Lucene search
K
PatchstackRecent

46662 matches found

Patchstack
Patchstack
added 2026/05/19 12:3 p.m.8 views

WordPress Faces of Users plugin <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Faces of Users versions = 0.0.3...

6.4CVSS5.8AI score0.00246EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/19 10:51 a.m.10 views

WordPress Presto Player plugin <= 4.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Presto Player versions = 4.1.3...

4.3CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/19 3:10 a.m.9 views

WordPress Active Products Tables for WooCommerce plugin <= 1.0.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by endy in WordPress Plugin Active Products Tables for WooCommerce versions = 1.0.8...

9.3CVSS5.9AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/18 8:59 p.m.7 views

WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tiago Ventura @perses in WordPress Plugin wpForo Forum versions = 3.0.6...

9.1CVSS5.8AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/18 7:2 p.m.17 views

NPM: ws: Uninitialized memory disclosure

NPM: ws: Uninitialized memory disclosure vulnerability discovered by ? in WordPress Npm ws versions = 8.0.0, 8.20.1...

7.5CVSS5.8AI score0.00717EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/05/18 5:44 p.m.14 views

NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows

NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows vulnerability discovered by ? in WordPress Npm budibase versions 3.38.1...

5.4CVSS5.8AI score0.00146EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/18 5:41 p.m.7 views

NPM: n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete

NPM: n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete vulnerability discovered by ? in WordPress Npm n8n-mcp versions = 2.51.1...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/18 5:40 p.m.10 views

NPM: multiparty vulnerable to ReDoS via filename parsing

NPM: multiparty vulnerable to ReDoS via filename parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References6Affected Software1
Patchstack
Patchstack
added 2026/05/18 5:35 p.m.9 views

NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/18 5:35 p.m.9 views

NPM: multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception

NPM: multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2026/05/18 5:0 p.m.17 views

NPM: dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport

NPM: dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport vulnerability discovered by ? in WordPress Npm dynoxide versions = 0.9.3, 0.9.13...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/18 4:43 p.m.10 views

NPM: parse-nested-form-data has Prototype Pollution via `__proto__` in FormData field names

NPM: parse-nested-form-data has Prototype Pollution via proto in FormData field names vulnerability discovered by ? in WordPress Npm parse-nested-form-data versions = 1.0.0...

8.2CVSS5.8AI score0.00315EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/18 4:22 p.m.18 views

NPM: brace-expansion: Large numeric range defeats documented `max` DoS protection

NPM: brace-expansion: Large numeric range defeats documented max DoS protection vulnerability discovered by ? in WordPress Npm brace-expansion versions = 5.0.0, 5.0.6...

6.5CVSS5.8AI score0.00278EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/18 2:20 p.m.9 views

NPM: Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass

NPM: Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass vulnerability discovered by ? in WordPress Npm neotoma versions = 0.6.0, 0.11.1...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/18 1:31 p.m.11 views

NPM: webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

NPM: webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins vulnerability discovered by ? in WordPress Npm webpack-dev-server versions = 5.2.3...

6.5CVSS5.9AI score0.00216EPSS
Exploits0References6Affected Software1
Patchstack
Patchstack
added 2026/05/18 1:28 p.m.8 views

NPM: form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys

NPM: form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys vulnerability discovered by ? in WordPress Npm form-data-objectizer versions = 1.0.0...

8.2CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/18 1:26 p.m.10 views

NPM: n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters

NPM: n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters vulnerability discovered by ? in WordPress Npm n8n-mcp versions 2.51.3...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/18 6:22 a.m.7 views

WordPress e2pdf plugin <= 1.32.14 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin e2pdf versions = 1.32.14...

7.1CVSS5.8AI score0.00142EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/18 3:18 a.m.15 views

WordPress AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin 3.4.9-3.4.9 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by daroo in WordPress Plugin AI Engine versions 3.4.9-3.4.9...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/17 11:15 a.m.7 views

WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Contest Gallery Pro versions = 29.0.1...

9.8CVSS5.8AI score0.00331EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/17 9:4 a.m.8 views

WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by thevietronin in WordPress Plugin Classified Listing versions = 5.3.8...

6.5CVSS5.8AI score0.00295EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/16 1:46 p.m.8 views

WordPress GiveWP plugin <= 4.14.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin GiveWP versions = 4.14.5...

7.1CVSS5.8AI score0.00203EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/15 11:56 p.m.12 views

WordPress WP Document Revisions plugin <= 3.8.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin WP Document Revisions versions = 3.8.1...

7.5CVSS5.8AI score0.00232EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/15 7:46 p.m.11 views

WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin myCred versions = 3.0.4...

6.5CVSS5.8AI score0.0013EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/15 5:41 p.m.11 views

NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation

NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation vulnerability discovered by ? in WordPress Npm better-auth versions 1.4.17...

7.3CVSS5.8AI score0.00295EPSS
Exploits0References6Affected Software1
Patchstack
Patchstack
added 2026/05/15 5:33 p.m.25 views

NPM: Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state storage is used without PKCE

NPM: Better Auth: OAuth callback accepts mismatched state when cookie-backed state storage is used without PKCE vulnerability discovered by ? in WordPress Npm better-auth versions 1.6.2...

5.8AI score
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/15 3:22 p.m.10 views

WordPress Hydra Booking plugin <= 1.1.41 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by raihan adi arba in WordPress Plugin Hydra Booking versions = 1.1.41...

