Lucene search
K
PatchstackRecent

46684 matches found

Patchstack
Patchstack
added 2026/05/09 5:36 a.m.7 views

WordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Benedictus Jovan aillesim/eneri in WordPress Plugin AI Product Search for WooCommerce Motive Commerce Search versions = 1.38.2...

5.8AI score0.00254EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/09 12:46 a.m.8 views

NPM: Hono has CSS Declaration Injection via Style Object Values in JSX SSR

NPM: Hono has CSS Declaration Injection via Style Object Values in JSX SSR vulnerability discovered by ? in WordPress Npm hono versions 4.12.18...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/09 12:45 a.m.8 views

NPM: Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

NPM: Hono has improper validation of NumericDate claims exp, nbf, iat in JWT verify vulnerability discovered by ? in WordPress Npm hono versions 4.12.18...

3.8CVSS5.8AI score0.00216EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/09 12:40 a.m.11 views

NPM: Velocity.js has a Prototype Pollution vulnerability through #set path assignment

NPM: Velocity.js has a Prototype Pollution vulnerability through set path assignment discovered by ? in WordPress Npm velocityjs versions = 2.1.5...

5.8AI score0.00505EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/05/09 12:28 a.m.8 views

NPM: Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

NPM: Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage vulnerability discovered by ? in WordPress Npm hono versions 4.12.18...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/08 11:40 p.m.8 views

WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin <= 3.3.6 - Unauthenticated Information Disclosure vulnerability

Unauthenticated Information Disclosure vulnerability discovered by Ronnachai Chaipha rxnr - Reconix Co., Ltd. in WordPress Plugin Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity versions = 3.3.6...

5.3CVSS5.8AI score0.00449EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/08 8:49 p.m.10 views

NPM: eventsource-encoder vulnerable to SSE event injection via unsanitized `event` and `id` fields

NPM: eventsource-encoder vulnerable to SSE event injection via unsanitized event and id fields vulnerability discovered by ? in WordPress Npm eventsource-encoder versions = 1.0.1...

5.8AI score0.00277EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/08 8:43 p.m.8 views

NPM: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

NPM: Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability discovered by ? in WordPress Npm cline versions = 2.13.0...

5.8AI score0.0018EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/05/08 7:13 p.m.9 views

NPM: fast-uri vulnerable to host confusion via percent-encoded authority delimiters

NPM: fast-uri vulnerable to host confusion via percent-encoded authority delimiters vulnerability discovered by ? in WordPress Npm fast-uri versions = 3.1.1...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/08 7:0 p.m.11 views

NPM: open-webui Vulnerable to Stored XSS via Model Description

NPM: open-webui Vulnerable to Stored XSS via Model Description vulnerability discovered by ? in WordPress Npm open-webui versions = 0.8.12...

7.3CVSS7.2AI score0.00308EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/08 6:46 p.m.12 views

NPM: Electerm users can run dangrous code through link or command line

NPM: Electerm users can run dangrous code through link or command line vulnerability discovered by ? in WordPress Npm electerm versions = 3.0.6, 3.8.8...

9.6CVSS5.9AI score0.00363EPSS
Exploits0References7Affected Software1
Patchstack
Patchstack
added 2026/05/08 6:43 p.m.11 views

NPM: Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor

NPM: Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor discovered by ? in WordPress Npm electerm versions = 3.7.8...

7.8CVSS5.8AI score0.00167EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/08 6:37 p.m.10 views

NPM: Electerm's full process.env exposed to renderer via window.pre.env

NPM: Electerm's full process.env exposed to renderer via window.pre.env vulnerability discovered by ? in WordPress Npm electerm versions = 3.8.15...

5.5CVSS5.8AI score0.00103EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/08 6:35 p.m.11 views

NPM: Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click

NPM: Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click vulnerability discovered by ? in WordPress Npm electerm versions = 3.8.15...

9.6CVSS6AI score0.00394EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/08 6:34 p.m.11 views

NPM: Electerm runWidget has a path traversal that leads to arbitrary code execution

NPM: Electerm runWidget has a path traversal that leads to arbitrary code execution vulnerability discovered by ? in WordPress Npm electerm versions 3.7.16...

