Lucene search
K
PatchstackRecent

46629 matches found

Patchstack
Patchstack
added 2026/05/19 1:32 p.m.9 views

WordPress Xpro Addons — 140+ Widgets for Elementor plugin <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation vulnerability

Missing Authorization to Unauthenticated Xpro Template Creation vulnerability discovered by at1as - Self-Employed in WordPress Plugin Xpro Elementor Addons versions = 1.5.0...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:13 p.m.9 views

WordPress TypeSquare Webfonts for ConoHa plugin <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Settings Modification vulnerability discovered by ? in WordPress Plugin TypeSquare Webfonts for ConoHa versions = 2.0.4...

4.3CVSS5.8AI score0.00294EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:12 p.m.9 views

WordPress Read More & Accordion plugin <= 3.5.7 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by BIMA IKHSAN in WordPress Plugin Read More & Accordion versions = 3.5.7...

4.9CVSS5.9AI score0.00448EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:11 p.m.9 views

WordPress Logo Manager For Enamad plugin <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Logo Manager For Enamad versions = 0.7.4...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:7 p.m.11 views

WordPress Remove Yellow BGBOX plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Remove Yellow BGBOX versions = 1.0...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:7 p.m.10 views

WordPress JaviBola Custom Theme Test plugin <= 2.0.5 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin JaviBola Custom Theme Test versions = 2.0.5...

4.3CVSS5.8AI score0.00179EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:6 p.m.10 views

WordPress BLOGCHAT Chat System plugin <= 1.3.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin BLOGCHAT Chat System versions = 1.3.6.3...

6.1CVSS5.8AI score0.00174EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:6 p.m.7 views

WordPress Amazon Scraper plugin <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Amazon Scraper versions = 1.1...

4.3CVSS5.8AI score0.00191EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:6 p.m.10 views

WordPress Games Catalog plugin <= 1.2.0 - Cross-Site Request Forgery to Arbitrary Game/Post Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Game/Post Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Games Catalog versions = 1.2.0...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:5 p.m.12 views

WordPress Bigfishgames Syndicate plugin <= 1.2 - Cross-Site Request Forgery to Settings Reset and Update vulnerability

Cross-Site Request Forgery to Settings Reset and Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Bigfishgames Syndicate versions = 1.2...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:5 p.m.9 views

WordPress Anomify AI – Anomaly Detection and Alerting plugin <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Anomify AI – Anomaly Detection and Alerting versions = 0.3.6...

4.4CVSS5.8AI score0.00239EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:4 p.m.8 views

WordPress Bottom Bar plugin <= 0.1.7 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Bottom Bar versions = 0.1.7...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:4 p.m.10 views

WordPress Child Height Predictor by Ostheimer plugin <= 1.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Child Height Predictor by Ostheimer versions = 1.3...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:4 p.m.7 views

WordPress General Options plugin <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin General Options versions = 1.1.0...

4.4CVSS5.8AI score0.0023EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:4 p.m.10 views

WordPress Sticky plugin <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Sticky versions = 2.5.6...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:3 p.m.8 views

WordPress Word 2 Cash plugin <= 0.9.2 - Cross-Site Request Forgeryto Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgeryto Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Word 2 Cash versions = 0.9.2...

6.1CVSS5.8AI score0.00153EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:3 p.m.8 views

WordPress Sentence To SEO (keywords, description and tags) plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Sentence To SEO keywords, description and tags versions = 1.0...

6.1CVSS5.8AI score0.00174EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 12:3 p.m.8 views

WordPress Faces of Users plugin <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Faces of Users versions = 0.0.3...

6.4CVSS5.8AI score0.00246EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 10:51 a.m.9 views

WordPress Presto Player plugin <= 4.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Presto Player versions = 4.1.3...

4.3CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/19 3:10 a.m.9 views

WordPress Active Products Tables for WooCommerce plugin <= 1.0.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by endy in WordPress Plugin Active Products Tables for WooCommerce versions = 1.0.8...

9.3CVSS5.9AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/18 8:59 p.m.7 views

WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tiago Ventura @perses in WordPress Plugin wpForo Forum versions = 3.0.6...

9.1CVSS5.8AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/18 7:2 p.m.17 views

NPM: ws: Uninitialized memory disclosure

NPM: ws: Uninitialized memory disclosure vulnerability discovered by ? in WordPress Npm ws versions = 8.0.0, 8.20.1...

7.5CVSS5.8AI score0.00717EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/05/18 5:44 p.m.14 views

NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows

NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows vulnerability discovered by ? in WordPress Npm budibase versions 3.38.1...

