Lucene search
K
PatchstackRecent

46571 matches found

Patchstack
Patchstack
added 6 days ago8 views

NPM: neotoma has tenant isolation gap in relationship query endpoints

NPM: neotoma has tenant isolation gap in relationship query endpoints vulnerability discovered by ? in WordPress Npm neotoma versions = 0.13.0, 0.14.0...

5.8AI score
Exploits0References5Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

NPM: i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string

NPM: i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string vulnerability discovered by ? in WordPress Npm i18next-fs-backend versions 2.6.6...

9.1CVSS5.8AI score0.00419EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

NPM: i18next-http-middleware: MissingKeyHandler does not reject keys whose segments contain prototype-polluting names

NPM: i18next-http-middleware: MissingKeyHandler does not reject keys whose segments contain prototype-polluting names vulnerability discovered by ? in WordPress Npm i18next-http-middleware versions 3.9.7...

9.1CVSS5.8AI score0.00419EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by NETZLICHT in WordPress Plugin OMGF Pro versions = 5.2.6...

10CVSS5.8AI score0.00373EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress FOX plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin FOX versions = 1.4.8...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago3 views

WordPress Everest Forms plugin <= 3.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by bekitousei in WordPress Plugin Everest Forms versions = 3.4.8...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress SureCart plugin <= 4.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Psalms Christopher Matovu ByteOverride in WordPress Plugin SureCart versions = 4.2.2...

6.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress WoodMart theme <= 8.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Theme WoodMart versions = 8.5.3...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Advance Product Search plugin <= 1.4.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Mokksh Parekh in WordPress Plugin Advance Product Search versions = 1.4.4...

9.3CVSS5.8AI score0.00236EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress Toolset Forms plugin <= 2.6.24 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by VanTastic in WordPress Plugin Toolset Forms versions = 2.6.24...

7.5CVSS5.8AI score0.003EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress JetEngine plugin <= 3.8.10.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad in WordPress Plugin JetEngine versions = 3.8.10.2...

9.3CVSS5.8AI score0.00236EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress JetSmartFilters plugin <= 3.8.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin JetSmartFilters versions = 3.8.3...

9.3CVSS5.8AI score0.00236EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin ShortPixel Adaptive Images versions = 3.11.4...

5.8CVSS5.8AI score0.00346EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress Tourfic plugin <= 2.22.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by anhcd05 in WordPress Plugin Tourfic versions = 2.22.5...

8.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago3 views

WordPress MailChimp Block plugin <= 1.1.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Roll in WordPress Plugin MailChimp Block versions = 1.1.15...

8.3CVSS5.8AI score0.00178EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress Quotes llama plugin <= 3.1.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin Quotes llama versions = 3.1.5...

9.3CVSS5.8AI score0.00236EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Subscriptions for WooCommerce versions = 1.9.5...

7.5CVSS5.8AI score0.00246EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.4 - Authenticated (Custom+) SQL Injection vulnerability

Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Groundhogg versions = 4.5.4...

6.5CVSS6AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 7.1.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin Print Invoice & Delivery Notes for WooCommerce versions = 7.1.1...

7.5CVSS5.8AI score0.00303EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Jamaal ahmed in WordPress Theme Travel Booking versions = 2.2.5...

9.9CVSS5.8AI score0.00362EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago3 views

WordPress Quform plugin <= 2.23.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by daroo in WordPress Plugin Quform versions = 2.23.0...

9.9CVSS5.8AI score0.00362EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Uncanny Automator Pro versions = 7.3.0.6...

9.8CVSS5.8AI score0.00426EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress RealHomes theme <= 4.5.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Theme RealHomes versions = 4.5.3...

8.8CVSS5.8AI score0.00391EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin JS Help Desk versions = 3.1.1...

7.7CVSS5.8AI score0.0045EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago8 views

WordPress WPCafe plugin <= 3.0.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by L4m in WordPress Plugin WPCafe versions = 3.0.14...

