Lucene search
K
PatchstackRecent

46624 matches found

Patchstack
Patchstack
added 2026/05/25 7:30 a.m.13 views

WordPress Correct Prices plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Correct Prices versions = 1.0...

6.1CVSS5.8AI score0.00221EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:30 a.m.12 views

WordPress SponsorMe plugin <= 0.5.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin SponsorMe versions = 0.5.2...

6.1CVSS5.8AI score0.00266EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:28 a.m.12 views

WordPress LJ comments import: reloaded plugin <= 0.97.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin LJ comments import: reloaded versions = 0.97.1...

6.1CVSS5.8AI score0.00266EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:28 a.m.11 views

WordPress VatanSMS WP SMS plugin <= 1.01 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin VatanSMS WP SMS versions = 1.01...

6.1CVSS5.8AI score0.00275EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:27 a.m.11 views

WordPress Oliver POS plugin < 4.5.4 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by Hunter Jensen skid in WordPress Plugin Oliver POS versions 4.5.4...

6.5CVSS5.8AI score0.00475EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:26 a.m.14 views

WordPress 診断ジェネレータ作成プラグイン plugin <= 1.4.16 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'js' Parameter vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin 診断ジェネレータ作成プラグイン versions = 1.4.16...

6.4CVSS5.8AI score0.00308EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:25 a.m.25 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Form Submission Data Exposure vulnerability discovered by Z3no in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...

6.5CVSS5.8AI score0.00404EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:1 a.m.16 views

WordPress WooCommerce PayPal Payments plugin <= 4.0.1 - Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure vulnerability

Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WooCommerce PayPal Payments versions = 4.0.1...

8.2CVSS5.8AI score0.00401EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:0 a.m.11 views

WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ API Secret Key Disclosure and Privilege Escalation vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.30.1...

8.8CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:0 a.m.10 views

WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Options Update vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.32.0...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:0 a.m.14 views

WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key vulnerability

Missing Authorization to Authenticated Subscriber+ Generate API Secret Key vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.30.1...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:0 a.m.11 views

WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ API Secret Key Disclosure and Privilege Escalation vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.30.1...

8.8CVSS5.8AI score0.00258EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 4:19 a.m.11 views

WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin EventPrime versions = 4.3.2.1...

5.8AI score0.00317EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/24 12:10 p.m.8 views

WordPress Ads by WPQuads plugin <= 3.0.2 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Bas Albers in WordPress Plugin Ads by WPQuads versions = 3.0.2...

6.5CVSS5.8AI score0.00248EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/24 9:1 a.m.9 views

WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Peng Zhou in WordPress Plugin miniorange otp verification versions = 5.4.9...

9.8CVSS5.8AI score0.00321EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/24 8:59 a.m.9 views

WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin EventPrime versions = 4.3.2.1...

5.8AI score0.00354EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/24 8:37 a.m.10 views

WordPress MasterStudy LMS plugin <= 3.7.29 - SQL Injection vulnerability

SQL Injection vulnerability discovered by walow in WordPress Plugin MasterStudy LMS versions = 3.7.29...

8.5CVSS5.9AI score0.00253EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/23 12:56 p.m.13 views

WordPress WP Job Portal plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin WP Job Portal versions = 2.5.1...

7.1CVSS5.8AI score0.00146EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/23 10:48 a.m.9 views

WordPress WP Job Portal plugin <= 2.5.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin WP Job Portal versions = 2.5.1...

9.3CVSS5.9AI score0.00299EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/23 9:56 a.m.10 views

WordPress PropertyHive plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by HaiND in WordPress Plugin PropertyHive versions = 2.2.2...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/22 7:4 a.m.14 views

WordPress Ditty – Responsive News Tickers, Sliders, and Lists plugin <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Ditty versions = 3.1.65...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/22 7:3 a.m.8 views

WordPress AudioIgniter Music Player plugin <= 2.0.2 - Unauthenticated Insecure Direct Object Reference to 'audioigniter_playlist_id' Parameter vulnerability

Unauthenticated Insecure Direct Object Reference to 'audioigniterplaylistid' Parameter vulnerability discovered by ? in WordPress Plugin AudioIgniter Music Player versions = 2.0.2...

7.5CVSS5.8AI score0.01508EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/22 6:51 a.m.8 views

WordPress WP ERP Pro plugin <= 1.5.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by kudasav in WordPress Plugin WP ERP Pro versions = 1.5.1...

7.5CVSS5.9AI score0.00273EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/22 6:47 a.m.13 views

WordPress BookingPress Appointment Booking Pro plugin <= 5.6 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by h0xilo in WordPress Plugin BookingPress Appointment Booking Pro versions = 5.6...

9.8CVSS5.8AI score0.00672EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/05/22 6:46 a.m.10 views

WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by sorawautsukushiii in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.5...

8.8CVSS5.8AI score0.00541EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 10:39 p.m.8 views

NPM: Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret

NPM: Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret vulnerability discovered by ? in WordPress Npm network-ai versions = 5.4.4...

