Lucene search
K
PatchstackRecent

46684 matches found

Patchstack
Patchstack
added 2026/05/07 7:42 a.m.14 views

WordPress Team Member plugin <= 8.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Team Member versions = 8.5...

7.6CVSS5.9AI score0.0022EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/07 7:39 a.m.13 views

WordPress WPGraphQL plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin WPGraphQL versions = 2.5.3...

5.4CVSS5.8AI score0.00092EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/07 7:36 a.m.9 views

WordPress Happy Addons for Elementor plugin <= 3.20.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Shrikant Bhosale in WordPress Plugin Happy Addons for Elementor versions = 3.20.8...

5.3CVSS5.8AI score0.00336EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/07 7:34 a.m.9 views

WordPress YITH WooCommerce Wishlist plugin <= 4.12.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by PPzzAArr in WordPress Plugin YITH WooCommerce Wishlist versions = 4.12.0...

5.3CVSS5.8AI score0.00315EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/07 7:32 a.m.13 views

WordPress Royal Elementor Addons plugin < 1.7.1053 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Royal Elementor Addons versions 1.7.1053...

5.3CVSS5.8AI score0.00239EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/07 7:30 a.m.12 views

WordPress Royal Elementor Addons plugin < 1.7.1053 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Royal Elementor Addons versions 1.7.1053...

6.5CVSS5.8AI score0.00176EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/07 5:25 a.m.5 views

WordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin wpForo Forum versions = 3.0.4...

5.9AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/07 5:13 a.m.9 views

NPM: vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution

NPM: vm2 NodeVM nesting: true bypasses require: false allowing sandbox escape and arbitrary OS command execution vulnerability discovered by ? in WordPress Npm vm2 versions = 3.11.0...

9.1CVSS6.2AI score0.009EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2026/05/07 4:33 a.m.7 views

NPM: vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape

NPM: vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape vulnerability discovered by ? in WordPress Npm vm2 versions 3.10.5...

8.5CVSS5.8AI score0.00722EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/05/07 4:32 a.m.14 views

NPM: vm2's Transformer Fast-Path Bypass Exposes Internal State Variable

NPM: vm2's Transformer Fast-Path Bypass Exposes Internal State Variable vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

5.8CVSS5.8AI score0.00248EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/05/07 4:30 a.m.8 views

NPM: vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak

NPM: vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

5.8CVSS5.8AI score0.00241EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/05/07 4:29 a.m.9 views

NPM: vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary

NPM: vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

7.2CVSS5.8AI score0.002EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/05/07 4:26 a.m.10 views

NPM: vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion

NPM: vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

7.5CVSS5.8AI score0.00424EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/05/07 4:10 a.m.9 views

NPM: vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)

NPM: vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection Process Crash DoS vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

8.6CVSS5.8AI score0.00448EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2026/05/07 4:8 a.m.9 views

NPM: vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape

NPM: vm2 has a NodeVM builtin allowlist bypass via module builtin's Module.load that allows sandbox escape vulnerability discovered by ? in WordPress Npm vm2 versions 3.10.5...

9.9CVSS6AI score0.00974EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/07 4:7 a.m.9 views

NPM: vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape

NPM: vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape vulnerability discovered by ? in WordPress Npm vm2 versions = 3.9.6, = 3.10.5...

10CVSS6AI score0.00842EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/05/07 4:0 a.m.8 views

NPM: vm2 Access to Host Object Enables Sandbox Escape

NPM: vm2 Access to Host Object Enables Sandbox Escape vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

10CVSS6AI score0.00976EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/05/07 3:54 a.m.8 views

NPM: vm2 has a Sandbox Escape Vulnerability

NPM: vm2 has a Sandbox Escape Vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

10CVSS6AI score0.00815EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2026/05/07 1:49 a.m.8 views

NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect vulnerability discovered by ? in WordPress Npm kiota-typescript versions 1.0.0-preview.100...

