Patchstack - Page 24 of Patchstack Vulnerabilities List

WordPress Smart phone field for Gravity Forms plugin <= 2.1.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Smart phone field for Gravity Forms versions = 2.1.6...

Patchstack•added 2026/05/01 9:16 a.m.•4 views

WordPress Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews plugin <= 3.2.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin GS Testimonial Slider versions = 3.2.8...

Patchstack•added 2026/05/01 9:16 a.m.•4 views

WordPress Spotlight Social Feeds – Block, Shortcode, and Widget plugin <= 1.7.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Spotlight Social Media Feeds versions = 1.7.0...

Patchstack•added 2026/05/01 9:16 a.m.•4 views

WordPress StoreCustomizer – A plugin to Customize all WooCommerce Pages plugin <= 2.5.9 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin StoreCustomizer versions = 2.5.9...

WordPress StreamWeasels Twitch Integration plugin <= 1.9.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin StreamWeasels Twitch Integration versions = 1.9.2...

Patchstack•added 2026/05/01 9:16 a.m.•1 views

WordPress TablePress – Tables in WordPress made easy plugin <= 3.0.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin TablePress versions = 3.0.2...

WordPress Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin <= 1.1.13 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Tablesome versions = 1.1.13...

Patchstack•added 2026/05/01 9:16 a.m.•3 views

WordPress Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More plugin <= 2.5.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WordPress Team Members – GS Plugins versions = 2.5.8...

WordPress Team Members Showcase plugin <= 3.3.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Team Members versions = 3.3.0...

Patchstack•added 2026/05/01 9:15 a.m.•5 views

WordPress Text To Speech TTS Accessibility plugin <= 1.7.34 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Text To Speech TTS Accessibility versions = 1.7.34...

WordPress Thank You Page for WooCommerce plugin <= 4.2.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Thanks Redirect for WooCommerce versions = 4.2.0...

WordPress TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More plugin <= 2.4.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Top News – Best News Plugin for WordPress versions = 2.4.1...

WordPress TreePress – Easy Family Trees & Ancestor Profiles plugin <= 3.0.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin TreePress – Easy Family Trees & Ancestor Profiles versions = 3.0.6...

Patchstack•added 2026/05/01 9:15 a.m.•1 views

WordPress Ultimeter plugin <= 3.0.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Ultimeter versions = 3.0.5...

WordPress Unlimited Elements For Elementor plugin <= 1.5.140 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.140...

WordPress URL Shortify – Simple and Easy URL Shortener plugin <= 1.10.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin URL Shortify versions = 1.10.4...

WordPress Widgets on Pages plugin <= 1.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Widgets on Pages versions = 1.7...

WordPress WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin <= 8.0.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto versions = 8.0.7...

WordPress WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms plugin <= 1.7.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin CF7 WOW Styler versions = 1.7.0...

WordPress WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes plugin <= 4.6.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Books Gallery versions = 4.6.8...

WordPress WP Coupons and Deals – Coupon Plugin For Affiliate Marketers plugin <= 3.2.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Coupons and Deals versions = 3.2.2...

Patchstack•added 2026/05/01 9:15 a.m.•5 views

WordPress WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards plugin <= 5.5.31 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Data Access versions = 5.5.31...

WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin <= 7.7.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content versions = 7.7.0...

WordPress WP fail2ban – Advanced Security plugin <= 5.3.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP fail2ban versions = 5.3.4...

WordPress WP Meta and Date Remover plugin <= 2.3.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Meta and Date Remover versions = 2.3.4...

WordPress WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin <= 2.8.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Mobile Menu versions = 2.8.6...

WordPress WP Notification Bell plugin <= 1.4.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Notification Bell versions = 1.4.2...

WordPress WP Page Templates plugin <= 1.1.16 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Page Templates versions = 1.1.16...

WordPress WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars plugin <= 3.8.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Post Author versions = 3.8.3...

Patchstack•added 2026/05/01 9:15 a.m.•5 views

WordPress WP Shortcodes Plugin — Shortcodes Ultimate plugin <= 7.3.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Shortcodes Ultimate versions = 7.3.3...

WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WPBITS Addons For Elementor Page Builder versions = 1.7...

Patchstack•added 2026/05/01 9:14 a.m.•3 views

WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.1...

Patchstack•added 2026/05/01 9:14 a.m.•3 views

WordPress XT Floating Cart for WooCommerce plugin <= 2.8.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin XT Floating Cart for WooCommerce versions = 2.8.4...

