Lucene search
K
PatchstackRecent

46684 matches found

Patchstack
Patchstack
added 2026/04/20 11:9 a.m.5 views

WordPress Manufaktur Solutions theme <= 1.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Manufaktur Solutions versions = 1.1.1...

5.8AI score0.00308EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 11:8 a.m.5 views

WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Ashtanga versions = 1.2...

5.8AI score0.0032EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 11:7 a.m.5 views

WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability

Non-Arbitrary File Download vulnerability discovered by daroo in WordPress Plugin Download Monitor versions = 5.1.9...

5.8AI score0.00337EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 11:2 a.m.9 views

WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Marc-André Beaulieu h3dg3h0g in WordPress Plugin Responsive Slider by MetaSlider versions = 3.106.0...

5.8AI score0.0068EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:45 a.m.10 views

WordPress RepairBuddy plugin <= 4.1132 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin RepairBuddy versions = 4.1132...

5.8AI score0.00326EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:38 a.m.8 views

WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by lagi bljr in WordPress Plugin Tutor LMS versions = 3.9.7...

5.8AI score0.00252EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:34 a.m.11 views

WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Kids Online Store versions = 0.8.9...

5.8AI score0.00273EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:33 a.m.5 views

WordPress Charity Zone theme <= 1.1.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Charity Zone versions = 1.1.1...

5.8AI score0.00434EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:33 a.m.7 views

WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Kids Gift Shop versions = 0.5.4...

5.8AI score0.00434EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:33 a.m.9 views

WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Ecommerce Zone versions = 0.9.7...

5.8AI score0.00434EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:32 a.m.6 views

WordPress Restaurant Zone theme <= 0.7.8 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Restaurant Zone versions = 0.7.8...

5.8AI score0.00434EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:29 a.m.6 views

WordPress Webenvo theme <= 0.0.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Webenvo versions = 0.0.6...

5.8AI score0.00434EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:23 a.m.7 views

WordPress Atomlab theme <= 2.4.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Atomlab versions = 2.4.5...

5.8AI score0.00338EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:20 a.m.7 views

WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by James Pirstin in WordPress Plugin EventPrime versions = 4.3.0.0...

5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:15 a.m.9 views

WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Notification for Telegram versions = 3.5...

5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:14 a.m.11 views

WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hivesec in WordPress Plugin JupiterX Core versions = 4.14.1...

5.8AI score0.00305EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:10 a.m.9 views

WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Elementra versions = 1.0.9...

5.8AI score0.00375EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:8 a.m.8 views

WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hivesec in WordPress Plugin WP Sessions Time Monitoring Full Automatic versions = 1.1.4...

5.8AI score0.0027EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 9:57 a.m.6 views

WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hivesec in WordPress Plugin InPost Gallery versions = 2.1.4.6...

5.8AI score0.00234EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 9:54 a.m.6 views

WordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Easy Digital Downloads versions = 3.6.5...

5.8AI score0.00246EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 9:39 a.m.7 views

WordPress Hostel plugin <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter vulnerability

Reflected Cross-Site Scripting via 'shortcodeid' Parameter vulnerability discovered by Bee - FPT University in WordPress Plugin Hostel versions = 1.1.6...

6.1CVSS5.8AI score0.00318EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/20 9:37 a.m.8 views

WordPress Youzify plugin <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'checkinplaceid' Parameter vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin Youzify versions = 1.3.6...

6.4CVSS5.8AI score0.00195EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/20 9:32 a.m.5 views

WordPress Easy Appointments plugin <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API vulnerability

Unauthenticated Sensitive Information Exposure via REST API vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Easy Appointments versions = 3.12.21...

7.5CVSS5.8AI score0.0239EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/20 9:28 a.m.7 views

WordPress wpDataTables plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Lio in WordPress Plugin wpDataTables versions = 6.5.0.4...

4.7CVSS5.8AI score0.00272EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/20 9:13 a.m.8 views

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.6 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass vulnerability

Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.6...

8.1CVSS5.8AI score0.04175EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2026/04/20 9:11 a.m.9 views

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.6 - Unauthenticated Limited Arbitrary File Read via mfile Field vulnerability

Unauthenticated Limited Arbitrary File Read via mfile Field vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.6...

7.5CVSS5.8AI score0.0069EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/20 9:6 a.m.7 views

WordPress WP Customer Area plugin <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file vulnerability

Authenticated Subscriber+ Arbitrary File Read/Deletion via ajaxattachfile vulnerability discovered by shark3y in WordPress Plugin WP Customer Area versions = 8.3.4...

