Lucene search
K
PatchstackRecent

46684 matches found

Patchstack
Patchstack
added 2026/04/23 2:40 p.m.7 views

WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Daniel Wade in WordPress Plugin WP Time Slots Booking Form versions = 1.2.46...

5.1AI score0.0021EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 2:33 p.m.22 views

WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kapee versions 1.7.1...

5AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 2:32 p.m.10 views

WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad in WordPress Plugin MasterStudy LMS Pro versions 4.7.16...

5.1AI score0.00196EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 2:27 p.m.5 views

WordPress Learnify theme <= 1.15.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Learnify versions = 1.15.0...

5.2AI score0.00423EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 2:17 p.m.7 views

WordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin Bookify versions = 1.1.1...

5.1AI score0.00326EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 2:14 p.m.5 views

WordPress ProfilePress plugin <= 4.16.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Niv Kochan in WordPress Plugin ProfilePress versions = 4.16.13...

5.1AI score0.00205EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 2:7 p.m.5 views

WordPress WP SMS plugin <= 7.2.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin WP SMS versions = 7.2.1...

5.2AI score0.00326EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 11:4 a.m.7 views

WordPress Rescue Shortcodes plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Rescue Shortcodes versions = 3.3...

6.5CVSS5.8AI score0.00127EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 11:1 a.m.5 views

WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin ACF Galerie 4 versions = 1.4.2...

4.3CVSS5.8AI score0.00198EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 10:59 a.m.6 views

WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Taxi Booking Manager for WooCommerce versions = 2.0.0...

6.5CVSS5.8AI score0.00165EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 10:3 a.m.7 views

WordPress Roam theme <= 2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Roam versions = 2.1...

9.8CVSS7.8AI score0.00409EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 10:3 a.m.6 views

WordPress Monki theme <= 2.0.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme Monki versions = 2.0.5...

8.1CVSS5.1AI score0.00489EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 10:0 a.m.9 views

WordPress Bricks Builder theme <= 2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by w41bu1 in WordPress Theme Bricks Builder versions = 2.2...

7.1CVSS5.8AI score0.00142EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 9:54 a.m.8 views

WordPress Amelia plugin <= 2.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Weerawat Pawanawiwat ErbaZZ in WordPress Plugin Amelia versions = 2.2...

5.2AI score0.00294EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 9:52 a.m.8 views

WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mehdi Ouassou in WordPress Plugin ChatBot versions = 7.9.7...

5.1AI score0.00307EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 9:45 a.m.7 views

WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jakub Herman in WordPress Plugin Quiz And Survey Master versions = 11.0.0...

5.1AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 9:41 a.m.9 views

WordPress AutomatorWP plugin <= 5.6.7 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin AutomatorWP versions = 5.6.7...

5.2AI score0.00385EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 9:23 a.m.7 views

WordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Metro Magazine versions = 1.4.1...

5.1AI score0.00196EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/23 9:8 a.m.8 views

WordPress Social Rocket - Social Sharing Plugin plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id vulnerability

WordPress Social Rocket - Social Sharing Plugin plugin = 1.3.4.2 - Authenticated Subscriber+ Stored Cross-Site Scripting via id vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Social Rocket versions = 1.3.4.2...

6.4CVSS5.8AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 8:41 a.m.9 views

WordPress Breeze Cache plugin <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote vulnerability

Unauthenticated Arbitrary File Upload via fetchgravatarfromremote vulnerability discovered by Hung Nguyen bashu - VN in WordPress Plugin Breeze versions = 2.4.4...

9.8CVSS5.8AI score0.36512EPSS
Exploits8References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 3:25 a.m.10 views

WordPress WP Store Locator plugin <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'wpsladdress' Post Meta vulnerability discovered by kai63001 in WordPress Plugin WP Store Locator versions = 2.2.261...

6.4CVSS5.8AI score0.00152EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 3:25 a.m.6 views

WordPress ExactMetrics plugin <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process vulnerability

Authenticated Editor+ Arbitrary Plugin Installation/Activation via exactmetricsconnectprocess vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin ExactMetrics versions = 9.1.2...

7.2CVSS5.8AI score0.00695EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/23 3:24 a.m.8 views

WordPress Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor plugin <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutentor Block HTML vulnerability

WordPress Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor plugin = 3.5.5 - Authenticated Contributor+ Stored Cross-Site Scripting via Gutentor Block HTML vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Gutentor versions = 3.5.5...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/22 4:4 p.m.9 views

WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by TruongLV1 From FPT Night Wolf in WordPress Plugin Feed KuantoKusta for WooCommerce – Free versions = 5.3...

5.8AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 4:1 p.m.6 views

WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin FunnelKit Automations versions = 3.7.3...

