Lucene search
K
PatchstackRecent

46541 matches found

Patchstack
Patchstack
added 6 days ago5 views

WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Jakub Herman in WordPress Plugin Payment Gateway Based Fees and Discounts for WooCommerce versions = 3.0.0...

6.5CVSS5.8AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Blog2Social plugin <= 8.9.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Blog2Social versions = 8.9.2...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress Automatic plugin < 3.135.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Automatic versions 3.135.1...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Themeco Cornerstone plugin < 7.8.8 - Subscriber+ Arbitrary User Password Hash Disclosure vulnerability

Subscriber+ Arbitrary User Password Hash Disclosure vulnerability discovered by RealKingEngine ISAL FRAMEWORK in WordPress Plugin Cornerstone versions 7.8.8...

7.7CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Post Duplicator plugin < 3.0.15 - Contributor+ PHP Object Injection via customMetaData vulnerability

Contributor+ PHP Object Injection via customMetaData vulnerability discovered by Md. Minaruzzaman Shovon in WordPress Plugin Post Duplicator versions 3.0.15...

7.2CVSS5.9AI score0.003EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress Frontend File Manager Plugin plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Rename vulnerability

Subscriber+ Stored Cross-Site Scripting via File Rename vulnerability discovered by Mohamad Nour Almujarkesh in WordPress Plugin Frontend File Manager versions = 23.6...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Steven Julian in WordPress Plugin Elementor Website Builder versions = 4.1.3...

6.5CVSS5.8AI score0.0027EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago8 views

WordPress Neve PRO theme <= 3.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Neve PRO versions = 3.1.2...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress SeedProd Pro plugin < 6.19.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SeedProd Pro versions 6.19.5...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Featured Image plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Featured Image versions = 2.1...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Slick Popup plugin <= 1.7.15 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Slick Popup versions = 1.7.15...

6.5CVSS5.8AI score0.00151EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Simple Basic Contact Form plugin <= 20250114 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Juthawong Naisanguansee in WordPress Plugin Simple Basic Contact Form versions = 20250114...

7.1CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago4 views

WordPress Infility Global plugin < 2.15.19 - Subscriber+ SQL Injection via order Parameter vulnerability

Subscriber+ SQL Injection via order Parameter vulnerability discovered by TRAN THE LONG in WordPress Plugin Infility Global versions 2.15.19...

8.8CVSS6AI score0.00239EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin <= 2.22.7 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by PRISM in WordPress Plugin Tourfic versions = 2.22.7...

7.5CVSS6AI score0.00304EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress SEOPress PRO plugin <= 9.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD Shariful Islam in WordPress Plugin SEOPress PRO versions = 9.1.1...

4.3CVSS5.8AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago7 views

WordPress Request a Quote plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Request a Quote versions = 2.5.2...

6.5CVSS5.8AI score0.00209EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Slim SEO versions = 4.6.2...

6.5CVSS5.8AI score0.00248EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Gravity Bookings plugin <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection vulnerability

Authenticated Subscriber+ Time-Based SQL Injection vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Gravity Forms Bookings premium versions = 2.7.1...

6.5CVSS6AI score0.00241EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Dokan Pro plugin <= 5.0.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...

7.5CVSS6AI score0.00273EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress Dokan Pro plugin <= 5.0.4 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...

6.5CVSS6AI score0.00224EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago6 views

WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin SiteGround Email Marketing versions = 1.7.5...

5.3CVSS5.8AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago7 views

WordPress Frontend File Manager Plugin plugin <= 23.6 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by Alexander Jurkschat in WordPress Plugin Frontend File Manager versions = 23.6...

7.5CVSS5.8AI score0.0024EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Cornerstone plugin < 7.8.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by RealKingEngine ISAL FRAMEWORK in WordPress Plugin Cornerstone versions 7.8.9...

7.7CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago7 views

WordPress Site Kit by Google plugin < 1.176.0 - Editor+ Email Reporting Settings Update vulnerability

Editor+ Email Reporting Settings Update vulnerability discovered by Shashank in WordPress Plugin Site Kit by Google versions 1.176.0...

2.7CVSS5.8AI score0.00168EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago8 views

WordPress AI Share & Summarize plugin < 2.0.4 - Contributor+ Stored XSS via title_style Shortcode Attribute vulnerability

Contributor+ Stored XSS via titlestyle Shortcode Attribute vulnerability discovered by Haitam Lazaar in WordPress Plugin AI Share & Summarize versions 2.0.4...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Infility Global plugin < 2.15.20 - Editor+ SQL Injection via orderby Parameter vulnerability

Editor+ SQL Injection via orderby Parameter vulnerability discovered by Mustafa Ahmed in WordPress Plugin Infility Global versions 2.15.20...

