Patchstack - Page 31 of Patchstack Vulnerabilities List

Patchstack•added 2026/04/15 3:39 a.m.•2 views

WordPress List View Google Calendar plugin <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Event Description vulnerability discovered by Pattama Tangpoonponwiwat Kwan - - in WordPress Plugin List View Google Calendar versions = 7.4.3...

4.4CVSS5.8AI score0.00012EPSS

Patchstack•added 2026/04/15 3:37 a.m.•3 views

WordPress Nexi XPay plugin <= 8.3.0 - Missing Authorization to Unauthenticated Order Status Modification vulnerability

Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Nexi XPay versions = 8.3.0...

5.3CVSS5.8AI score0.00072EPSS

Patchstack•added 2026/04/15 3:37 a.m.•2 views

WordPress 3D FlipBook - PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure vulnerability

WordPress 3D FlipBook - PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin = 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure vulnerability discovered by Kai Aizen in WordPress Plugin 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery...

5.3CVSS5.8AI score0.03117EPSS

Patchstack•added 2026/04/15 12:0 a.m.•2 views

WordPress Inquiry form to posts or pages plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inqheader' Parameter vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Inquiry form to posts or pages versions = 1.0...

4.3CVSS5.8AI score0.0001EPSS

Patchstack•added 2026/04/14 11:37 a.m.•5 views

WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.8.7 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP Logo Showcase Responsive Slider and Carousel versions = 3.8.7...

Patchstack•added 2026/04/14 11:37 a.m.•1 views

WordPress Popup Anything plugin <= 2.9.1 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Popup Anything versions = 2.9.1...

Patchstack•added 2026/04/14 11:37 a.m.•6 views

WordPress Countdown Timer Ultimate plugin <= 2.6.9 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Countdown Timer Ultimate versions = 2.6.9...

Patchstack•added 2026/04/14 11:37 a.m.•11 views

WordPress WP Responsive Recent Post Slider/Carousel plugin <= 3.7.1 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP Responsive Recent Post Slider/Carousel versions = 3.7.1...

Patchstack•added 2026/04/14 11:37 a.m.•3 views

WordPress WP News and Scrolling Widgets plugin <= 5.0.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP News and Scrolling Widgets versions = 5.0.6...

Patchstack•added 2026/04/14 11:37 a.m.•4 views

WordPress WP Slick Slider and Image Carousel plugin <= 3.7.8.1 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP Slick Slider and Image Carousel versions = 3.7.8.1...

Patchstack•added 2026/04/14 11:37 a.m.•1 views

WordPress Album and Image Gallery plus Lightbox plugin <= 2.1.8 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Album and Image Gallery plus Lightbox versions = 2.1.8...

Patchstack•added 2026/04/14 11:37 a.m.•2 views

WordPress Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget plugin <= 3.5.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget versions = 3.5.6...

Patchstack•added 2026/04/14 11:37 a.m.•2 views

WordPress WP Blog and Widget plugin <= 2.6.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP Blog and Widget versions = 2.6.6...

Patchstack•added 2026/04/14 11:37 a.m.•7 views

WordPress Timeline and History slider plugin <= 2.4.5 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Timeline and History slider versions = 2.4.5...

Patchstack•added 2026/04/14 11:37 a.m.•2 views

WordPress Post grid and filter ultimate plugin <= 1.7.4 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Post grid and filter ultimate versions = 1.7.4...

Patchstack•added 2026/04/14 11:36 a.m.•5 views

WordPress Meta slider and carousel with lightbox plugin <= 2.0.8 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Meta slider and carousel with lightbox versions = 2.0.8...

Patchstack•added 2026/04/14 11:36 a.m.•4 views

WordPress WP responsive FAQ with category plugin <= 3.9.5 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP responsive FAQ with category versions = 3.9.5...

Patchstack•added 2026/04/14 11:36 a.m.•10 views

WordPress Accordion and Accordion Slider plugin <= 1.4.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Accordion and Accordion Slider versions = 1.4.6...