7CVSS5.8AI score0.00505EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/07 12:5 a.m.9 views

NPM: Vercel: Non-interactive mode includes CLI arguments in suggested command output

NPM: Vercel: Non-interactive mode includes CLI arguments in suggested command output vulnerability discovered by ? in WordPress Npm vercel versions = 50.16.0, = 52.0.0...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/06 11:50 p.m.10 views

NPM: Hono: bodyLimit() can be bypassed for chunked / unknown-length requests

NPM: Hono: bodyLimit can be bypassed for chunked / unknown-length requests vulnerability discovered by ? in WordPress Npm hono versions 4.12.16...

6.5CVSS5.8AI score0.00219EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/06 11:49 p.m.7 views

NPM: hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection

NPM: hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection vulnerability discovered by ? in WordPress Npm hono versions 4.12.16...

6.1CVSS5.8AI score0.0014EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/06 11:2 p.m.9 views

NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules

NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules vulnerability discovered by ? in WordPress Npm nitropack versions 2.13.4...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References7Affected Software1
Patchstack
Patchstack
added 2026/05/06 11:2 p.m.8 views

NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules

NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules vulnerability discovered by ? in WordPress Npm nitro versions 3.0.260429-beta...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References7Affected Software1
Patchstack
Patchstack
added 2026/05/06 11:1 p.m.8 views

NPM: Nitro has a proxy scope bypass via percent-encoded path traversal in `routeRules`

NPM: Nitro has a proxy scope bypass via percent-encoded path traversal in routeRules vulnerability discovered by ? in WordPress Npm nitro versions 3.0.260429-beta...

5.3CVSS5.8AI score0.00392EPSS
Exploits0References7Affected Software1
Patchstack
Patchstack
added 2026/05/06 11:1 p.m.10 views

NPM: Nitro has a proxy scope bypass via percent-encoded path traversal in `routeRules`

NPM: Nitro has a proxy scope bypass via percent-encoded path traversal in routeRules vulnerability discovered by ? in WordPress Npm nitropack versions 2.13.4...

5.3CVSS5.8AI score0.00392EPSS
Exploits0References7Affected Software1
Patchstack
Patchstack
added 2026/05/06 10:26 p.m.8 views

NPM: fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver

NPM: fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver vulnerability discovered by ? in WordPress Npm fast-jwt versions = 6.2.3...

9.1CVSS5.8AI score0.00236EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/06 7:37 p.m.11 views

NPM: basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering

NPM: basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering vulnerability discovered by ? in WordPress Npm basic-ftp versions = 5.3.0...

7.5CVSS5.8AI score0.00465EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/06 6:13 p.m.9 views

NPM: dssrf: every IPv6 category bypasses is_url_safe

NPM: dssrf: every IPv6 category bypasses isurlsafe vulnerability discovered by ? in WordPress Npm dssrf versions 1.3.0...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/06 5:34 p.m.9 views

NPM: next-intl has prototype pollution with `experimental.messages.precompile` via attacker-controlled translation catalog keys

NPM: next-intl has prototype pollution with experimental.messages.precompile via attacker-controlled translation catalog keys vulnerability discovered by ? in WordPress Npm next-intl versions = 4.9.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/06 5:32 p.m.9 views

NPM: mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`

NPM: mcp-data-vis vulnerable to denial of service via unsanitized select key lookup on Object.prototype with precompile: true vulnerability discovered by ? in WordPress Npm icu-minify versions = 4.9.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/06 5:5 p.m.9 views

NPM: Auth.js SDK has Improper Permission Checking

NPM: Auth.js SDK has Improper Permission Checking vulnerability discovered by ? in WordPress Npm auth0-js versions = 8.11.0, = 9.32.0...

5.8AI score0.00211EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/06 3:41 p.m.10 views

WordPress LatePoint – Calendar Booking Plugin for Appointments and Events plugin <= 5.5.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Ly Hoang in WordPress Plugin LatePoint versions = 5.5.0...