6.8CVSS6AI score0.00231EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week4 views

WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Theme ListingPro versions = 2.9.11...

6.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added last week5 views

WordPress Customer Reviews for WooCommerce plugin <= 5.110.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Customer Reviews for WooCommerce versions = 5.110.1...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added last week4 views

WordPress Advanced Order Export For WooCommerce plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin Advanced Order Export For WooCommerce versions = 4.0.9...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added last week4 views

WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Responsive Lightbox versions = 2.7.6...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added last week7 views

WordPress Gutenverse Form plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Gutenverse Form versions = 2.4.7...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added last week6 views

WordPress Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin <= 6.1.4 - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Page Builder for Gutenberg Blocks & Patterns plugin = 6.1.4 - Page Builder for Gutenberg Blocks & Patterns = 6.1.4 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Viet Anh Ngo in WordPress Plugin Essential Blocks for Gutenberg versions = 6.1.4...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week5 views

WordPress Quick Interest Slider plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Quick Interest Slider versions = 3.1.6...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added last week5 views

WordPress Napoli plugin <= 2.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Napoli versions = 2.2.4...

4.3CVSS5.8AI score0.00306EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added last week5 views

WordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Denver Jackson in WordPress Plugin Frisbii Pay versions = 1.8.2...

8.8CVSS5.8AI score0.00232EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added last week5 views

WordPress Forminator plugin <= 1.53.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.53.1...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added last week6 views

WordPress WP Meta SEO plugin <= 4.5.18 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by zedeq - dmz-zedeq in WordPress Plugin WP Meta SEO versions = 4.5.18...

7.2CVSS5.8AI score0.00241EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week6 views

WordPress URL Preview plugin <= 1.0 - Unauthenticated Server-Side Request Forgery vulnerability

Unauthenticated Server-Side Request Forgery vulnerability discovered by Eason - The University of Sydney in WordPress Plugin URL Preview versions = 1.0...

7.2CVSS5.8AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week6 views

WordPress Kargo Takip plugin <= 1.2 - Unauthenticated Server-Side Request Forgery vulnerability

Unauthenticated Server-Side Request Forgery vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Kargo Takip versions = 1.2...

7.2CVSS5.8AI score0.0029EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week7 views

WordPress EntreDroppers plugin <= 1.1.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin EntreDroppers versions = 1.1.2...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week6 views

WordPress Image Sizes on Demand plugin <= 1.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Image Sizes on Demand versions = 1.3...

6.1CVSS5.8AI score0.00168EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week6 views

WordPress Cincopa video and media plug-in plugin <= 1.163 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Post Video Players versions = 1.163...

7.2CVSS5.8AI score0.00297EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week8 views

WordPress Email JavaScript Cloak plugin <= 1.03 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Email JavaScript Cloak versions = 1.03...

7.2CVSS5.8AI score0.00264EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week8 views

WordPress ARforms plugin <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by h0xilo in WordPress Plugin ARForms versions = 7.1.3...

7.2CVSS5.8AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week9 views

WordPress AdRotate Banner Manager plugin <= 5.17.7 - Authenticated (Contributor+) PHP Code Injection vulnerability

Authenticated Contributor+ PHP Code Injection vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin AdRotate Banner Manager versions = 5.17.7...

8.8CVSS5.9AI score0.00467EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week7 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin ProfileGrid versions = 5.9.9.2...

6.4CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week9 views

WordPress Welcome Software Publishing plugin <= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation vulnerability

Authenticated Subscriber+ Arbitrary Options Update to Privilege Escalation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Welcome Software Publishing versions = 0.0.31...

8.8CVSS5.8AI score0.00463EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week6 views

WordPress WP Forms Connector plugin <= 1.8 - Missing Authorization to Unauthenticated Information Exposure vulnerability

Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...

7.5CVSS5.8AI score0.00347EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week7 views

WordPress WP Forms Connector plugin <= 1.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...

7.5CVSS6AI score0.00376EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added last week7 views

WordPress Invoice Generator plugin <= 1.0.0 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Alyudin Nafiie in WordPress Plugin Invoice Generator versions = 1.0.0...

9.8CVSS5.8AI score0.00364EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities46541