Patchstack - Page 27 of Patchstack Vulnerabilities List

Patchstack•added 2026/04/22 10:30 a.m.•3 views

WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Alukas versions 3.0.0...

Patchstack•added 2026/04/22 10:29 a.m.•4 views

WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Kapee versions 1.7.0...

Patchstack•added 2026/04/22 10:28 a.m.•6 views

WordPress PressMart theme <= 1.2.26 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme PressMart versions = 1.2.26...

Patchstack•added 2026/04/22 10:25 a.m.•2 views

WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme EmallShop versions = 2.4.21...

Patchstack•added 2026/04/22 9:45 a.m.•3 views

WordPress Emailchef plugin <= 3.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Settings Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Emailchef versions = 3.5.1...

4.3CVSS5.8AI score0.00014EPSS

Patchstack•added 2026/04/22 9:42 a.m.•2 views

WordPress WP Responsive Popup + Optin plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP Responsive Popup + Optin versions = 1.4...

6.1CVSS5.8AI score0.00012EPSS

Patchstack•added 2026/04/22 9:25 a.m.•2 views

WordPress Create DB Tables plugin <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Database Table Creation/Deletion vulnerability discovered by theviper17y in WordPress Plugin Create DB Tables versions = 1.2.1...

9.1CVSS5.8AI score0.0003EPSS

Patchstack•added 2026/04/22 9:9 a.m.•2 views

WordPress Sendmachine for WordPress plugin <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation vulnerability

Unauthenticated SMTP Hijack to Privilege Escalation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Sendmachine for WordPress versions = 1.0.20...

9.8CVSS5.8AI score0.00047EPSS

Patchstack•added 2026/04/21 7:16 p.m.•3 views

WordPress Short Comment Filter plugin <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Short Comment Filter versions = 2.2...

4.4CVSS5.8AI score0.00026EPSS

Patchstack•added 2026/04/21 7:15 p.m.•4 views

WordPress Private WP suite plugin <= 0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Private WP suite versions = 0.4.1...

4.4CVSS5.8AI score0.00011EPSS

Patchstack•added 2026/04/21 7:15 p.m.•3 views

WordPress Real Estate Pro plugin <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Real Estate Pro versions = 1.0.9...

5.5CVSS5.8AI score0.0001EPSS

Patchstack•added 2026/04/21 7:13 p.m.•3 views

WordPress HTTP Headers plugin <= 1.19.2 - Authenticated (Administrator+) CRLF Injection vulnerability

Authenticated Administrator+ CRLF Injection vulnerability discovered by Kai Aizen in WordPress Plugin HTTP Headers versions = 1.19.2...

5.5CVSS5.8AI score0.00021EPSS

Patchstack•added 2026/04/21 7:13 p.m.•3 views

WordPress HTTP Headers plugin <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Daniel Basta whizzu - NASK PIB in WordPress Plugin HTTP Headers versions = 1.19.2...

4.4CVSS5.8AI score0.00009EPSS

Patchstack•added 2026/04/21 7:7 p.m.•4 views

WordPress TextP2P Texting Widget plugin <= 1.7 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin TextP2P Texting Widget versions = 1.7...

4.3CVSS5.8AI score0.00006EPSS

Patchstack•added 2026/04/21 7:7 p.m.•3 views

WordPress Kcaptcha plugin <= 1.0.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Kcaptcha versions = 1.0.1...

4.3CVSS5.8AI score0.00007EPSS

Patchstack•added 2026/04/21 7:7 p.m.•3 views

WordPress Call To Action plugin plugin <= 3.1.3 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Call To Action Plugin versions = 3.1.3...

4.3CVSS5.8AI score0.0001EPSS

Patchstack•added 2026/04/21 7:6 p.m.•2 views

WordPress mCatFilter plugin <= 0.5.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin mCatFilter versions = 0.5.2...

4.3CVSS5.8AI score0.00007EPSS

Patchstack•added 2026/04/21 7:5 p.m.•2 views

WordPress DX Unanswered Comments plugin <= 1.7 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin DX Unanswered Comments versions = 1.7...

4.3CVSS5.8AI score0.0001EPSS

Patchstack•added 2026/04/21 7:5 p.m.•2 views

WordPress Sentence To SEO (keywords, description and tags) plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Sentence To SEO keywords, description and tags versions = 1.0...

4.4CVSS5.8AI score0.00027EPSS

Patchstack•added 2026/04/21 7:5 p.m.•4 views

WordPress Ni WooCommerce Order Export plugin <= 3.1.6 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Ni WooCommerce Order Export versions = 3.1.6...

4.3CVSS5.8AI score0.00006EPSS

Patchstack•added 2026/04/21 7:3 p.m.•3 views

WordPress Zypento Blocks plugin <= 1.06 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Zypento Blocks versions = 1.06...

6.4CVSS5.8AI score0.00012EPSS

Patchstack•added 2026/04/21 7:3 p.m.•3 views

WordPress Buzz Comments plugin <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Buzz Comments versions = 0.9.4...

4.4CVSS5.8AI score0.00011EPSS

Patchstack•added 2026/04/21 7:3 p.m.•3 views

WordPress Fast & Fancy Filter – 3F plugin <= 1.2.2 - Cross-Site Request Forgery to Settings Modification vulnerability

Cross-Site Request Forgery to Settings Modification vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Fast & Fancy Filter – 3F versions = 1.2.2...