8.8CVSS5.8AI score0.00968EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/20 7:57 a.m.5 views

WordPress Image Source Control Lite – Show Image Credits and Captions plugin <= 3.9.1 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Image Source Control versions = 3.9.1...

6.4CVSS5.8AI score0.00155EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/20 7:13 a.m.7 views

WordPress Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion vulnerability

Unauthenticated Arbitrary File Read and Deletion vulnerability discovered by ll in WordPress Plugin Everest Forms versions = 3.4.4...

8.1CVSS5.8AI score0.01022EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/20 5:51 a.m.5 views

WordPress wpForo Forum plugin <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by ? in WordPress Plugin wpForo Forum versions = 3.0.5...

8.1CVSS5.8AI score0.00593EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/20 12:0 a.m.7 views

WordPress Website LLMs.txt plugin <= 8.2.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Website LLMs.txt versions = 8.2.6...

6.1CVSS5.8AI score0.00215EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/19 11:25 p.m.8 views

WordPress CMP - Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution vulnerability

WordPress CMP - Coming Soon & Maintenance Plugin by NiteoThemes plugin = 4.1.16 - Missing Authorization to Authenticated Administrator+ Arbitrary File Upload and Remote Code Execution vulnerability discovered by ll in WordPress Plugin CMP – Coming Soon & Maintenance versions = 4.1.16...

8.8CVSS5.8AI score0.00867EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/19 11:22 p.m.9 views

WordPress Flipbox Addon for Elementor plugin <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Custom Attributes vulnerability discovered by WordFence in WordPress Plugin Ultimate Flipbox Addon for Elementor versions = 2.0.8...

6.4CVSS5.8AI score0.00249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/19 11:18 p.m.6 views

WordPress Pz-LinkCard plugin <= 2.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Pz-LinkCard versions = 2.5.8.1...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/18 3:7 p.m.9 views

WordPress EMC – Easily Embed Calendly Scheduling plugin <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Embed Calendly versions = 4.4...

6.4CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:46 p.m.4 views

WordPress Contextual Related Posts plugin <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Contextual Related Posts versions = 4.2.1...

6.4CVSS5.8AI score0.00304EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:21 p.m.9 views

WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.9 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Content Blocks Custom Post Widget versions = 3.3.9...

6.4CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:16 p.m.7 views

WordPress Categories Images plugin <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Categories Images versions = 3.3.1...

5.4CVSS5.8AI score0.00246EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:48 p.m.6 views

WordPress Page Builder Gutenberg Blocks – CoBlocks plugin <= 3.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Fernando Mecozzi in WordPress Plugin CoBlocks versions = 3.1.16...

6.4CVSS5.8AI score0.00406EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 10:0 a.m.5 views

WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Muhammad Sharief in WordPress Plugin WpStream versions 4.11.2...

5.8AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:57 a.m.9 views

WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability

WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin = 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability discovered by Prickly Cactus in WordPress Plugin FluentForm...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:56 a.m.7 views

WordPress Unlimited Elements For Elementor plugin <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal vulnerability

Authenticated Contributor+ Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.6...

7.5CVSS5.8AI score0.00901EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:44 a.m.8 views

WordPress wpForo Forum plugin <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability discovered by Jared Reyes in WordPress Plugin wpForo Forum versions = 2.4.16...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:26 a.m.5 views

WordPress WP Statistics plugin <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure and Privacy Audit Manipulation vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin WP Statistics versions = 14.16.4...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:21 a.m.6 views

WordPress WP Statistics plugin <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via 'utmsource' Parameter vulnerability discovered by daroo in WordPress Plugin WP Statistics versions = 14.16.4...

7.2CVSS5.8AI score0.00476EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:19 a.m.5 views

WordPress MasterStudy LMS plugin <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability

Authenticated Subscriber+ Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin MasterStudy LMS versions = 3.7.25...

6.5CVSS5.8AI score0.00462EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:10 a.m.8 views

WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin <= 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability

WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin = 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin DirectoryPress versions = 3.6.26...

7.5CVSS5.8AI score0.00387EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 8:28 a.m.7 views

WordPress WowShipping Pro plugin < 1.0.8 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WowShipping Pro versions 1.0.8...

5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:20 a.m.5 views

WordPress CMS für Motorrad Werkstätten plugin <= 1.0.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Régis SENET - ORHUS in WordPress Plugin CMS für Motorrad Werkstätten versions = 1.0.0...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:16 a.m.16 views

WordPress Canto plugin <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Setting Modification vulnerability discovered by Legion Hunter in WordPress Plugin Canto versions = 3.1.1...

4.3CVSS5.8AI score0.00282EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46684