5.2AI score0.00385EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 4:0 p.m.8 views

WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan in WordPress Plugin Essential Addons for Elementor versions 6.6.0...

5.1AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 3:43 p.m.6 views

WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Avada versions 7.13.2...

4.3CVSS5.8AI score0.001EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 3:28 p.m.6 views

WordPress Order Minimum/Maximum Amount Limits for WooCommerce plugin <= 4.6.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Order Minimum/Maximum Amount Limits for WooCommerce versions = 4.6.4...

6.5CVSS7.3AI score0.00209EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 3:26 p.m.9 views

WordPress Maximum Products per User for WooCommerce plugin <= 4.3.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Maximum Products per User for WooCommerce versions = 4.3.6...

6.5CVSS7.3AI score0.00209EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 2:40 p.m.13 views

WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion Pro versions = 2.1.37...

5.5AI score0.00541EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 2:33 p.m.6 views

WordPress WPAdverts plugin <= 2.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by TheNetRunner Security Research in WordPress Plugin WPAdverts versions = 2.3.0...

5.1AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 2:30 p.m.12 views

WordPress ReviewX plugin <= 2.3.6 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin ReviewX versions = 2.3.6...

5.2AI score0.00294EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 2:26 p.m.7 views

WordPress BookIt plugin <= 2.5.1 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by davidfdzmorilla in WordPress Plugin BookIt versions = 2.5.1...

5.2AI score0.00267EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 2:26 p.m.6 views

WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xManticore in WordPress Plugin Contact Form to Any API versions = 3.0.3...

5.1AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 11:20 a.m.4 views

WordPress Breaking News WP plugin <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read vulnerability

Missing Authorization to Authenticated Subscriber+ Local File Inclusion/Read vulnerability discovered by t0ann9uy3n in WordPress Plugin Breaking News WP versions = 1.3...

6.5CVSS5.8AI score0.00814EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/22 11:15 a.m.9 views

WordPress Simple Random Posts Shortcode plugin <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Simple Random Posts Shortcode versions = 0.3...

6.4CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/22 10:40 a.m.6 views

WordPress Link Library plugin <= 7.8.8 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Link Library versions = 7.8.8...

5.2AI score0.00327EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 10:30 a.m.7 views

WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Alukas versions 3.0.0...

5.3AI score0.00395EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 10:29 a.m.8 views

WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Kapee versions 1.7.0...

5.3AI score0.00308EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 10:28 a.m.9 views

WordPress PressMart theme <= 1.2.26 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme PressMart versions = 1.2.26...

5.3AI score0.00308EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 10:25 a.m.5 views

WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme EmallShop versions = 2.4.21...

5.3AI score0.00308EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/22 9:45 a.m.9 views

WordPress Emailchef plugin <= 3.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Settings Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Emailchef versions = 3.5.1...

4.3CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/22 9:42 a.m.5 views

WordPress WP Responsive Popup + Optin plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP Responsive Popup + Optin versions = 1.4...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/22 9:25 a.m.6 views

WordPress Create DB Tables plugin <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Database Table Creation/Deletion vulnerability discovered by theviper17y in WordPress Plugin Create DB Tables versions = 1.2.1...

9.1CVSS5.8AI score0.00729EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/22 9:9 a.m.6 views

WordPress Sendmachine for WordPress plugin <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation vulnerability

Unauthenticated SMTP Hijack to Privilege Escalation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Sendmachine for WordPress versions = 1.0.20...

9.8CVSS5.8AI score0.00578EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/21 7:16 p.m.7 views

WordPress Short Comment Filter plugin <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Short Comment Filter versions = 2.2...

4.4CVSS5.8AI score0.00373EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/21 7:15 p.m.8 views

WordPress Private WP suite plugin <= 0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Private WP suite versions = 0.4.1...

4.4CVSS5.8AI score0.0029EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/21 7:15 p.m.6 views

WordPress Real Estate Pro plugin <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Real Estate Pro versions = 1.0.9...

5.5CVSS5.8AI score0.00241EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/21 7:13 p.m.6 views

WordPress HTTP Headers plugin <= 1.19.2 - Authenticated (Administrator+) CRLF Injection vulnerability

Authenticated Administrator+ CRLF Injection vulnerability discovered by Kai Aizen in WordPress Plugin HTTP Headers versions = 1.19.2...

5.5CVSS5.8AI score0.00474EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/21 7:13 p.m.7 views

WordPress HTTP Headers plugin <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Daniel Basta whizzu - NASK PIB in WordPress Plugin HTTP Headers versions = 1.19.2...

4.4CVSS5.8AI score0.0029EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46684