Lucene search
K
PatchstackRecent

46541 matches found

Patchstack
Patchstack
added 2026/06/24 8:11 a.m.7 views

WordPress SignUp & SignIn plugin <= 1.0.0 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin SignUp & SignIn versions = 1.0.0...

9.8CVSS5.8AI score0.00454EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/24 7:22 a.m.5 views

WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Funnel Builder by FunnelKit versions = 3.15.0.5...

7.6CVSS6AI score0.00226EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:46 p.m.4 views

WordPress WP Meta SEO plugin <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Enes Ismail - Enes in WordPress Plugin WP Meta SEO versions = 4.5.18...

6.4CVSS5.8AI score0.00242EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:46 p.m.5 views

WordPress WP Latest Posts plugin <= 5.0.11 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Latest Posts versions = 5.0.11...

6.4CVSS5.8AI score0.00207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:42 p.m.4 views

WordPress MIR blocks and shortcodes plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin MIR blocks and shortcodes versions = 1.0.0...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:41 p.m.5 views

WordPress Advanced Contact Form 7 – Compact DB plugin <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Advanced Contact Form 7 – Compact DB versions = 1.0.0...

5.3CVSS5.9AI score0.00295EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:41 p.m.5 views

WordPress Bulk SEO Image plugin <= 1.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by nishida azuka in WordPress Plugin Bulk SEO Image versions = 1.1...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:41 p.m.5 views

WordPress Blue Captcha plugin <= 2.0.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Kamil Królikowski - Asseco Poland S.A. in WordPress Plugin Blue Captcha versions = 2.0.1...

4.3CVSS5.8AI score0.00146EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:41 p.m.5 views

WordPress MotorDesk plugin <= 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin MotorDesk versions = 1.1.2...

4.3CVSS5.8AI score0.00145EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:40 p.m.5 views

WordPress Book a Room Event Calendar plugin <= 1.9 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin Book a Room Event Calendar versions = 1.9...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:40 p.m.5 views

WordPress Avalon23 Products Filter for WooCommerce plugin <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Avalon23 Products Filter for WooCommerce versions = 1.1.6...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:40 p.m.5 views

WordPress Generate Security.txt plugin <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Security.txt Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Security.txt Deletion vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Generate Security.txt versions = 1.0.12...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:40 p.m.4 views

WordPress Reviews and Rating – Docplanner plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Reviews and Rating – Docplanner versions = 1.1.4...

4.3CVSS5.8AI score0.00307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:40 p.m.5 views

WordPress WhatsOrder – Instant Checkout for WooCommerce plugin <= 1.0.1 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin WhatsOrder – Instant Checkout for WooCommerce versions = 1.0.1...

5.3CVSS5.8AI score0.00308EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:39 p.m.5 views

WordPress Devs Accounting – Simple Accounting and Invoicing Solution plugin <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion vulnerability

Missing Authorization to Unauthenticated Account Deletion vulnerability discovered by jamaal in WordPress Plugin Devs Accounting – Simple Accounting and Invoicing Solution versions = 1.2.0...

5.3CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:39 p.m.4 views

WordPress Devs Accounting – Simple Accounting and Invoicing Solution plugin <= 1.2.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by jamaal in WordPress Plugin Devs Accounting – Simple Accounting and Invoicing Solution versions = 1.2.0...

5.3CVSS5.8AI score0.00348EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:39 p.m.5 views

WordPress 24liveblog – live blog tool plugin <= 2.2 - Missing Authorization to Authenticated (Author+) Settings Modification vulnerability

Missing Authorization to Authenticated Author+ Settings Modification vulnerability discovered by g0wthr in WordPress Plugin 24liveblog – live blog tool versions = 2.2...

4.3CVSS5.8AI score0.00215EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:38 p.m.4 views

WordPress 24liveblog – live blog tool plugin <= 2.2 - Authenticated (Contributor+) Exposure of Sensitive Information vulnerability

Authenticated Contributor+ Exposure of Sensitive Information vulnerability discovered by g0wthr in WordPress Plugin 24liveblog – live blog tool versions = 2.2...

4.3CVSS5.8AI score0.0021EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:38 p.m.4 views

WordPress Osiris Signature Banner plugin <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin Osiris Signature Banner versions = 0.5...

6.1CVSS5.8AI score0.00135EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:38 p.m.4 views

WordPress RentMy Real-Time Rental Management Plugin plugin <= 4.0.4.1 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin RentMy Real-Time Rental Management Plugin versions = 4.0.4.1...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:38 p.m.4 views

WordPress Advance Nav Menu Manager plugin <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Nav Menu Item Modification vulnerability discovered by Hardik Patel in WordPress Plugin Advance Nav Menu Manager versions = 1.3...

4.3CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:38 p.m.6 views

WordPress SearchPlus plugin <= 1.7.1 - Missing Authorization to Unauthenticated Settings Modification and Deletion vulnerability

Missing Authorization to Unauthenticated Settings Modification and Deletion vulnerability discovered by Legion Hunter in WordPress Plugin SearchPlus versions = 1.7.1...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:38 p.m.5 views

WordPress Assistio plugin <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Assistio versions = 1.1.2...

