Lucene search
K
PatchstackRecent

46629 matches found

Patchstack
Patchstack
added 2026/05/21 4:12 p.m.6 views

WordPress WP Blockade – Visual Page Builder plugin <= 0.9.14 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin WP Blockade versions = 0.9.14...

6.1CVSS5.8AI score0.00249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 3:59 p.m.10 views

WordPress FastX theme <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation and Activation vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Plugin Installation and Activation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Theme FastX versions = 1.0.2...

4.3CVSS5.8AI score0.0023EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 2:37 p.m.12 views

WordPress KIA Subtitle plugin <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability discovered by zaim in WordPress Plugin KIA Subtitle versions = 4.0.1...

6.4CVSS5.8AI score0.00249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 2:36 p.m.8 views

WordPress Location Weather – WordPress Weather Forecast, AQI, Temperature and Weather Widget plugin <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging vulnerability

Missing Authorization to Authenticated Contributor+ Block Settings Modification and Cache Purging vulnerability discovered by momopon1415 in WordPress Plugin Location Weather versions = 3.0.2...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 11:47 a.m.10 views

WordPress Avada (Fusion) Builder plugin <= 3.15.2 - Unauthenticated Remote Code Execution vulnerability

Unauthenticated Remote Code Execution vulnerability discovered by ? in WordPress Plugin Fusion Builder versions = 3.15.2...

9.8CVSS5.8AI score0.02163EPSS
Exploits4References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 11:33 a.m.11 views

WordPress AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin <= 10.8.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Azril Fathoni kiseki - Heroes Cyber Security in WordPress Plugin AcyMailing SMTP Newsletter versions = 10.8.2...

8.8CVSS5.8AI score0.00336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 11:33 a.m.10 views

WordPress Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin <= 1.6.9 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Creative Mail versions = 1.6.9...

7.5CVSS5.9AI score0.00391EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 11:33 a.m.9 views

WordPress Infility Global plugin < 2.15.21 - SQL Injection vulnerability

SQL Injection vulnerability discovered by oolongeya - Dreamhack in WordPress Plugin Infility Global versions 2.15.21...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 11:32 a.m.14 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion vulnerability

Unauthenticated Limited Arbitrary File Read and Deletion vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...

7.5CVSS5.8AI score0.00564EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 8:25 a.m.12 views

WordPress Zoho ZeptoMail plugin <= 3.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Zoho ZeptoMail versions = 3.2.9...

4.3CVSS5.8AI score0.00306EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/21 8:23 a.m.11 views

WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rapid0nion in WordPress Plugin CF7 WOW Styler versions = 1.7.6...

5.3CVSS5.8AI score0.00171EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/21 8:20 a.m.9 views

WordPress Mail Mint plugin <= 1.19.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Que Thanh Tuan in WordPress Plugin Mail Mint versions = 1.19.5...

4.3CVSS5.8AI score0.00171EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:26 a.m.11 views

WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.70 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Wannes Verwimp in WordPress Plugin Piotnet Addons For Elementor Pro versions = 7.1.70...

9.8CVSS5.8AI score0.00953EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:25 a.m.10 views

WordPress Piotnet Forms plugin <= 2.1.40 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Piotnet Forms versions = 2.1.40...

9.8CVSS5.8AI score0.0081EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:24 a.m.7 views

WordPress Account Switcher plugin <= 1.0.2 - Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation vulnerability

Authenticated Subscriber+ Authentication Bypass to Privilege Escalation vulnerability discovered by Ren Voza in WordPress Plugin Account Switcher versions = 1.0.2...

8.8CVSS5.8AI score0.00385EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:22 a.m.8 views

WordPress ProSolution WP Client plugin <= 2.0.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by snr in WordPress Plugin ProSolution WP Client versions = 2.0.0...

9.8CVSS5.8AI score0.00978EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:21 a.m.8 views

WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Ankit Patel in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.4...

9.8CVSS5.8AI score0.00494EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:13 a.m.10 views

WordPress Advanced Database Cleaner – Premium plugin <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion vulnerability

Authenticated Subscriber+ Local File Inclusion vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Advanced Database Cleaner – Premium versions = 4.1.0...

8.8CVSS5.8AI score0.00755EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 6:40 a.m.8 views

WordPress GSheet For Woo Importer plugin <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Settings Reset vulnerability discovered by Legion Hunter in WordPress Plugin GSheet For Woo Importer versions = 2.3.1...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/20 6:17 p.m.11 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Evan NR in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.8...

7.1CVSS5.8AI score0.00142EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/20 5:2 p.m.12 views

WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Joe Bruno, Principal Security Engineer @ Monarx in WordPress Plugin Gift Cards For WooCommerce Pro versions = 4.2.6...

10CVSS5.8AI score0.00282EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/20 3:45 p.m.15 views

NPM: Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows

NPM: Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/20 3:44 p.m.8 views

NPM: Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification

NPM: Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/20 3:38 p.m.9 views

NPM: Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage

NPM: Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/20 2:9 p.m.12 views

WordPress WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons plugin <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by BaroHaf - fpt in WordPress Plugin WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons versions = 1.0.8...

