Lucene search
K
PatchstackRecent

46684 matches found

Patchstack
Patchstack
added 2026/04/29 11:1 a.m.7 views

WordPress PowerPack Pro for Elementor plugin < v2.13.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin PowerPack Pro for Elementor versions v2.13.0...

5.8AI score0.00316EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/29 9:59 a.m.7 views

WordPress WP Meteor Website Speed Optimization Addon plugin <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Meteor Page Speed Optimization Topping versions = 3.4.16...

6.1CVSS5.1AI score0.00215EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/29 4:45 a.m.8 views

WordPress Eventin plugin <= 4.1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Lorenzo Fradeani in WordPress Plugin WP Event SOlution versions = 4.1.8...

5.8AI score0.00414EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2026/04/29 1:22 a.m.19 views

WordPress WPPizza plugin <= 3.19.9 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Muhan Luo in WordPress Plugin WPPizza versions = 3.19.9...

5.2AI score0.00345EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/28 7:52 p.m.8 views

WordPress Complianz – GDPR/CCPA Cookie Consent plugin <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure vulnerability

Missing Authorization to Unauthenticated Private Post Content Disclosure vulnerability discovered by Wesley van de Kamp - Conda Security in WordPress Plugin Complianz versions = 7.4.5...

5.3CVSS5.2AI score0.00276EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/28 7:42 p.m.6 views

WordPress Amelia plugin <= 2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Niv Kochan in WordPress Plugin Amelia versions = 2.2...

5.1AI score0.00271EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/28 12:31 p.m.8 views

NPM: Apache Thrift Node.js bindings vulnerable to Uncontrolled Recursion

NPM: Apache Thrift Node.js bindings vulnerable to Uncontrolled Recursion vulnerability discovered by ? in WordPress Npm thrift versions 0.23.0...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/04/28 10:10 a.m.6 views

WordPress Check & Log Email plugin < 2.0.13 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Check & Log Email versions 2.0.13...

5.4CVSS5.1AI score0.00155EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/27 6:15 p.m.6 views

WordPress Woostify theme <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Theme Woostify versions = 2.5.0...

6.4CVSS5.1AI score0.00206EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/27 3:59 p.m.10 views

WordPress Timeline Blocks for Gutenberg plugin <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Timeline Blocks for Gutenberg versions = 1.1.10...

6.4CVSS5.1AI score0.00195EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/27 3:57 p.m.6 views

WordPress Social Post Embed plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by hxuu in WordPress Plugin Social Post Embed versions = 2.0.1...

6.4CVSS5.1AI score0.00195EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/27 1:50 p.m.5 views

WordPress WP User Frontend plugin <= 4.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Sajjad Haqi in WordPress Plugin WP User Frontend versions = 4.3.1...

6.5CVSS5.1AI score0.00195EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/27 1:44 p.m.6 views

WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Order Delivery Date for WooCommerce versions = 4.5.1...

5.8AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/27 1:40 p.m.8 views

WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Profile Builder Pro versions = 3.15.0...

5.1AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/27 1:34 p.m.5 views

WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin Simply Schedule Appointments versions 1.6.11.2...

5.2AI score0.00294EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/27 1:30 p.m.5 views

WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Funnel Builder by FunnelKit versions = 3.15.0.1...

5.8AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/27 1:24 p.m.6 views

WordPress AI Lab theme < 5.4.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme AI Lab versions 5.4.2...

5.3AI score0.0051EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/27 10:42 a.m.8 views

WordPress LatePoint plugin <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability vulnerability

Authenticated Agent+ Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability vulnerability discovered by skyv3il - AI SAFE in WordPress Plugin LatePoint versions = 5.4.1...

8.8CVSS5.2AI score0.00293EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/04/27 10:39 a.m.7 views

WordPress TheGem theme Elements (for Elementor) plugin < 5.12.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for Elementor versions 5.12.1.1...

6.5CVSS5AI score0.00127EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/27 10:19 a.m.5 views

WordPress Highland Software Custom Role Manager plugin <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Herc Bandiola in WordPress Plugin Highland Software Custom Role Manager versions = 1.0.0...

8.8CVSS5.2AI score0.00307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/27 9:26 a.m.6 views

WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SureForms Pro versions = 2.8.0...

7.3CVSS5.1AI score0.00229EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/27 8:25 a.m.7 views

WordPress Templately plugin <= 3.6.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Templately versions = 3.6.1...