4.3CVSS5.8AI score0.00238EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:37 p.m.5 views

WordPress Secufor_OAuth plugin <= 1.0.7 - Missing Authorization to Unauthenticated Account Logout vulnerability

Missing Authorization to Unauthenticated Account Logout vulnerability discovered by SHIVAM KUMAR in WordPress Plugin SecuforOAuth versions = 1.0.7...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:37 p.m.5 views

WordPress MP Customize Login Page plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin MP Customize Login Page versions = 1.0...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 2:2 p.m.3 views

WordPress Themify Store Locator plugin <= 1.2.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Store Locator versions = 1.2.0...

5.9AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 2:2 p.m.3 views

WordPress Themify Event Post plugin <= 1.3.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Event Post versions = 1.3.3...

5.9AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 2:1 p.m.5 views

WordPress Xpro Addons — 140+ Widgets for Elementor plugin <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Huazu Jiang anjhz0318 - Tsinghua University in WordPress Plugin Xpro Elementor Addons versions = 1.7.2...

6.4CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 1:58 p.m.4 views

WordPress Themify Portfolio Post plugin <= 1.2.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Portfolio Post versions = 1.2.9...

5.9AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 1:49 p.m.4 views

WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Popup versions = 1.4.3...

5.9AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 12:48 p.m.4 views

WordPress 워드프레스 결제 심플페이 plugin <= 5.5.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by qdtad in WordPress Plugin 워드프레스 결제 심플페이 versions = 5.5.6...

9.3CVSS6AI score0.00236EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 12:42 p.m.5 views

WordPress BitFire Security plugin <= 5.0.3 - Multiple Vulnerabilities vulnerability

Multiple Vulnerabilities vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin BitFire Security versions = 5.0.3...

8.6CVSS5.8AI score0.00275EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 12:30 p.m.8 views

WordPress Library Management System plugin <= 3.5.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Benedictus Jovan aillesim/eneri in WordPress Plugin Library Management System versions = 3.5.7...

9.3CVSS6AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 12:26 p.m.8 views

WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by VanTastic in WordPress Plugin Dokan Pro versions = 5.0.4...

9.8CVSS5.8AI score0.00331EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 12:19 p.m.5 views

WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by dutafi in WordPress Plugin Buddyboss Platform versions = 3.0.4...

9.8CVSS5.9AI score0.00525EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 12:8 p.m.5 views

WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by theviper17 in WordPress Plugin utm.codes versions = 1.9.0...

6.4CVSS5.8AI score0.0022EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 10:2 a.m.6 views

WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Uncanny Automator versions = 7.3.1.2...

8.1CVSS5.9AI score0.00317EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 9:31 a.m.6 views

WordPress Paytium plugin <= 5.0.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Nabil Irawan in WordPress Plugin Paytium versions = 5.0.2...

9.8CVSS5.8AI score0.00331EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 9:27 a.m.5 views

WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by ParkHyunWoo in WordPress Plugin CorvusPay WooCommerce Payment Gateway versions = 2.7.4...

7.5CVSS5.8AI score0.00294EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 9:27 a.m.6 views

WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Evan NR in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.9...

9.8CVSS5.8AI score0.0036EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 9:21 a.m.5 views

WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Jakub Herman in WordPress Plugin Booster for WooCommerce versions = 8.0.1...

9.9CVSS5.8AI score0.00328EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 9:15 a.m.6 views

WordPress Italian Restaurant theme <= 3.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Italian Restaurant versions = 3.0.2...

7.1CVSS5.8AI score0.00263EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 9:6 a.m.6 views

WordPress MainWP Child plugin <= 6.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by mcdruid in WordPress Plugin MainWP Child versions = 6.1.1...

7.5CVSS5.8AI score0.00223EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 12:0 a.m.5 views

WordPress Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin <= 2.11.4 - Authenticated (Contributor+) Account Takeover vulnerability

Authenticated Contributor+ Account Takeover vulnerability discovered by tiborisaak in WordPress Plugin Ultimate Member versions = 2.11.4...

8.8CVSS5.8AI score0.00499EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 11:0 p.m.6 views

NPM: devbridge-autocomplete has XSS in its default formatters: formatGroup and formatResult fail to escape HTML in untrusted inputs

NPM: devbridge-autocomplete has XSS in its default formatters: formatGroup and formatResult fail to escape HTML in untrusted inputs vulnerability discovered by ? in WordPress Npm devbridge-autocomplete versions = 2.0.0...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/22 10:57 p.m.4 views

NPM: scimPatch vulnerable to prototype pollution via unfiltered keys in patch

NPM: scimPatch vulnerable to prototype pollution via unfiltered keys in patch vulnerability discovered by ? in WordPress Npm scim-patch versions = 0.9.0...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/22 12:35 p.m.8 views

WordPress Transbank Webpay plugin < 1.14.0 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Mateo Contenla & Matías Schiappacasse in WordPress Plugin Transbank Webpay REST versions 1.14.0...

7.1CVSS5.8AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 12:33 p.m.3 views

WordPress CF7 Auto Responder Addon plugin < 2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin CF7 Auto Responder Addon versions 2.5...

5.3CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/22 11:32 a.m.7 views

WordPress LBG Zoominoutslider plugin <= 5.4.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin LBG Zoominoutslider versions = 5.4.4...

8.5CVSS6AI score0.00224EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/22 9:54 a.m.9 views

WordPress Vitepos plugin < 3.4.2 - Outlet Manager+ Privilege Escalation vulnerability

Outlet Manager+ Privilege Escalation vulnerability discovered by RealKingEngine ISAL FRAMEWORK in WordPress Plugin Vitepos versions 3.4.2...

8.8CVSS5.8AI score0.00237EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46541