Lucene search
K
PatchstackRecent

46704 matches found

Patchstack
Patchstack
added 2026/03/23 7:51 p.m.5 views

WordPress WP Posts Re-order plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP Posts Re-order versions = 1.0...

4.3CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:50 p.m.6 views

WordPress Invelity Products Feeds plugin <= 1.2.6 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Invelity Product Feeds versions = 1.2.6...

8.1CVSS5.8AI score0.00173EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:41 p.m.5 views

WordPress itsukaita plugin <= 0.1.2 - Reflected Cross-Site Scripting via 'day_from' Parameter vulnerability

Reflected Cross-Site Scripting via 'dayfrom' Parameter vulnerability discovered by san6051 - PWC in WordPress Plugin itsukaita versions = 0.1.2...

6.1CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:39 p.m.5 views

WordPress Content Syndication Toolkit plugin <= 1.3 - Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability

Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability discovered by theviper17y in WordPress Plugin Content Syndication Toolkit versions = 1.3...

7.2CVSS5.8AI score0.00272EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:38 p.m.6 views

WordPress Performance Monitor plugin <= 1.0.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability

Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability discovered by Afshin Shekaari in WordPress Plugin Performance Monitor versions = 1.0.6...

7.2CVSS5.8AI score0.00374EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:34 p.m.9 views

WordPress Mandatory Field plugin <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings Fields vulnerability discovered by 0x34rth in WordPress Plugin Mandatory Field versions = 1.6.8...

4.4CVSS5.8AI score0.00195EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:31 p.m.6 views

WordPress Multi Post Carousel by Category plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'slides' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'slides' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Multi Post Carousel by Category versions = 1.4...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:29 p.m.6 views

WordPress Survey plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by 0x34rth in WordPress Plugin Survey versions = 1.1...

4.4CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:28 p.m.6 views

WordPress Add Google Social Profiles to Knowledge Graph Box plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Add Google Social Profiles to Knowledge Graph Box versions = 1.0...

4.3CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:27 p.m.7 views

WordPress PQ Addons - Creative Elementor Widgets plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Attributes vulnerability

WordPress PQ Addons - Creative Elementor Widgets plugin = 1.0.0 - Authenticated Contributor+ Stored Cross-Site Scripting via Widget Attributes vulnerability discovered by WordFence in WordPress Plugin PQ Addons – Creative Elementor Widgets versions = 1.0.0...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:26 p.m.11 views

WordPress Redirect countdown plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Redirect countdown versions = 1.0...

4.3CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:25 p.m.6 views

WordPress SR WP Minify HTML plugin <= 2.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SR WP Minify HTML versions = 2.1...

4.3CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:23 p.m.9 views

WordPress Schema Shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Schema Shortcode versions = 1.0...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:19 p.m.5 views

WordPress iVysilani Shortcode plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'width' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin iVysilani Shortcode versions = 3.0...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:18 p.m.4 views

WordPress Post Flagger plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'slug' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'slug' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Post Flagger versions = 1.1...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:17 p.m.6 views

WordPress WP NG Weather plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP NG Weather versions = 1.0.9...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:16 p.m.6 views

WordPress Tour & Activity Operator Plugin for TourCMS plugin <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Tour & Activity Operator Plugin for TourCMS versions = 1.7.0...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:14 p.m.5 views

WordPress Company Posts for LinkedIn plugin <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary LinkedIn Post Data Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary LinkedIn Post Data Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Company Posts for LinkedIn versions = 1.0.0...

4.3CVSS5.8AI score0.00238EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:13 p.m.10 views

WordPress Easy Image Gallery plugin <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery SHORTCODE Post Meta vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Gallery SHORTCODE Post Meta vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Easy Image Gallery versions = 1.5.3...

6.4CVSS5.9AI score0.00187EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:11 p.m.6 views

WordPress Weaver Show Posts plugin <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability discovered by Muqsith Barru - TCC in WordPress Plugin Weaver Show Posts versions = 1.8.1...

4.4CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:10 p.m.6 views

WordPress Quentn WP plugin <= 1.2.12 - Unauthenticated SQL Injection via 'qntn_wp_access' Cookie vulnerability

Unauthenticated SQL Injection via 'qntnwpaccess' Cookie vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Quentn WP versions = 1.2.12...

7.5CVSS5.9AI score0.00364EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:7 p.m.7 views

WordPress Task Manager plugin <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by theviper17y in WordPress Plugin Task Manager versions = 3.0.2...

6.5CVSS5.8AI score0.00252EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:5 p.m.6 views

WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin <= 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability

WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin = 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability discovered by Gibran Abdillah in WordPress Plugin App Builder versions = 5.5.10...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:5 p.m.7 views

WordPress MimeTypes Link Icons plugin <= 3.2.20 - Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post Content vulnerability

Authenticated Contributor+ Server-Side Request Forgery via Crafted Links in Post Content vulnerability discovered by Kai Aizen in WordPress Plugin MimeTypes Link Icons versions = 3.2.20...