4.9CVSS5.8AI score0.00311EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/20 1:37 p.m.8 views

WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin HT Contact Form 7 versions = 2.8.2...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/20 1:15 p.m.10 views

WordPress Broadstreet plugin <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure vulnerability

Authenticated Subscriber+ Private Post Meta Disclosure vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Broadstreet Ads versions = 1.52.2...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/20 12:54 p.m.10 views

WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin YITH WooCommerce Product Add-Ons versions = 4.29.0...

7.6CVSS5.9AI score0.00289EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/20 12:52 p.m.10 views

WordPress Visualizer plugin < 4.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Doan Dinh Van in WordPress Plugin Visualizer versions 4.0.0...

6.5CVSS5.8AI score0.00166EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/20 12:36 p.m.7 views

WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO in WordPress Plugin PowerPress Podcasting versions = 11.15.10...

5.9AI score0.00253EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/20 12:14 p.m.9 views

WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin WpBookingly versions = 1.2.9...

6.5CVSS5.8AI score0.00307EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/20 12:12 p.m.10 views

WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan in WordPress Plugin Image Photo Gallery Final Tiles Grid versions = 3.6.11...

4.3CVSS5.8AI score0.00206EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/20 12:8 p.m.10 views

WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 5.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Tran Tuan Dung domiee13 in WordPress Plugin PDF for Elementor Forms + Drag And Drop Template Builder versions = 5.5.1...

5CVSS5.8AI score0.00194EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/19 8:43 p.m.7 views

WordPress Slider Revolution plugin <= 7.0.9 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Nos1x0 in WordPress Plugin Slider Revolution versions = 7.0.9...

5.3CVSS5.8AI score0.00332EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 8:13 p.m.11 views

NPM: CamoFox MCP: Unauthenticated HTTP MCP browser-control surface

NPM: CamoFox MCP: Unauthenticated HTTP MCP browser-control surface vulnerability discovered by ? in WordPress Npm camofox-mcp versions 1.13.2...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/19 8:9 p.m.10 views

NPM: SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl

NPM: SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl vulnerability discovered by ? in WordPress Npm sillytavern versions = 1.17.0...

8.5CVSS5.8AI score0.00866EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/19 8:3 p.m.11 views

NPM: Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

NPM: Nuxt: nuxtisland endpoint does not bind responses to request props, enabling shared-cache poisoning vulnerability discovered by ? in WordPress Npm nuxt versions = 3.1.0, = 3.21.5...

5.8AI score0.00091EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/19 7:49 p.m.7 views

NPM: Trubo: Login callback CSRF/session fixation

NPM: Trubo: Login callback CSRF/session fixation vulnerability discovered by ? in WordPress Npm turbo versions = 2.9.13...

6.5CVSS5.8AI score0.00124EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/19 7:46 p.m.8 views

NPM: Turbo: Unexpected local code execution during Yarn Berry detection

NPM: Turbo: Unexpected local code execution during Yarn Berry detection vulnerability discovered by ? in WordPress Npm turbo versions = 1.1.0, 2.9.14...

9.8CVSS6.2AI score0.00386EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/19 7:22 p.m.11 views

NPM: 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

NPM: 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes vulnerability discovered by ? in WordPress Npm 9router versions = 0.4.30, 0.4.37...

5.8AI score0.00147EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/19 5:36 p.m.10 views

WordPress Anomify AI – Anomaly Detection and Alerting plugin <= 0.3.6 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Anomify AI – Anomaly Detection and Alerting versions = 0.3.6...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 5:1 p.m.11 views

WordPress Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Image Deletion vulnerability discovered by Bao Luu Gia Nguyen in WordPress Plugin NextGEN Gallery versions = 4.2.0...

4.3CVSS5.8AI score0.00264EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 4:31 p.m.10 views

NPM: Budibase: Unrestricted Upload of File with Dangerous Type

NPM: Budibase: Unrestricted Upload of File with Dangerous Type vulnerability discovered by ? in WordPress Npm budibase versions 3.38.2...

7.6CVSS5.8AI score0.00175EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/19 4:21 p.m.8 views

NPM: protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion

NPM: protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.7...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/19 4:17 p.m.7 views

NPM: n8n: Credential exfiltration via Allowed HTTP Request Domains Bypass

NPM: n8n: Credential exfiltration via Allowed HTTP Request Domains Bypass vulnerability discovered by ? in WordPress Npm n8n versions 2.20.0...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/19 3:55 p.m.12 views

NPM: n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions

NPM: n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions vulnerability discovered by ? in WordPress Npm n8n versions 2.19.3...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/19 3:49 p.m.8 views

NPM: Nuxt: Reflected XSS in `navigateTo()` external redirect

NPM: Nuxt: Reflected XSS in navigateTo external redirect vulnerability discovered by ? in WordPress Npm nuxt versions = 3.4.3, = 3.21.5...

5.8AI score0.00164EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/19 3:47 p.m.9 views

NPM: auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs

NPM: auth-fetch-mcp: SSRF and disk exfiltration via unvalidated authfetch and downloadmedia URLs vulnerability discovered by ? in WordPress Npm auth-fetch-mcp versions = 3.0.0...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/19 3:16 p.m.6 views

WordPress WP Activity Log plugin <= 5.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Activity Log versions = 5.6.3...

6.5CVSS5.8AI score0.00197EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/19 2:51 p.m.12 views

WordPress All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin <= 4.9.7 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by 0x61626390 in WordPress Plugin All In One SEO Pack versions = 4.9.7...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46629