4.3CVSS5.8AI score0.00259EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress EventPrime plugin <= 4.3.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin EventPrime versions = 4.3.4.1...

8.8CVSS5.8AI score0.00391EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress TablePress plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin TablePress versions = 3.3.1...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HaiND in WordPress Plugin PPOM for WooCommerce versions = 33.0.18...

6.5CVSS5.8AI score0.00196EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress Post Snippets plugin <= 4.0.19 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin Post Snippets versions = 4.0.19...

8.5CVSS5.9AI score0.00351EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago2 views

WordPress perfmatters plugin <= 2.6.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by dutafi in WordPress Plugin perfmatters versions = 2.6.3...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Jakub Herman in WordPress Plugin Payment Gateway Based Fees and Discounts for WooCommerce versions = 3.0.0...

6.5CVSS5.8AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Blog2Social plugin <= 8.9.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Blog2Social versions = 8.9.2...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress Automatic plugin < 3.135.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Automatic versions 3.135.1...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Themeco Cornerstone plugin < 7.8.8 - Subscriber+ Arbitrary User Password Hash Disclosure vulnerability

Subscriber+ Arbitrary User Password Hash Disclosure vulnerability discovered by RealKingEngine ISAL FRAMEWORK in WordPress Plugin Cornerstone versions 7.8.8...

7.7CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Post Duplicator plugin < 3.0.15 - Contributor+ PHP Object Injection via customMetaData vulnerability

Contributor+ PHP Object Injection via customMetaData vulnerability discovered by Md. Minaruzzaman Shovon in WordPress Plugin Post Duplicator versions 3.0.15...

7.2CVSS5.9AI score0.003EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Frontend File Manager Plugin plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Rename vulnerability

Subscriber+ Stored Cross-Site Scripting via File Rename vulnerability discovered by Mohamad Nour Almujarkesh in WordPress Plugin Frontend File Manager versions = 23.6...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Steven Julian in WordPress Plugin Elementor Website Builder versions = 4.1.3...

6.5CVSS5.8AI score0.0027EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago8 views

WordPress Neve PRO theme <= 3.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Neve PRO versions = 3.1.2...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress SeedProd Pro plugin < 6.19.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SeedProd Pro versions 6.19.5...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Featured Image plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Featured Image versions = 2.1...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Slick Popup plugin <= 1.7.15 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Slick Popup versions = 1.7.15...

6.5CVSS5.8AI score0.00151EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Simple Basic Contact Form plugin <= 20250114 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Juthawong Naisanguansee in WordPress Plugin Simple Basic Contact Form versions = 20250114...

7.1CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Infility Global plugin < 2.15.19 - Subscriber+ SQL Injection via order Parameter vulnerability

Subscriber+ SQL Injection via order Parameter vulnerability discovered by TRAN THE LONG in WordPress Plugin Infility Global versions 2.15.19...

8.8CVSS6AI score0.00239EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin <= 2.22.7 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by PRISM in WordPress Plugin Tourfic versions = 2.22.7...

7.5CVSS6AI score0.00304EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress SEOPress PRO plugin <= 9.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD Shariful Islam in WordPress Plugin SEOPress PRO versions = 9.1.1...

4.3CVSS5.8AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago7 views

WordPress Request a Quote plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Request a Quote versions = 2.5.2...

6.5CVSS5.8AI score0.00209EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Slim SEO versions = 4.6.2...

6.5CVSS5.8AI score0.00248EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Gravity Bookings plugin <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection vulnerability

Authenticated Subscriber+ Time-Based SQL Injection vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Gravity Forms Bookings premium versions = 2.7.1...

6.5CVSS6AI score0.00241EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Dokan Pro plugin <= 5.0.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...

7.5CVSS6AI score0.00273EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Dokan Pro plugin <= 5.0.4 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...

6.5CVSS6AI score0.00224EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46571