7.2CVSS5.8AI score0.0045EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 3:39 p.m.10 views

WordPress LatePoint – Calendar Booking Plugin for Appointments and Events plugin <= 5.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Niv Kochan in WordPress Plugin LatePoint versions = 5.5.0...

6.4CVSS5.8AI score0.00339EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 3:37 p.m.9 views

WordPress LatePoint – Calendar Booking Plugin for Appointments and Events plugin <= 5.5.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by AmonRa in WordPress Plugin LatePoint versions = 5.5.0...

5.8AI score0.00122EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 3:34 p.m.11 views

WordPress WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion vulnerability

Authenticated Author+ Arbitrary File Deletion vulnerability discovered by Ly Hoang in WordPress Plugin WP-Optimize versions = 4.5.2...

8.1CVSS5.8AI score0.0095EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 3:32 p.m.8 views

NPM: Flowise: Bcrypt Password Hash Exposure

NPM: Flowise: Bcrypt Password Hash Exposure vulnerability discovered by ? in WordPress Npm flowise versions = 3.0.12...

6.3CVSS5.8AI score0.00259EPSS
Exploits1References6Affected Software1
Patchstack
Patchstack
added 2026/05/06 2:23 p.m.12 views

WordPress All-in-One WP Migration Unlimited Extension plugin <= 2.83 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Backup Schedule Creation and Backup File Download vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Backup Schedule Creation and Backup File Download vulnerability discovered by Sélim Lanouar whattheslime in WordPress Plugin All-in-One WP Migration Unlimited Extension versions = 2.83...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 2:14 p.m.23 views

WordPress Betheme theme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution vulnerability

Authenticated Author+ Arbitrary File Upload to Remote Code Execution vulnerability discovered by Wordfence in WordPress Theme Betheme versions = 28.4...

8.8CVSS5.9AI score0.00612EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 12:50 p.m.9 views

WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Disclosure vulnerability discovered by anhcd05 - VNPT Cyber Immunity in WordPress Plugin Forminator versions = 1.51.1...

5.3CVSS5.8AI score0.00425EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 10:56 a.m.10 views

WordPress ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor plugin <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite vulnerability

Missing Authorization to Unauthenticated Widget Content Overwrite vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.8.2...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 10:44 a.m.9 views

WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by andrea bocchetti in WordPress Plugin Royal Elementor Addons versions = 1.7.1056...

7.2CVSS5.8AI score0.00359EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 10:38 a.m.10 views

WordPress Blog Settings plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin Blog Settings versions = 1.0...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 10:38 a.m.10 views

WordPress Zingaya Click-to-Call plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin Zingaya Click-to-Call versions = 1.0...

6.1CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 10:37 a.m.10 views

WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.1.11 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin NEX-Forms versions = 9.1.11...

7.2CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 10:26 a.m.11 views

WordPress Quiz Maker by AYS plugin <= 6.7.1.29 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by CHOIGYEONGMIN in WordPress Plugin Quiz Maker versions = 6.7.1.29...

5.8CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 10:13 a.m.9 views

WordPress Brizy – Page Builder plugin <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by momopon1415 in WordPress Plugin Brizy versions = 2.8.11...

7.2CVSS5.8AI score0.00401EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 10:0 a.m.7 views

WordPress PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin <= 12.5.0.1 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin PixelYourSite PRO versions = 12.5.0.1...

7.2CVSS5.8AI score0.00577EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 9:52 a.m.8 views

WordPress Widget Options - Extended plugin <= 5.3.2 - Authenticated (Contributor+) Remote Code Execution vulnerability

WordPress Widget Options - Extended plugin = 5.3.2 - Authenticated Contributor+ Remote Code Execution vulnerability discovered by ? in WordPress Plugin Widget Options - Extended versions = 5.3.2...

8.8CVSS5.8AI score0.00774EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 9:36 a.m.7 views

WordPress Gravity Bookings plugin <= 2.5.9 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Gravity Forms Bookings premium versions = 2.5.9...

7.5CVSS5.9AI score0.00336EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46684