Patchstack•added 2026/04/14 11:36 a.m.•1 views

WordPress Team Slider and Team Grid Showcase plus Team Carousel plugin <= 2.8.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Team Slider and Team Grid Showcase plus Team Carousel versions = 2.8.6...

Patchstack•added 2026/04/14 11:36 a.m.•2 views

WordPress Trending/Popular Post Slider and Widget plugin <= 1.8.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Trending/Popular Post Slider and Widget versions = 1.8.6...

Patchstack•added 2026/04/14 11:36 a.m.•4 views

WordPress Featured Post Creative plugin <= 1.5.7 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Featured Post Creative versions = 1.5.7...

Patchstack•added 2026/04/14 11:36 a.m.•3 views

WordPress Portfolio and Projects plugin <= 1.5.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Portfolio and Projects versions = 1.5.6...

Patchstack•added 2026/04/14 11:36 a.m.•4 views

WordPress WP Featured Content and Slider plugin <= 1.7.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP Featured Content and Slider versions = 1.7.6...

Patchstack•added 2026/04/14 11:36 a.m.•6 views

WordPress Post Ticker Ultimate plugin <= 1.7.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Post Ticker Ultimate versions = 1.7.6...

Patchstack•added 2026/04/14 11:36 a.m.•7 views

WordPress Blog Designer - Post and Widget plugin <= 2.7.7 - Backdoor vulnerability

WordPress Blog Designer - Post and Widget plugin = 2.7.7 - Backdoor vulnerability discovered by ? in WordPress Plugin Blog Designer - Post and Widget versions = 2.7.7...

Patchstack•added 2026/04/14 11:35 a.m.•2 views

WordPress Video gallery and Player plugin <= 2.8.7 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Video gallery and Player versions = 2.8.7...

Patchstack•added 2026/04/14 11:2 a.m.•3 views

WordPress Product Filter for WooCommerce by WBW plugin < 3.1.3 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by mcdruid in WordPress Plugin Product Filter by WBW versions 3.1.3...

8.6CVSS5.8AI score0.00092EPSS

Patchstack•added 2026/04/14 11:1 a.m.•2 views

WordPress LearnPress plugin <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin LearnPress versions = 4.3.2.8...

9.1CVSS5.8AI score0.00034EPSS

Patchstack•added 2026/04/14 11:0 a.m.•3 views

WordPress Form Maker plugin < 1.15.38 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hiariz in WordPress Plugin Form Maker by 10Web versions 1.15.38...

6.8CVSS6AI score0.00015EPSS

Patchstack•added 2026/04/14 10:59 a.m.•3 views

WordPress JetEngine plugin <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter vulnerability

Unauthenticated SQL Injection via 'cctsearch' Parameter vulnerability discovered by hoshino in WordPress Plugin JetEngine versions = 3.8.6.1...

7.5CVSS6AI score0.00035EPSS

Patchstack•added 2026/04/14 10:54 a.m.•4 views

WordPress Germanized for WooCommerce plugin <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Germanized for WooCommerce versions = 3.20.5...

6.5CVSS5.8AI score0.00164EPSS

Patchstack•added 2026/04/14 3:41 a.m.•3 views

WordPress Eventin - Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure vulnerability

Events Calendar, Event Booking, Ticket & Registration AI Powered plugin = 4.1.8 Missing Authorization to Authenticated Subscriber+ Order Information Exposure vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WP Event SOlution versions = 4.1.8...

4.3CVSS5.8AI score0.00032EPSS

Patchstack•added 2026/04/14 3:39 a.m.•2 views

WordPress Smart Post Show - Post Grid, Post Carousel & Slider, and List Category Posts plugin <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection vulnerability

WordPress Smart Post Show - Post Grid, Post Carousel & Slider, and List Category Posts plugin = 3.0.12 - Authenticated Administrator+ PHP Object Injection vulnerability discovered by Vilaysone CHANTHAVONG 0xJ0cKkY - Cyberus Technologies in WordPress Plugin Post Grid, Post Carousel, & List Categor...