4.3CVSS5.8AI score0.00007EPSS

Patchstack•added 2026/04/21 7:2 p.m.•2 views

WordPress Google PageRank Display plugin <= 1.4 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Google PageRank Display versions = 1.4...

4.3CVSS5.8AI score0.0001EPSS

Patchstack•added 2026/04/21 3:41 p.m.•4 views

WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by HuajiHD in WordPress Plugin GiveWP versions = 4.14.2...

Patchstack•added 2026/04/21 3:23 p.m.•6 views

WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Alexis Lafontaine in WordPress Plugin Royal MCP versions = 1.4.2...

Patchstack•added 2026/04/21 3:22 p.m.•3 views

WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Skoobi in WordPress Plugin Booking Package versions = 1.7.06...

Patchstack•added 2026/04/21 3:21 p.m.•5 views

WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions = 4.7.9...

Patchstack•added 2026/04/21 3:18 p.m.•4 views

WordPress GeekyBot plugin <= 1.2.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin GeekyBot versions = 1.2.2...

Patchstack•added 2026/04/21 3:16 p.m.•4 views

WordPress FunnelFormsPro plugin <= 3.8.1 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by 3ele / Sebastian Weiss in WordPress Plugin FunnelFormsPro versions = 3.8.1...

9.9CVSS5.8AI score0.00022EPSS

Exploits1Affected Software1

Patchstack•added 2026/04/21 3:10 p.m.•11 views

WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Contest Gallery versions = 28.1.6...

Patchstack•added 2026/04/21 2:25 p.m.•1 views

WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO in WordPress Plugin ListingPro versions = 2.9.10...

Patchstack•added 2026/04/21 10:51 a.m.•5 views

WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Min Max Step Quantity Limits Manager for WooCommerce versions = 5.2.2...

Patchstack•added 2026/04/21 10:9 a.m.•4 views

WordPress Coupon Affiliates plugin <= 7.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Coupon Affiliates versions = 7.5.3...

Patchstack•added 2026/04/21 10:5 a.m.•4 views

WordPress Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field plugin <= 1.0.6 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by babyhack@OPCIA in WordPress Plugin Contact Form Extender for Divi Save Entries, File Upload & Country Code Field versions = 1.0.6...

Patchstack•added 2026/04/21 9:57 a.m.•3 views

WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Lubin Regnault in WordPress Plugin Salon booking system versions = 10.30.24...

Patchstack•added 2026/04/21 9:53 a.m.•4 views

WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Motors versions 1.4.107...

Patchstack•added 2026/04/21 9:51 a.m.•2 views

WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dahmani Toumi pegaSUS in WordPress Plugin wpForo Forum versions 3.0.2...

Patchstack•added 2026/04/21 9:43 a.m.•4 views

WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jakub Herman in WordPress Plugin MasterStudy LMS versions = 3.7.25...

Patchstack•added 2026/04/21 9:34 a.m.•4 views

WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ritsuy in WordPress Plugin collectchat versions = 2.4.9...

Patchstack•added 2026/04/21 9:32 a.m.•5 views

WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin WPGraphQL versions 2.11.1...

Patchstack•added 2026/04/21 9:21 a.m.•2 views

WordPress Responsive Blocks – Page Builder for Blocks & Patterns plugin 2.0.9-2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Modification vulnerability discovered by Even S in WordPress Plugin Responsive Blocks versions 2.0.9-2.2.1...

4.3CVSS5.8AI score0.0004EPSS

Patchstack•added 2026/04/21 9:9 a.m.•3 views

WordPress plugin: CMS für Motorrad Werkstätten plugin <= 1.0.0 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Régis SENET - ORHUS in WordPress Plugin CMS für Motorrad Werkstätten versions = 1.0.0...

6.5CVSS5.8AI score0.00013EPSS

Patchstack•added 2026/04/21 2:20 a.m.•1 views

WordPress Email Encoder plugin < 2.3.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Encoder Bundle versions 2.3.4...

3.5CVSS5.8AI score0.00031EPSS

Patchstack•added 2026/04/21 1:58 a.m.•2 views

WordPress Responsive Blocks plugin <= 2.2.0 - Unauthenticated Open Email Relay via REST API 'email_to' Parameter vulnerability

Unauthenticated Open Email Relay via REST API 'emailto' Parameter vulnerability discovered by Even S in WordPress Plugin Responsive Blocks versions = 2.2.0...

5.3CVSS5.8AI score0.00032EPSS

Patchstack•added 2026/04/20 6:26 p.m.•2 views

WordPress Website LLMs.txt plugin <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Website LLMs.txt versions = 8.2.6...

4.4CVSS5.8AI score0.00031EPSS

Patchstack•added 2026/04/20 3:49 p.m.•6 views

WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Advanced Product Fields Product Addons for WooCommerce versions = 1.6.19...

Patchstack•added 2026/04/20 3:40 p.m.•4 views

WordPress YayMail plugin <= 4.3.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin YayMail versions = 4.3.3...

Patchstack•added 2026/04/20 3:15 p.m.•1 views

WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Responsive Slider by MetaSlider versions = 3.106.0...

7.2CVSS5.8AI score0.00063EPSS