Lucene search
K
PatchstackRecent

46704 matches found

Patchstack
Patchstack
added 2026/03/31 5:34 p.m.10 views

WordPress Contact Form by WPForms plugin <= 1.10.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by vladimir tokarev in WordPress Plugin Contact Form by WPForms versions = 1.10.0.2...

8.1CVSS5.8AI score0.00101EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/31 12:20 p.m.5 views

WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Simple Membership versions = 4.7.1...

5.9AI score0.00251EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/31 11:2 a.m.5 views

WordPress Auto Post Scheduler plugin <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via apsoptionspage vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Auto Post Scheduler versions = 1.84...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/31 10:55 a.m.5 views

WordPress WooPayments plugin <= 10.5.1 - Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update via saveupeappearanceajax vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WooCommerce Payments versions = 10.5.1...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/31 10:17 a.m.6 views

WordPress Kubio AI Page Builder plugin <= 2.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Kubio AI Page Builder versions = 2.7.0...

6.5CVSS5.9AI score0.0013EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/31 8:30 a.m.4 views

WordPress Loco Translate plugin <= 2.8.2 - Reflected Cross-Site Scripting via 'update_href' Parameter vulnerability

Reflected Cross-Site Scripting via 'updatehref' Parameter vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Loco Translate versions = 2.8.2...

6.1CVSS5.9AI score0.00291EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/31 7:50 a.m.7 views

WordPress Oxygen theme <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path vulnerability

Unauthenticated Server-Side Request Forgery via routepath vulnerability discovered by Ahmed Rayen Ayari in WordPress Theme Oxygen versions = 6.0.8...

7.2CVSS5.9AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/31 7:2 a.m.8 views

WordPress Gravity SMTP plugin <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API vulnerability

Unauthenticated Sensitive Information Exposure via REST API vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Gravity SMTP versions = 2.1.4...

7.5CVSS5.9AI score0.39704EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/03/31 6:57 a.m.6 views

WordPress Everest Forms Pro plugin <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field vulnerability

Unauthenticated Remote Code Execution via Calculation Field vulnerability discovered by hoshino in WordPress Plugin Everest Forms Pro versions = 1.9.12...

9.8CVSS6AI score0.40992EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/03/31 6:45 a.m.6 views

WordPress Contact Form by Supsystic plugin <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality vulnerability

Unauthenticated Server-Side Template Injection via Prefill Functionality vulnerability discovered by kiseki - Heroes Cyber Security in WordPress Plugin Contact Form by Supsystic versions = 1.7.36...

9.8CVSS5.9AI score0.41475EPSS
Exploits7References1Affected Software1
Patchstack
Patchstack
added 2026/03/31 1:15 a.m.5 views

WordPress Royal Elementor Addons plugin <= 1.7.1056 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Royal Elementor Addons versions = 1.7.1056...

5.3CVSS5.8AI score0.00178EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/31 12:9 a.m.5 views

WordPress Ibtana - WordPress Website Builder plugin <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

WordPress Ibtana - WordPress Website Builder plugin = 1.2.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ibtana versions = 1.2.5.7...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/31 12:8 a.m.4 views

WordPress Truebooker - Appointment Booking and Scheduler Plugin plugin <= 1.1.4 - Sensitive Information Exposure via Views Files vulnerability

WordPress Truebooker - Appointment Booking and Scheduler Plugin plugin = 1.1.4 - Sensitive Information Exposure via Views Files vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin TrueBooker versions = 1.1.4...

5.3CVSS5.9AI score0.00205EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 9:7 p.m.4 views

WordPress Debugger & Troubleshooter plugin <= 1.3.2 - Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation vulnerability

Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Debugger & Troubleshooter versions = 1.3.2...

8.8CVSS5.9AI score0.00422EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 1:38 p.m.6 views

WordPress Fluent Booking plugin <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability

Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Fluent Booking versions = 2.0.01...

7.2CVSS5.9AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 1:11 p.m.4 views

WordPress Ultimate Member plugin <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag vulnerability

Authenticated Contributor+ Sensitive Information Exposure to Account Takeover via Shortcode Template Tag vulnerability discovered by HDH - FPT Software in WordPress Plugin Ultimate Member versions = 2.11.2...

