosure vulnerability

Unauthenticated Sensitive Information Disclosure vulnerability discovered by Sudhanshu Chauhan - RedHunt Labs in WordPress Plugin WP Go Maps versions = 10.0.09...

5.3CVSS5.5AI score0.00192EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/04 3:10 p.m.6 views

WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WP Media folder Addon versions = 4.0.1...

7.5CVSS5.5AI score0.00467EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/04 2:55 p.m.7 views

WordPress Thrive Apprentice plugin < 10.8.10.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by dutafi in WordPress Plugin Thrive Apprentice versions 10.8.10.2...

9.8CVSS5.5AI score0.00375EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/04 2:47 p.m.7 views

WordPress Moderno theme < 1.43 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Moderno versions 1.43...

9.8CVSS5.5AI score0.00304EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/04 2:45 p.m.10 views

WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vulnerability

Price Manipulation vulnerability discovered by Jakub Herman in WordPress Plugin Upsell Order Bump Offer for WooCommerce versions = 3.1.4...

7.5CVSS5.5AI score0.00236EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/04 2:41 p.m.12 views

WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Cornerstone versions 7.8.8...

8.5CVSS5.5AI score0.00371EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46606