Lucene search
K
PatchstackRecent

46702 matches found

Patchstack
Patchstack
added 2026/04/19 11:22 p.m.9 views

WordPress Flipbox Addon for Elementor plugin <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Custom Attributes vulnerability discovered by WordFence in WordPress Plugin Ultimate Flipbox Addon for Elementor versions = 2.0.8...

6.4CVSS5.8AI score0.00249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/19 11:18 p.m.6 views

WordPress Pz-LinkCard plugin <= 2.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Pz-LinkCard versions = 2.5.8.1...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/18 3:7 p.m.9 views

WordPress EMC – Easily Embed Calendly Scheduling plugin <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Embed Calendly versions = 4.4...

6.4CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:46 p.m.4 views

WordPress Contextual Related Posts plugin <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Contextual Related Posts versions = 4.2.1...

6.4CVSS5.8AI score0.00304EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:21 p.m.9 views

WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.9 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Content Blocks Custom Post Widget versions = 3.3.9...

6.4CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:16 p.m.7 views

WordPress Categories Images plugin <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Categories Images versions = 3.3.1...

5.4CVSS5.8AI score0.00246EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:48 p.m.6 views

WordPress Page Builder Gutenberg Blocks – CoBlocks plugin <= 3.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Fernando Mecozzi in WordPress Plugin CoBlocks versions = 3.1.16...

6.4CVSS5.8AI score0.00406EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 10:0 a.m.5 views

WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Muhammad Sharief in WordPress Plugin WpStream versions 4.11.2...

5.8AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:57 a.m.9 views

WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability

WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin = 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability discovered by Prickly Cactus in WordPress Plugin FluentForm...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:56 a.m.7 views

WordPress Unlimited Elements For Elementor plugin <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal vulnerability

Authenticated Contributor+ Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.6...

7.5CVSS5.8AI score0.00901EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:44 a.m.8 views

WordPress wpForo Forum plugin <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability discovered by Jared Reyes in WordPress Plugin wpForo Forum versions = 2.4.16...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:26 a.m.5 views

WordPress WP Statistics plugin <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure and Privacy Audit Manipulation vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin WP Statistics versions = 14.16.4...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:21 a.m.6 views

WordPress WP Statistics plugin <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via 'utmsource' Parameter vulnerability discovered by daroo in WordPress Plugin WP Statistics versions = 14.16.4...

7.2CVSS5.8AI score0.00476EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:19 a.m.5 views

WordPress MasterStudy LMS plugin <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability

Authenticated Subscriber+ Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin MasterStudy LMS versions = 3.7.25...

6.5CVSS5.8AI score0.00462EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 9:10 a.m.8 views

WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin <= 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability

WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin = 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin DirectoryPress versions = 3.6.26...

7.5CVSS5.8AI score0.00387EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 8:28 a.m.7 views

WordPress WowShipping Pro plugin < 1.0.8 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WowShipping Pro versions 1.0.8...

5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:20 a.m.5 views

WordPress CMS für Motorrad Werkstätten plugin <= 1.0.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Régis SENET - ORHUS in WordPress Plugin CMS für Motorrad Werkstätten versions = 1.0.0...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:16 a.m.16 views

WordPress Canto plugin <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Setting Modification vulnerability discovered by Legion Hunter in WordPress Plugin Canto versions = 3.1.1...

4.3CVSS5.8AI score0.00282EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:13 a.m.11 views

WordPress Quiz and Survey Master (QSM) plugin <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability

Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Quiz And Survey Master versions = 10.1.0...

5.3CVSS5.8AI score0.00519EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:8 a.m.7 views

WordPress JetBackup plugin <= 3.1.19.8 - Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal in 'fileName' Parameter vulnerability

Authenticated Administrator+ Arbitrary Directory Deletion via Path Traversal in 'fileName' Parameter vulnerability discovered by lucsob in WordPress Plugin Backup Guard versions = 3.1.19.8...

4.9CVSS5.8AI score0.00713EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:7 a.m.9 views

WordPress LatePoint plugin <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability discovered by darkmode in WordPress Plugin LatePoint versions = 5.3.2...

5.3CVSS5.8AI score0.00689EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:6 a.m.8 views

WordPress Tutor LMS plugin <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter vulnerability

Authenticated Admin+ SQL Injection via 'date' Parameter vulnerability discovered by PRISM in WordPress Plugin Tutor LMS versions = 3.9.8...

6.5CVSS6AI score0.00497EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:4 a.m.6 views

WordPress Tutor LMS plugin <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order vulnerability

Authenticated Subscriber+ Arbitrary Course Content Manipulation via tutorupdatecoursecontentorder vulnerability discovered by momopon1415 in WordPress Plugin Tutor LMS versions = 3.9.8...