5.8AI score0.00023EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/21 9:20 p.m.10 views

NPM: JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

NPM: JavaScript Cookie: Per-instance prototype hijack in assign enables cookie-attribute injection vulnerability discovered by ? in WordPress Npm js-cookie versions = 3.0.5...

5.8AI score0.00422EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/21 8:39 p.m.10 views

NPM: NocoDB: Stale Auth Cache After API Token Deletion

NPM: NocoDB: Stale Auth Cache After API Token Deletion vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.8AI score0.00197EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/21 8:38 p.m.8 views

NPM: NocoDB: Attachment Size Limit Bypass via Upload-by-URL

NPM: NocoDB: Attachment Size Limit Bypass via Upload-by-URL vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.8AI score0.0024EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/21 8:35 p.m.10 views

NPM: NocoDB: Shared-base link access can invite arbitrary users as persistent base members

NPM: NocoDB: Shared-base link access can invite arbitrary users as persistent base members vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.9AI score0.00296EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/21 8:35 p.m.9 views

NPM: NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion

NPM: NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.8AI score0.00235EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/21 8:35 p.m.9 views

NPM: NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags

NPM: NocoDB: Refresh Token Cookie Set Without secure and sameSite Flags vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.8AI score0.00099EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/21 8:34 p.m.10 views

NPM: NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation

NPM: NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.8AI score0.00151EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/21 8:34 p.m.9 views

NPM: NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)

NPM: NocoDB: SSRF Protection Bypass in Notification Webhook Plugins Slack, Discord, Mattermost, Teams vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.8AI score0.00176EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/21 8:34 p.m.7 views

NPM: NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL

NPM: NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.8AI score0.00156EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/21 8:33 p.m.8 views

NPM: MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement

NPM: MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement vulnerability discovered by ? in WordPress Npm mcp-server-kubernetes versions 3.6.0...

5.8AI score0.00376EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:25 p.m.8 views

WordPress Widget Context plugin <= 1.3.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by darkmode in WordPress Plugin Widget Context versions = 1.3.3...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:24 p.m.7 views

WordPress Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Form Structure Modification vulnerability discovered by Thanh Toan Bui in WordPress Plugin Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder versions = 1.1.1...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:23 p.m.7 views

WordPress Slider by Soliloquy – Responsive Image Slider for WordPress plugin <= 2.8.1 - Authenticated (Subscriber+) Information Disclosure vulnerability

Authenticated Subscriber+ Information Disclosure vulnerability discovered by Kitch - KitchGlobal in WordPress Plugin Slider by Soliloquy versions = 2.8.1...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:21 p.m.8 views

WordPress MotoPress Hotel Booking plugin <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Hotel Booking Lite versions = 6.0.1...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:20 p.m.6 views

WordPress FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Saleh Elsayed 0xManticore in WordPress Plugin Fluent CRM versions = 2.9.87...

5.4CVSS5.8AI score0.00645EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:17 p.m.7 views

WordPress The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.11...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 5:57 p.m.9 views

NPM: md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

NPM: md-fileserver: Stored/Reflected XSS when viewing Markdown raw HTML allowed vulnerability discovered by ? in WordPress Npm md-fileserver versions 1.10.3...

5.8AI score0.00213EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/21 5:14 p.m.7 views

NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions vulnerability discovered by ? in WordPress Npm samlify versions 2.13.0...

8.7CVSS5.8AI score0.00383EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2026/05/21 4:12 p.m.9 views

WordPress Alfie – Feed Plugin plugin <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion vulnerability

Cross-Site Request Forgery to Feed Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Alfie versions = 1.2.1...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 4:12 p.m.6 views

WordPress WP Blockade – Visual Page Builder plugin <= 0.9.14 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin WP Blockade versions = 0.9.14...

6.1CVSS5.8AI score0.00249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 3:59 p.m.10 views

WordPress FastX theme <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation and Activation vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Plugin Installation and Activation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Theme FastX versions = 1.0.2...

4.3CVSS5.8AI score0.0023EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 2:37 p.m.12 views

WordPress KIA Subtitle plugin <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability discovered by zaim in WordPress Plugin KIA Subtitle versions = 4.0.1...

6.4CVSS5.8AI score0.00249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 2:36 p.m.8 views

WordPress Location Weather – WordPress Weather Forecast, AQI, Temperature and Weather Widget plugin <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging vulnerability

Missing Authorization to Authenticated Contributor+ Block Settings Modification and Cache Purging vulnerability discovered by momopon1415 in WordPress Plugin Location Weather versions = 3.0.2...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 11:47 a.m.10 views

WordPress Avada (Fusion) Builder plugin <= 3.15.2 - Unauthenticated Remote Code Execution vulnerability

Unauthenticated Remote Code Execution vulnerability discovered by ? in WordPress Plugin Fusion Builder versions = 3.15.2...

9.8CVSS5.8AI score0.02163EPSS
Exploits4References1Affected Software1
Total number of security vulnerabilities46624