Patchstack•added 2026/05/01 9:14 a.m.•2 views

WordPress XT Quick View for WooCommerce plugin <= 2.1.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin XT Quick View for WooCommerce versions = 2.1.5...

Patchstack•added 2026/05/01 9:14 a.m.•1 views

WordPress XT Variation Swatches for WooCommerce plugin <= 1.9.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin XT Variation Swatches for WooCommerce versions = 1.9.4...

Patchstack•added 2026/05/01 9:14 a.m.•2 views

WordPress YASR – Yet Another Star Rating Plugin for WordPress plugin <= 3.4.12 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Yet Another Stars Rating versions = 3.4.12...

Patchstack•added 2026/05/01 8:3 a.m.•2 views

WordPress Five Star Restaurant Reservations plugin <= 2.7.16 - Unauthenticated Payment Bypass via PHP Type Juggling in 'payment_id' Parameter vulnerability

Unauthenticated Payment Bypass via PHP Type Juggling in 'paymentid' Parameter vulnerability discovered by davidfdzmorilla in WordPress Plugin Five Star Restaurant Reservations versions = 2.7.16...

5.3CVSS5.8AI score0.00037EPSS

Patchstack•added 2026/05/01 8:3 a.m.•2 views

WordPress Otter Blocks plugin <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie vulnerability

Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Otter - Gutenberg Block versions = 3.1.4...

7.5CVSS5.8AI score0.00081EPSS

Patchstack•added 2026/05/01 3:24 a.m.•2 views

WordPress Elementor Website Builder plugin <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via REST API vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin Elementor Website Builder versions = 4.0.4...

6.4CVSS5.2AI score0.00055EPSS

4.4CVSS5.8AI score0.00011EPSS

WordPress Call for Price for WooCommerce plugin <= 4.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by AndyGuru - AndyGuru in WordPress Plugin Call for Price for WooCommerce versions = 4.2.0...

Patchstack•added 2026/05/01 12:0 a.m.•1 views

WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint vulnerability

Unauthenticated Information Disclosure in Store Reviews REST API Endpoint vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Dokan versions = 4.3.1...

5.3CVSS5.8AI score0.00043EPSS

8.1CVSS5.8AI score0.00015EPSS

WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.25 - Authenticated (Vendor+) Insecure Direct Object Reference to Arbitrary User Deletion vulnerability

Authenticated Vendor+ Insecure Direct Object Reference to Arbitrary User Deletion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WCFM – Frontend Manager for WooCommerce versions = 6.7.25...

7.2CVSS5.8AI score0.00023EPSS

WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Royal Elementor Addons versions = 1.7.1057...

Patchstack•added 2026/05/01 12:0 a.m.•4 views

WordPress My Social Feeds – Social Feeds Embedder Plugin for WP plugin <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Teerachai Somprasong in WordPress Plugin My Social Feeds – Social Feeds Embedder Plugin for WordPress versions = 1.0.4...

5.4CVSS5.8AI score0.00013EPSS

6.4CVSS5.8AI score0.00039EPSS

WordPress NextMove Lite – Thank You Page for WooCommerce plugin <= 2.23.0 - Thank You Page for WooCommerce <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Thank You Page for WooCommerce plugin = 2.23.0 - Thank You Page for WooCommerce = 2.23.0 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NextMove Lite versions = 2.23.0...

Patchstack•added 2026/04/30 3:28 p.m.•3 views

WordPress JetEngine plugin <= 3.8.8.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin JetEngine versions = 3.8.8.1...

5.9AI score0.00039EPSS

Exploits0Affected Software1

Patchstack•added 2026/04/30 12:0 a.m.•3 views

WordPress WP Editor plugin <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution vulnerability

Cross-Site Request Forgery to Remote Code Execution vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin WP Editor versions = 1.2.9.2...

8.8CVSS5.9AI score0.00026EPSS

Patchstack•added 2026/04/30 12:0 a.m.•4 views

WordPress Ultimate Dashboard – Custom WordPress Dashboard plugin <= 3.8.14 - Cross-Site Request Forgery to Module Activation/Deactivation vulnerability

Cross-Site Request Forgery to Module Activation/Deactivation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Ultimate Dashboard versions = 3.8.14...

4.3CVSS5.8AI score0.00006EPSS