7.2CVSS5.8AI score0.00047EPSS

Patchstack•added 2026/04/14 3:38 a.m.•3 views

WordPress WholeSale Products Dynamic Pricing Management WooCommerce plugin <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WholeSale Products Dynamic Pricing Management WooCommerce versions = 1.2...

4.4CVSS5.8AI score0.00031EPSS

Patchstack•added 2026/04/14 3:38 a.m.•2 views

WordPress ShopLentor plugin <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'buttontext' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin ShopLentor versions = 3.3.5...

6.4CVSS5.8AI score0.00046EPSS

Patchstack•added 2026/04/14 3:37 a.m.•2 views

WordPress Surbma | Booking.com plugin <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Surbma | Booking.com Shortcode versions = 2.1...

6.4CVSS5.8AI score0.00037EPSS

Patchstack•added 2026/04/14 3:36 a.m.•4 views

WordPress BackWPup plugin <= 5.6.6 - Authenticated (Administrator+) Local File Inclusion via 'block_name' Parameter vulnerability

Authenticated Administrator+ Local File Inclusion via 'blockname' Parameter vulnerability discovered by PixelDefaultBR - Think IT in WordPress Plugin BackWPup versions = 5.6.6...

7.2CVSS5.8AI score0.00136EPSS

Exploits1References1Affected Software1

Patchstack•added 2026/04/14 2:35 a.m.•1 views

WordPress User Registration & Membership plugin <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter vulnerability

Unauthenticated Open Redirect via 'redirecttoonlogout' Parameter vulnerability discovered by Anthony Cihan Hann1bl3L3ct3r - Obviam in WordPress Plugin User Registration versions = 5.1.4...

6.1CVSS5.8AI score0.00884EPSS

Patchstack•added 2026/04/13 4:44 p.m.•3 views

WordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Post Duplicator versions = 3.0.10...

Patchstack•added 2026/04/13 4:21 p.m.•3 views

WordPress Booking Activities plugin <= 1.16.48.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Booking Activities versions = 1.16.48.1...

Patchstack•added 2026/04/13 4:15 p.m.•2 views

WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Meta Box – WordPress Custom Fields Framework versions = 5.11.1...

Patchstack•added 2026/04/13 2:17 p.m.•2 views

WordPress JupiterX Core plugin <= 4.14.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin JupiterX Core versions = 4.14.1...

Patchstack•added 2026/04/13 2:16 p.m.•3 views

WordPress Product Filter by WBW plugin <= 3.1.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Product Filter by WBW versions = 3.1.2...

Patchstack•added 2026/04/13 2:13 p.m.•4 views

WordPress GeoDirectory plugin <= 2.8.152 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Tin Pham aka TF1T in WordPress Plugin GeoDirectory versions = 2.8.152...

Patchstack•added 2026/04/13 2:11 p.m.•2 views

WordPress SpeakOut! Email Petitions plugin <= 4.6.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SpeakOut! Email Petitions versions = 4.6.5...

Patchstack•added 2026/04/13 2:9 p.m.•2 views

WordPress WP Photo Album Plus plugin <= 9.1.08.001 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Martín Martín in WordPress Plugin WP Photo Album Plus versions = 9.1.08.001...

Patchstack•added 2026/04/13 11:18 a.m.•2 views

WordPress ManageWP Worker plugin <= 4.9.31 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Steven Julian in WordPress Plugin ManageWP Worker versions = 4.9.31...

Patchstack•added 2026/04/13 11:14 a.m.•4 views

WordPress WP Directory Kit plugin <= 1.5.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Martín Martín in WordPress Plugin WP Directory Kit versions = 1.5.0...

6AI score0.00039EPSS

Patchstack•added 2026/04/13 11:3 a.m.•3 views

WordPress Easy Appointments plugin <= 3.12.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Martín Martín in WordPress Plugin Easy Appointments versions = 3.12.21...