5.3CVSS5.8AI score0.00465EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:3 a.m.9 views

WordPress Kubio AI Page Builder plugin <= 2.7.2 - Missing Authorization to Authenticated (Contributor+) Limited File Upload via Kubio Block Attributes vulnerability

Missing Authorization to Authenticated Contributor+ Limited File Upload via Kubio Block Attributes vulnerability discovered by oolongeya - Dreamhack in WordPress Plugin Kubio AI Page Builder versions = 2.7.2...

5.3CVSS5.8AI score0.00536EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 2:1 a.m.7 views

WordPress Form Maker by 10Web plugin <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter vulnerability

Authenticated Administrator+ SQL Injection via 'ipsearch' Parameter vulnerability discovered by Sein Linn in WordPress Plugin Form Maker by 10Web versions = 1.15.40...

4.9CVSS6AI score0.00428EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/17 1:51 a.m.8 views

WordPress Royal Addons for Elementor plugin <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Instagram Feed Widget vulnerability discovered by Caspian in WordPress Plugin Royal Elementor Addons versions = 1.7.1056...

6.4CVSS5.8AI score0.00352EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/16 11:47 p.m.6 views

WordPress Better Find and Replace - AI-Powered Suggestions plugin <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title vulnerability

WordPress Better Find and Replace - AI-Powered Suggestions plugin = 1.7.9 - Authenticated Author+ Stored Cross-Site Scripting via Uploaded Image Title vulnerability discovered by kai63001 in WordPress Plugin Better Find and Replace versions = 1.7.9...

5.4CVSS5.8AI score0.00258EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/16 11:47 p.m.6 views

WordPress OneSignal - Web Push Notifications plugin <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'post_id' vulnerability

WordPress OneSignal - Web Push Notifications plugin = 3.8.0 - Missing Authorization to Authenticated Subscriber+ Post Meta Deletion via 'postid' vulnerability discovered by Muhammad Sharief in WordPress Plugin OneSignal – Web Push Notifications versions = 3.8.0...

3.1CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/16 3:59 p.m.12 views

WordPress WPZOOM Addons for Elementor plugin <= 1.3.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WPZOOM Addons for Elementor versions = 1.3.4...

5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 3:45 p.m.8 views

WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Redsys for WooCommerce Light versions = 7.0.0...

5.8AI score0.00246EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 3:45 p.m.7 views

WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme LuxeDrive versions = 1.4...

5.8AI score0.0032EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 3:44 p.m.6 views

WordPress Eldon theme <= 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Eldon versions = 1.4.1...

5.8AI score0.00308EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 3:44 p.m.6 views

WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Laurits versions = 1.5.1...

5.8AI score0.0025EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 3:44 p.m.6 views

WordPress Reina theme <= 2.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Reina versions = 2.1...

5.8AI score0.00395EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 3:43 p.m.9 views

WordPress ShiftUp theme <= 1.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme ShiftUp versions = 1.3...

5.8AI score0.00308EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 3:40 p.m.7 views

WordPress MagOne theme <= 9.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme MagOne versions = 9.0...

5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 3:38 p.m.6 views

WordPress Social Slider Feed plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Social Slider Feed versions = 2.3.2...

5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 3:36 p.m.6 views

WordPress HAPPY plugin <= 1.0.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin HAPPY versions = 1.0.10...

5.8AI score0.00307EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 3:35 p.m.9 views

WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Shipment Tracker for Woocommerce versions = 1.5.3.2...

5.8AI score0.00205EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 1:57 p.m.11 views

WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Abu Hurayra in WordPress Plugin B Blocks versions = 2.0.31...

5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 12:5 p.m.7 views

WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by CidKagenouSama in WordPress Plugin Ultra Addons for WPForms versions = 1.0.11...

5.8AI score0.00287EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 11:53 a.m.9 views

WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Events Calendar for GeoDirectory versions = 2.3.25...

5.8AI score0.00344EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 11:49 a.m.7 views

WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by luc in WordPress Plugin Academy LMS Pro versions 3.5.2...

5.8AI score0.00221EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 11:46 a.m.9 views

WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin Groundhogg versions = 4.4...

5.8AI score0.00342EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 11:39 a.m.4 views

WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Client Portal Pro versions = 5.6.2...

5.8AI score0.00412EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 11:8 a.m.5 views

WordPress Royal Elementor Addons Pro plugin < 1.7.1041 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by mcdruid in WordPress Plugin Royal Elementor Addons Pro versions 1.7.1041...

5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 11:5 a.m.8 views

WordPress ChapterOne theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme ChapterOne versions = 1.7...

5.8AI score0.00423EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 11:2 a.m.5 views

WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin User Registration Stripe versions = 1.3.14...

5.8AI score0.00244EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 11:1 a.m.9 views

WordPress WooCommerce Product Filters plugin < 2.0.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin WooCommerce Product Filters versions 2.0.6...

5.8AI score0.00375EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 10:55 a.m.7 views

WordPress Prismatic plugin <= 3.7.3 - Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-Shortcode vulnerability

Unauthenticated Stored Cross-Site Scripting via 'prismaticencoded' Pseudo-Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Prismatic versions = 3.7.3...

7.2CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46702