7.7CVSS5.2AI score0.00212EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/25 11:51 p.m.7 views

NPM: OpenClaw: Agent gateway config mutations could change protected operator settings

NPM: OpenClaw: Agent gateway config mutations could change protected operator settings vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/04/25 11:50 p.m.7 views

NPM: OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy

NPM: OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/04/25 11:50 p.m.6 views

NPM: OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests

NPM: OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.5, 2026.4.20...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/04/25 11:49 p.m.4 views

NPM: OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks

NPM: OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/04/25 11:49 p.m.12 views

NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device

NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/04/25 11:48 p.m.7 views

NPM: OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config

NPM: OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/04/25 11:47 p.m.6 views

NPM: OpenClaw: Isolated cron awareness events were recorded as trusted system events

NPM: OpenClaw: Isolated cron awareness events were recorded as trusted system events vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/04/25 11:46 p.m.7 views

NPM: OpenClaw: Feishu card actions could misclassify DMs and skip dmPolicy

NPM: OpenClaw: Feishu card actions could misclassify DMs and skip dmPolicy vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/04/25 11:45 p.m.9 views

NPM: OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization

NPM: OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

6.5CVSS5.8AI score0.00222EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/04/25 11:45 p.m.6 views

NPM: OpenClaw: Hook mapping templates could bypass hook session-key opt-in

NPM: OpenClaw: Hook mapping templates could bypass hook session-key opt-in vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/04/25 6:30 a.m.7 views

NPM: simple-git is vulnerable to Remote Code Execution

NPM: simple-git is vulnerable to Remote Code Execution vulnerability discovered by ? in WordPress Npm simple-git versions 3.36.0...

9.8CVSS5.8AI score0.00877EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2026/04/24 9:29 p.m.8 views

WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin myCred versions = 3.0.3...

5.1AI score0.00279EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/24 8:18 p.m.7 views

WordPress Groundhogg plugin < 4.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Groundhogg versions 4.4.1...

5.1AI score0.00279EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/24 3:31 p.m.10 views

NPM: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output

NPM: PostCSS has XSS via Unescaped in its CSS Stringify Output vulnerability discovered by ? in WordPress Npm postcss versions 8.5.10...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/04/24 9:0 a.m.7 views

WordPress HT Mega plugin < 3.0.7 - Unauthenticated PII Disclosure vulnerability

Unauthenticated PII Disclosure vulnerability discovered by Chiao-Lin Yu Steven Meow in WordPress Plugin HT Mega versions 3.0.7...

5.3CVSS5.2AI score0.00742EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/04/24 8:57 a.m.8 views

WordPress Drag and Drop File Upload for Contact Form 7 plugin <= 1.1.3 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Thomas Sanzey in WordPress Plugin Drag and Drop File Upload for Contact Form 7 versions = 1.1.3...

8.1CVSS5.2AI score0.0106EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/04/24 12:9 a.m.6 views

WordPress WP reCaptcha by WebDesignBy plugin < 2.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Mustafa Ahmed in WordPress Plugin reCaptcha by WebDesignBy versions 2.0...

3.5CVSS5.8AI score0.002EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 9:52 p.m.8 views

WordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Jakub Herman in WordPress Plugin KiviCare versions = 4.2.1...

5.2AI score0.00249EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 7:20 p.m.6 views

WordPress ITERAS plugin <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin ITERAS versions = 1.8.2...

6.4CVSS5.8AI score0.00257EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 7:19 p.m.9 views

WordPress HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin <= 11.3.32 - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure vulnerability

Forms, Popups, Live Chat plugin = 11.3.32 - Forms, Popups, Live Chat = 11.3.32 - Missing Authorization to Authenticated Contributor+ Installed Plugin Disclosure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin HubSpot versions = 11.3.32...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 7:17 p.m.5 views

WordPress Liaison Site Prober plugin <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint vulnerability

Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Liaison Site Prober versions = 1.2.1...

5.3CVSS5.8AI score0.00372EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 7:16 p.m.9 views

WordPress Taqnix plugin <= 1.0.3 - Cross-Site Request Forgery to Account Deletion vulnerability

Cross-Site Request Forgery to Account Deletion vulnerability discovered by theviper17y in WordPress Plugin Taqnix versions = 1.0.3...

4.3CVSS5.8AI score0.0017EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 4:45 p.m.5 views

WordPress WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes plugin <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Books Gallery versions = 4.8.0...

5.3CVSS5.8AI score0.00323EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 4:35 p.m.8 views

WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Royal Elementor Addons versions = 1.7.1056...

6.4CVSS5.8AI score0.00264EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 4:30 p.m.7 views

WordPress Booking Calendar Contact Form plugin <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Calendar Takeover vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Booking Calendar Contact Form versions = 1.2.63...

5.3CVSS5.8AI score0.0033EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 2:48 p.m.7 views

WordPress ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval vulnerability

Authenticated Subscriber+ Missing Authorization to Google Ads Access Token Retrieval vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin ExactMetrics versions = 9.1.2...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 2:45 p.m.7 views

WordPress BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage vulnerability

Missing Authorization to Authenticated Subscriber+ Unauthorized AI API Usage vulnerability discovered by h0xilo in WordPress Plugin BetterDocs versions = 4.3.11...

4.3CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 2:43 p.m.5 views

WordPress MaxiBlocks Builder plugin <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion vulnerability

Missing Authorization to Authenticated Author+ Media File Deletion vulnerability discovered by Teerachai Somprasong in WordPress Plugin MaxiBlocks versions = 2.1.8...

5.3CVSS5.8AI score0.00318EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46684