8CVSS5.9AI score0.00229EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 1:3 p.m.12 views

WordPress Blackhole for Bad Bots plugin <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header vulnerability

Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header vulnerability discovered by Huynh Pham Thanh Luc in WordPress Plugin Blackhole for Bad Bots versions = 3.8...

7.2CVSS5.9AI score0.00315EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 12:47 p.m.6 views

WordPress LeadConnector plugin < 3.0.22 - Unauthenticated Rest Call vulnerability

Unauthenticated Rest Call vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin LeadConnector versions 3.0.22...

5.3CVSS5.9AI score0.00241EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 12:36 p.m.4 views

WordPress Shared Files plugin < 1.7.58 - Contributor+ Arbitrary File Download vulnerability

Contributor+ Arbitrary File Download vulnerability discovered by Muhammad Rohan khan in WordPress Plugin Shared Files versions 1.7.58...

6.8CVSS5.9AI score0.0043EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 11:21 a.m.5 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts vulnerability

Authenticated Editor+ PHP Object Injection via 'postcontent' of Admin Form Posts vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.31...

7.2CVSS5.9AI score0.00533EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 9:46 a.m.4 views

WordPress FloristPress for Woo plugin <= 7.8.2 - Reflected Cross-Site Scripting via 'noresults' Parameter vulnerability

Reflected Cross-Site Scripting via 'noresults' Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin FloristPress versions = 7.8.2...

6.1CVSS5.9AI score0.0027EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 9:3 a.m.13 views

WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter vulnerability

WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin = 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin JS Help Desk versions = 3.0.4...

7.5CVSS6AI score0.00304EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 8:35 a.m.9 views

WordPress SureForms plugin <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id' vulnerability

Unauthenticated Payment Amount Validation Bypass via 'formid' vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin SureForms versions = 2.5.2...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 8:23 a.m.6 views

WordPress Masteriyo LMS plugin <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator vulnerability

Missing Authorization to Authenticated Student+ Privilege Escalation to Administrator vulnerability discovered by Hunter Jensen skid in WordPress Plugin Masteriyo - LMS versions = 2.1.6...

9.8CVSS5.9AI score0.00353EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 8:6 a.m.4 views

WordPress Responsive Plus plugin < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Responsive Plus versions 3.4.3...

6.5CVSS5.9AI score0.00323EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 8:1 a.m.4 views

WordPress WP Job Portal plugin <= 2.4.9 - Authenticated (Subscriber+) Arbitrary File Deletion via Resume Custom File Field vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via Resume Custom File Field vulnerability discovered by daroo in WordPress Plugin WP Job Portal versions = 2.4.9...

8.8CVSS5.9AI score0.0078EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 8:1 a.m.7 views

WordPress ThemeREX Addons plugin < 2.38.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Erwan LR WPScan in WordPress Plugin ThemeREX Addons versions 2.38.5...

5.3CVSS5.9AI score0.00198EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 7:44 a.m.4 views

WordPress Download Monitor plugin <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id' vulnerability

Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'orderid' vulnerability discovered by Hung Nguyen bashu - VN in WordPress Plugin Download Monitor versions = 5.1.7...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 7:42 a.m.9 views

WordPress Twentig plugin <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'featuredImageSizeWidth' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'featuredImageSizeWidth' vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Twentig Supercharged Block Editor versions = 1.9.7...

6.4CVSS5.9AI score0.0016EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 7:38 a.m.15 views

WordPress WP Lightbox 2 plugin < 3.0.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin WP Lightbox 2 versions 3.0.7...

4.8CVSS5.9AI score0.00189EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 7:31 a.m.6 views

WordPress Conditional Menus plugin <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update vulnerability

Cross-Site Request Forgery to Menu Options Update vulnerability discovered by Daniel Basta whizzu - NASK PIB in WordPress Plugin Conditional Menus versions = 1.2.6...

4.3CVSS5.9AI score0.00156EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 7:29 a.m.7 views

WordPress Complianz - GDPR/CCPA Cookie Consent plugin <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter vulnerability

WordPress Complianz - GDPR/CCPA Cookie Consent plugin = 7.4.4.2 - Authenticated Contributor+ Stored Cross-Site Scripting via Content Filter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Complianz versions = 7.4.4.2...