7.3CVSS5.8AI score0.00178EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/15 1:35 p.m.9 views

WordPress Essential Chat Support plugin <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset vulnerability

Missing Authorization to Unauthenticated Settings Reset vulnerability discovered by Legion Hunter in WordPress Plugin Essential Chat Support versions = 1.0.1...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/15 10:42 a.m.14 views

WordPress Smart Coupons for WooCommerce plugin < 2.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hhhai in WordPress Plugin Smart Coupons for WooCommerce versions 2.3.0...

7.5CVSS5.8AI score0.00289EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/15 10:42 a.m.11 views

WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Nguyen Cong Quang in WordPress Plugin Advanced Custom Fields: Font Awesome Field versions = 5.0.2...

6.4CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/15 10:34 a.m.15 views

WordPress Smartcat Translator for WPML plugin <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by Alexis Lafontaine in WordPress Plugin Smartcat Translator for WPML versions = 3.1.77...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/15 10:31 a.m.13 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.36 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Colin Xu in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.36...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/15 10:15 a.m.12 views

WordPress Quick Playground plugin <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read vulnerability

Unauthenticated Path Traversal to Arbitrary File Read vulnerability discovered by ? in WordPress Plugin Quick Playground versions = 1.3.3...

7.5CVSS5.8AI score0.00811EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/15 9:58 a.m.16 views

WordPress Receive Notifications After Form Submitting – Form Notify for Any Forms plugin <= 1.1.10 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Receive Notifications After Form Submitting – Form Notify for Any Forms versions = 1.1.10...

9.8CVSS5.8AI score0.0073EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/05/15 12:0 a.m.8 views

WordPress Multicollab: Content Team Collaboration and Editorial Workflow plugin <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration Comment vulnerability

Missing Authorization to Authenticated Subscriber+ Collaboration Comment vulnerability discovered by Jigar Bhanushali Jigar787 - https://jigarbhanushali.com/ in WordPress Plugin Multicollab – Google Doc-Style Editorial Commenting for WordPress versions = 5.2...

4.3CVSS5.8AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 9:14 p.m.33 views

NPM: vm2 Has a Sandbox Breakout Using Async Generator

NPM: vm2 Has a Sandbox Breakout Using Async Generator vulnerability discovered by ? in WordPress Npm vm2 versions = 3.11.2...

9.8CVSS5.8AI score0.00568EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:30 p.m.14 views

NPM: Svelte: SSR XSS via Insecure Promise Serialization in hydratable

NPM: Svelte: SSR XSS via Insecure Promise Serialization in hydratable vulnerability discovered by ? in WordPress Npm svelte versions = 5.46.0, = 5.55.6...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:30 p.m.7 views

NPM: electerm's encrypt method not safe enough

NPM: electerm's encrypt method not safe enough vulnerability discovered by ? in WordPress Npm electerm versions 3.9.5...

6CVSS5.8AI score0.00105EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:29 p.m.10 views

NPM: Electerm Local code through electerm's single-instance socket

NPM: Electerm Local code through electerm's single-instance socket vulnerability discovered by ? in WordPress Npm electerm versions = 3.0.6, = 3.8.8...

9.3CVSS5.9AI score0.00114EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:29 p.m.7 views

NPM: DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval

NPM: DeepSeek TUI: runtests Tool Enables RCE via Malicious Repository Without Approval vulnerability discovered by ? in WordPress Npm deepseek-tui versions = 0.3.0, 0.8.23...

9.6CVSS5.8AI score0.00375EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:29 p.m.8 views

NPM: DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool

NPM: DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetchurl Tool vulnerability discovered by ? in WordPress Npm deepseek-tui versions 0.8.22...

7.4CVSS5.8AI score0.00226EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:29 p.m.10 views

NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State

NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State vulnerability discovered by ? in WordPress Npm svelte versions = 5.55.6...

5.8AI score0.00319EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:29 p.m.8 views

NPM: Svelte: ReDoS in `<svelte:element>` Tag Validation

NPM: Svelte: ReDoS in Tag Validation vulnerability discovered by ? in WordPress Npm svelte versions = 5.51.5, = 5.55.6...

5.8AI score0.00421EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:27 p.m.7 views

NPM: Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order

NPM: Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order vulnerability discovered by ? in WordPress Npm open-webui versions = 0.7.2...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:26 p.m.8 views

NPM: Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution

NPM: Open WebUI: Missing workspace.tools Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution vulnerability discovered by ? in WordPress Npm open-webui versions 0.9.5...

7.2CVSS5.8AI score0.00437EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:23 p.m.12 views

NPM: Svelte devalue: DoS via sparse array deserialization

NPM: Svelte devalue: DoS via sparse array deserialization vulnerability discovered by ? in WordPress Npm devalue versions = 5.6.3, = 5.8.0...

5.8AI score0.00384EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:21 p.m.10 views

NPM: Open WebUI Has Stored Cross-Site Scripting in SVG Renderer

NPM: Open WebUI Has Stored Cross-Site Scripting in SVG Renderer vulnerability discovered by ? in WordPress Npm open-webui versions 0.6.31...

5.4CVSS5.8AI score0.00165EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:19 p.m.10 views

NPM: Svelte SSR vulnerable to cross-site scripting via spread attributes

NPM: Svelte SSR vulnerable to cross-site scripting via spread attributes vulnerability discovered by ? in WordPress Npm svelte versions = 5.55.6...

5.4CVSS5.6AI score0.00189EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:15 p.m.7 views

NPM: Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark

NPM: Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark vulnerability discovered by ? in WordPress Npm electerm versions = 3.8.8...

9.4CVSS5.8AI score0.00234EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/14 7:53 p.m.12 views

WordPress Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin <= 5.3.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by momopon1415 in WordPress Plugin Classified Listing versions = 5.3.10...

4.3CVSS5.8AI score0.00265EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46662