8.4CVSS6.3AI score0.00167EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/08 5:15 p.m.9 views

NPM: fast-uri vulnerable to path traversal via percent-encoded dot segments

NPM: fast-uri vulnerable to path traversal via percent-encoded dot segments vulnerability discovered by ? in WordPress Npm fast-uri versions = 3.1.0...

7.5CVSS5.8AI score0.00521EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/08 5:0 p.m.10 views

NPM: n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure

NPM: n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure vulnerability discovered by ? in WordPress Npm n8n-mcp versions 2.50.1...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/08 4:59 p.m.8 views

NPM: n8n-mcp webhook and API client paths has an authenticated SSRF

NPM: n8n-mcp webhook and API client paths has an authenticated SSRF vulnerability discovered by ? in WordPress Npm n8n-mcp versions = 2.18.7, 2.50.2...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/08 4:29 p.m.9 views

NPM: fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes

NPM: fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes vulnerability discovered by ? in WordPress Npm fast-xml-builder versions = 1.1.6...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/08 4:27 p.m.8 views

NPM: fast-xml-builder Comment Value regex can be bypassed

NPM: fast-xml-builder Comment Value regex can be bypassed vulnerability discovered by ? in WordPress Npm fast-xml-builder versions 1.1.5...

6.1CVSS5.8AI score0.00194EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/08 4:22 p.m.23 views

NPM: vm2 has access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`

NPM: vm2 has access to VM2INTERNALSTATEDONOTUSEORPROGRAMWILLFAIL vulnerability discovered by ? in WordPress Npm vm2 versions 3.11.2...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/08 4:20 p.m.9 views

NPM: vm2 has Sandbox Breakout Through Null Proto Exception

NPM: vm2 has Sandbox Breakout Through Null Proto Exception vulnerability discovered by ? in WordPress Npm vm2 versions 3.11.2...

9.8CVSS6AI score0.00812EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/05/08 3:58 p.m.18 views

NPM: vm2 has sandbox breakout via `neutralizeArraySpeciesBatch`

NPM: vm2 has sandbox breakout via neutralizeArraySpeciesBatch vulnerability discovered by ? in WordPress Npm vm2 versions = 3.11.1...

9.8CVSS6AI score0.00851EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/05/08 2:16 p.m.6 views

WordPress LatePoint – Calendar Booking Plugin for Appointments and Events plugin <= 5.5.0 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin LatePoint versions = 5.5.0...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/08 10:38 a.m.7 views

WordPress Simple Cloudflare Turnstile plugin <= 1.38.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by David Marín in WordPress Plugin Simple Cloudflare Turnstile versions = 1.38.0...

5.8AI score0.00309EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/08 10:0 a.m.7 views

WordPress Avante theme < 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Avante versions 3.0.5...

5.8AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/08 9:56 a.m.14 views

WordPress Auto Affiliate Links plugin <= 6.8.8 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by DJumanto in WordPress Plugin Auto Affiliate Links versions = 6.8.8...

7.2CVSS5.8AI score0.00366EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/08 9:23 a.m.8 views

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.3.1 - Authenticated (Subscriber+) PHP Object Injection vulnerability

Authenticated Subscriber+ PHP Object Injection vulnerability discovered by d.v4ns3c in WordPress Plugin WP User Frontend versions = 4.3.1...

8.8CVSS5.8AI score0.00951EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/08 12:31 a.m.16 views

NPM: short-video-maker has a path traversal vulnerability

NPM: short-video-maker has a path traversal vulnerability discovered by ? in WordPress Npm short-video-maker versions = 1.3.4...

6.9CVSS6AI score0.00575EPSS
Exploits0References7Affected Software1
Patchstack
Patchstack
added 2026/05/07 9:45 p.m.8 views

NPM: mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening

NPM: mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening vulnerability discovered by ? in WordPress Npm mcp-ssh-tool versions = 2.1.0...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/07 9:24 p.m.11 views

WordPress NMR Strava activities plugin <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin NMR Strava activities versions = 1.0.14...

6.4CVSS5.8AI score0.00269EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/07 8:52 p.m.14 views

NPM: nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)

NPM: nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix IPv6 + redirect vulnerability discovered by ? in WordPress Npm nuxt-og-image versions = 6.2.5, 6.4.9...