4.9CVSS5.9AI score0.00222EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/30 7:28 a.m.6 views

WordPress Elementor Website Builder plugin <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template vulnerability

Incorrect Authorization to Authenticated Contributor+ Sensitive Information Exposure via Elementor Template vulnerability discovered by shark3y in WordPress Plugin Elementor Website Builder versions = 3.35.7...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/28 5:15 p.m.5 views

WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.7.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Advanced Coupons for WooCommerce Coupons versions = 4.7.1.1...

6.5CVSS5.9AI score0.00156EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/28 7:7 a.m.6 views

WordPress AI Engine (Pro) plugin < 3.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin AI Engine Pro versions 3.4.2...

4.3CVSS5.9AI score0.00165EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/28 3:54 a.m.12 views

WordPress Tourfic plugin <= 2.21.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Tourfic versions = 2.21.4...

5.3CVSS5.9AI score0.00221EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/28 1:45 a.m.4 views

WordPress Quads Ads Manager for Google AdSense plugin <= 2.0.98.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Ad Metadata Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Ad Metadata Parameters vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ads by WPQuads versions = 2.0.98.1...

5.4CVSS5.9AI score0.00145EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/28 1:44 a.m.7 views

WordPress Pagelayer plugin <= 2.0.7 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email' vulnerability

Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email' vulnerability discovered by Drew Webber mcdruid in WordPress Plugin PageLayer versions = 2.0.7...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/28 1:43 a.m.4 views

WordPress Ninja Forms plugin <= 3.14.1 - Authenticated (Contributor+) Sensitive Information Disclosure via Block Editor Token vulnerability

Authenticated Contributor+ Sensitive Information Disclosure via Block Editor Token vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Ninja Forms versions = 3.14.1...

6.5CVSS5.9AI score0.00225EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/27 12:24 p.m.4 views

WordPress Amelia Booking Pro plugin <= 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change vulnerability

Authenticated Customer+ Insecure Direct Object Reference to Arbitrary User Password Change vulnerability discovered by Hunter Jensen skid in WordPress Plugin Amelia versions = 9.1.2...

8.8CVSS5.9AI score0.00382EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/27 11:37 a.m.6 views

WordPress DSGVO snippet for Leaflet Map and its Extensions plugin <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'unset' Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'unset' Attribute vulnerability discovered by zaim in WordPress Plugin DSGVO snippet for Leaflet Map and its Extensions versions = 3.1...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/27 11:24 a.m.4 views

WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow vulnerability

Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin FormLift for Infusionsoft Web Forms versions = 7.5.21...

5.3CVSS5.9AI score0.00473EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/27 11:21 a.m.5 views

WordPress Simple Download Counter plugin <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'text' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Simple Download Counter versions = 2.3...

6.4CVSS5.9AI score0.00239EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/27 11:21 a.m.6 views

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Meta Deletion via 'b2sresetsocialmetatags' AJAX Action vulnerability discovered by s00me00ne in WordPress Plugin Blog2Social versions = 8.8.2...

4.3CVSS5.9AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/27 11:19 a.m.5 views

WordPress BWL Advanced FAQ Manager Lite plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sbox_id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'sboxid' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BWL Advanced FAQ Manager Lite versions = 1.1.1...

6.4CVSS5.9AI score0.00204EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/27 11:16 a.m.5 views

WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Attachment Title vulnerability discovered by daroo in WordPress Plugin ShortPixel Image Optimizer versions = 6.4.3...

5.4CVSS5.9AI score0.00176EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/27 11:9 a.m.7 views

WordPress PeproDev Ultimate Invoice plugin < 2.2.6 - Unauthenticated Invoice Archive Download vulnerability

Unauthenticated Invoice Archive Download vulnerability discovered by Ashkan Moghaddas in WordPress Plugin PeproDev Ultimate Invoice versions 2.2.6...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/27 9:28 a.m.6 views

WordPress FOX plugin <= 1.4.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan in WordPress Plugin FOX versions = 1.4.5...

5.3CVSS5.9AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/27 6:55 a.m.6 views

WordPress Smart Slider 3 plugin <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAll vulnerability

Authenticated Subscriber+ Arbitrary File Read via actionExportAll vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Smart Slider 3 versions = 3.5.1.33...

6.5CVSS5.9AI score0.00484EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/27 3:27 a.m.5 views

WordPress CartFlows plugin <= 2.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin CartFlows versions = 2.2.3...

4.3CVSS5.9AI score0.00216EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46704