5.4CVSS5.8AI score0.00146EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/18 5:41 p.m.7 views

NPM: n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete

NPM: n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete vulnerability discovered by ? in WordPress Npm n8n-mcp versions = 2.51.1...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/18 5:40 p.m.10 views

NPM: multiparty vulnerable to ReDoS via filename parsing

NPM: multiparty vulnerable to ReDoS via filename parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References6Affected Software1
Patchstack
Patchstack
added 2026/05/18 5:35 p.m.9 views

NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/18 5:35 p.m.9 views

NPM: multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception

NPM: multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2026/05/18 5:0 p.m.17 views

NPM: dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport

NPM: dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport vulnerability discovered by ? in WordPress Npm dynoxide versions = 0.9.3, 0.9.13...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/18 4:43 p.m.10 views

NPM: parse-nested-form-data has Prototype Pollution via `__proto__` in FormData field names

NPM: parse-nested-form-data has Prototype Pollution via proto in FormData field names vulnerability discovered by ? in WordPress Npm parse-nested-form-data versions = 1.0.0...

8.2CVSS5.8AI score0.00315EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/18 4:22 p.m.17 views

NPM: brace-expansion: Large numeric range defeats documented `max` DoS protection

NPM: brace-expansion: Large numeric range defeats documented max DoS protection vulnerability discovered by ? in WordPress Npm brace-expansion versions = 5.0.0, 5.0.6...

6.5CVSS5.8AI score0.00278EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/18 2:20 p.m.9 views

NPM: Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass

NPM: Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass vulnerability discovered by ? in WordPress Npm neotoma versions = 0.6.0, 0.11.1...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/18 1:31 p.m.11 views

NPM: webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

NPM: webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins vulnerability discovered by ? in WordPress Npm webpack-dev-server versions = 5.2.3...

6.5CVSS5.9AI score0.00216EPSS
Exploits0References6Affected Software1
Patchstack
Patchstack
added 2026/05/18 1:28 p.m.8 views

NPM: form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys

NPM: form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys vulnerability discovered by ? in WordPress Npm form-data-objectizer versions = 1.0.0...

8.2CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/18 1:26 p.m.10 views

NPM: n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters

NPM: n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters vulnerability discovered by ? in WordPress Npm n8n-mcp versions 2.51.3...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/18 6:22 a.m.7 views

WordPress e2pdf plugin <= 1.32.14 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin e2pdf versions = 1.32.14...

7.1CVSS5.8AI score0.00142EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/18 3:18 a.m.15 views

WordPress AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin 3.4.9-3.4.9 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by daroo in WordPress Plugin AI Engine versions 3.4.9-3.4.9...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/17 11:15 a.m.7 views

WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Contest Gallery Pro versions = 29.0.1...

9.8CVSS5.8AI score0.00331EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/17 9:4 a.m.8 views

WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by thevietronin in WordPress Plugin Classified Listing versions = 5.3.8...

6.5CVSS5.8AI score0.00295EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/16 1:46 p.m.8 views

WordPress GiveWP plugin <= 4.14.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin GiveWP versions = 4.14.5...

7.1CVSS5.8AI score0.00203EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/15 11:56 p.m.12 views

WordPress WP Document Revisions plugin <= 3.8.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin WP Document Revisions versions = 3.8.1...

7.5CVSS5.8AI score0.00232EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/15 7:46 p.m.11 views

WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin myCred versions = 3.0.4...

6.5CVSS5.8AI score0.0013EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/15 5:41 p.m.11 views

NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation

NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation vulnerability discovered by ? in WordPress Npm better-auth versions 1.4.17...

7.3CVSS5.8AI score0.00295EPSS
Exploits0References6Affected Software1
Patchstack
Patchstack
added 2026/05/15 5:33 p.m.25 views

NPM: Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state storage is used without PKCE

NPM: Better Auth: OAuth callback accepts mismatched state when cookie-backed state storage is used without PKCE vulnerability discovered by ? in WordPress Npm better-auth versions 1.6.2...

5.8AI score
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/15 3:22 p.m.10 views

WordPress Hydra Booking plugin <= 1.1.41 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by raihan adi arba in WordPress Plugin Hydra Booking versions = 1.1.41...

7.3CVSS5.8AI score0.00178EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/15 1:35 p.m.9 views

WordPress Essential Chat Support plugin <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset vulnerability

Missing Authorization to Unauthenticated Settings Reset vulnerability discovered by Legion Hunter in WordPress Plugin Essential Chat Support versions = 1.0.1...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/15 10:42 a.m.14 views

WordPress Smart Coupons for WooCommerce plugin < 2.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hhhai in WordPress Plugin Smart Coupons for WooCommerce versions 2.3.0...

7.5CVSS5.8AI score0.00289EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/15 10:42 a.m.11 views

WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Nguyen Cong Quang in WordPress Plugin Advanced Custom Fields: Font Awesome Field versions = 5.0.2...

6.4CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/15 10:34 a.m.15 views

WordPress Smartcat Translator for WPML plugin <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by Alexis Lafontaine in WordPress Plugin Smartcat Translator for WPML versions = 3.1.77...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/15 10:31 a.m.13 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.36 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Colin Xu in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.36...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/15 10:15 a.m.12 views

WordPress Quick Playground plugin <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read vulnerability

Unauthenticated Path Traversal to Arbitrary File Read vulnerability discovered by ? in WordPress Plugin Quick Playground versions = 1.3.3...

7.5CVSS5.8AI score0.00811EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46629