3.7CVSS5.8AI score0.00171EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/07 8:49 p.m.7 views

WordPress Sky Addons – Elementor Addons with Widgets & Templates plugin <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Sky Addons for Elementor versions = 3.3.2...

6.4CVSS5.8AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/07 8:45 p.m.9 views

WordPress E2Pdf – Export Pdf Tool for WordPress plugin <= 1.32.17 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin e2pdf versions = 1.32.17...

6.4CVSS5.8AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/07 6:30 p.m.9 views

NPM: query-parser-string is vulnerable to Prototype Pollution

NPM: query-parser-string is vulnerable to Prototype Pollution vulnerability discovered by ? in WordPress Npm query-string-parser versions 1.0.0...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/07 6:30 p.m.9 views

NPM: youtube-regex vulnerable to Regex Denial of Service

NPM: youtube-regex vulnerable to Regex Denial of Service vulnerability discovered by ? in WordPress Npm youtube-regex versions = 1.0.5...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/07 6:30 p.m.8 views

NPM: parse-ini is vulnerable to Prototype Pollution in index.js()

NPM: parse-ini is vulnerable to Prototype Pollution in index.js vulnerability discovered by ? in WordPress Npm parse-ini versions 1.0.6...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/07 5:32 p.m.17 views

NPM: Compromised version of intercom-client published to npm

NPM: Compromised version of intercom-client published to npm vulnerability discovered by ? in WordPress Npm intercom-client versions 7.0.4...

5.8AI score
Exploits0References6Affected Software1
Patchstack
Patchstack
added 2026/05/07 4:40 p.m.17 views

NPM: Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker

NPM: Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker vulnerability discovered by ? in WordPress Npm cinny versions 4.10.3...

5.8AI score0.00302EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/07 3:38 p.m.10 views

NPM: node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js

NPM: node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js vulnerability discovered by ? in WordPress Npm node-ts-ocr versions 1.0.15...

8.8CVSS5.8AI score0.01185EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/07 2:41 p.m.8 views

WordPress bunny.net plugin <= 2.3.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin bunny.net versions = 2.3.6...

5.8AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/07 2:39 p.m.9 views

WordPress eMagicOne Store Manager plugin <= 1.3.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ossacip Thanh in WordPress Plugin eMagicOne Store Manager versions = 1.3.2...

5.9AI score0.00372EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/07 10:26 a.m.16 views

WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export vulnerability

Missing Authorization to Authenticated Subscriber+ Scheduled Form Submission Export vulnerability discovered by anhcd05 - VNPT Cyber Immunity in WordPress Plugin Forminator versions = 1.53.0...

6.5CVSS5.8AI score0.00438EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/07 10:19 a.m.16 views

WordPress BEAR plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by benzdeus in WordPress Plugin BEAR versions = 1.1.5...

4.3CVSS5.8AI score0.00095EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/07 10:11 a.m.13 views

WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion vulnerability

Unauthenticated Arbitrary Appointment View, Modification and Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simply Schedule Appointments versions = 1.6.10.6...

6.5CVSS5.8AI score0.00492EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/07 9:59 a.m.13 views

WordPress BetterDocs Pro plugin <= 3.7.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin BetterDocs Pro versions = 3.7.0...

7.5CVSS5.9AI score0.00395EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/07 9:46 a.m.14 views

WordPress Slider Revolution plugin 7.0.0-7.0.10 - 7.0.10 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

WordPress Slider Revolution plugin 7.0.0-7.0.10 - 7.0.10 - Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by h0xilo in WordPress Plugin Slider Revolution versions 7.0.0-7.0.10...

8.8CVSS5.8AI score0.00815EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/07 8:36 a.m.13 views

WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin PDF Poster versions = 2.4.1...

5.3CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/07 7:53 a.m.14 views

WordPress WEN Logo Slider plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin WEN Logo Slider versions = 3.4.0...

5.9CVSS5.8AI score0.00136EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/07 7:45 a.m.10 views

WordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Bus Ticket Booking with Seat Reservation versions 5.6.8...

5.3CVSS5.8AI score0.00171EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46684