8.3CVSS5.8AI score0.00316EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 7:1 p.m.8 views

WordPress myLinksDump plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters vulnerability

Authenticated Administrator+ SQL Injection via 'sortby' and 'sortorder' Parameters vulnerability discovered by san6051 - PWC in WordPress Plugin myLinksDump versions = 1.6...

7.2CVSS5.9AI score0.00354EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:59 p.m.6 views

WordPress Hr Press Lite plugin <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Employee Information Exposure vulnerability discovered by WordFence in WordPress Plugin Hr Press Lite versions = 1.0.2...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:56 p.m.6 views

WordPress Review Map by RevuKangaroo plugin <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Review Map by RevuKangaroo versions = 1.7...

4.4CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:54 p.m.11 views

WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability

Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Fonts Manager | Custom Fonts versions = 1.2...

7.5CVSS5.9AI score0.00384EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:53 p.m.6 views

WordPress Reward Video Ad for WordPress plugin <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Admin Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Reward Video Ad for WordPress versions = 1.6...

4.4CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:51 p.m.6 views

WordPress Ed's Font Awesome plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Ed's Font Awesome versions = 2.0...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:45 p.m.4 views

WordPress Ed's Social Share plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Ed's Social Share versions = 2.0...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:43 p.m.4 views

WordPress Ricerca - advanced search plugin <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings vulnerability

WordPress Ricerca - advanced search plugin = 1.1.12 - Authenticated Administrator+ Stored Cross-Site Scripting via Plugin's Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Ricerca – advanced search versions = 1.1.12...

4.4CVSS5.8AI score0.00154EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:38 p.m.8 views

WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Helpdesk Support Ticket System for WooCommerce versions = 2.1.2...

7.5CVSS5.8AI score0.00366EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:38 p.m.9 views

WordPress ElementCamp plugin <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter vulnerability

Authenticated Author+ SQL Injection via 'metaquerycompare' Parameter vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin ElementCamp versions = 2.3.6...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:34 p.m.6 views

WordPress Team plugin <= 5.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Team versions = 5.0.11...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:34 p.m.8 views

WordPress CMS Commander plugin <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter vulnerability

Authenticated Custom+ SQL Injection via 'orblogname' Parameter vulnerability discovered by WordFence in WordPress Plugin CMS Commander versions = 2.288...

8.8CVSS5.9AI score0.00341EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:33 p.m.7 views

WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by san6051 - PWC in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:32 p.m.4 views

WordPress Comment SPAM Wiper plugin <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'API Key' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Comment SPAM Wiper versions = 1.2.1...

4.4CVSS5.8AI score0.00189EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:31 p.m.6 views

WordPress SimpLy Gallery plugin <= 3.3.2 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by mcdruid in WordPress Plugin SimpLy Gallery versions = 3.3.2...

9.9CVSS5.8AI score0.00447EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:30 p.m.3 views

WordPress Wikilookup plugin <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Popup Width' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Popup Width' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Wikilookup versions = 1.1.5...

4.4CVSS5.8AI score0.00189EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:28 p.m.6 views

WordPress Woody ad snippets plugin <= 2.7.1 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Woody ad snippets versions = 2.7.1...

9.9CVSS5.9AI score0.00311EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:28 p.m.5 views

WordPress Canto plugin <= 3.1.1 - Missing Authorization to Unauthenticated File Upload vulnerability

Missing Authorization to Unauthenticated File Upload vulnerability discovered by oddshacker in WordPress Plugin Canto versions = 3.1.1...

5.3CVSS5.8AI score0.00437EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:27 p.m.5 views

WordPress Multi Functional Flexi Lightbox plugin <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via 'message' Parameter vulnerability discovered by san6051 - PWC in WordPress Plugin Multi Functional Flexi Lightbox versions = 1.2...

5.5CVSS5.8AI score0.0026EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:25 p.m.6 views

WordPress Xhanch - My Advanced Settings plugin <= 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability

WordPress Xhanch - My Advanced Settings plugin = 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Xhanch – My Advanced Settings versions = 1.1.2...

4.3CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:23 p.m.7 views

WordPress Lobot Slider Administrator plugin <= 0.6.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Lobot Slider Administrator versions = 0.6.0...

4.3CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:22 p.m.5 views

WordPress FuseDesk plugin <= 6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin FuseDesk versions = 6.8...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:21 p.m.7 views

WordPress Any Post Slider plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_type' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'posttype' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Any Post Slider versions = 1.0.4...

6.4CVSS5.8AI score0.00236EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:19 p.m.4 views

WordPress Appmax plugin <= 1.0.3 - Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint vulnerability

Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint vulnerability discovered by WordFence in WordPress Plugin Appmax versions = 1.0.3...

5.3CVSS5.8AI score0.003EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:18 p.m.7 views

WordPress Go Night Pro | WordPress Dark Mode Plugin plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'margin' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'margin' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Go Night Pro versions = 1.1.0...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:17 p.m.4 views

WordPress Build App Online plugin <= 1.0.23 - Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action vulnerability

Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action vulnerability discovered by WordFence in WordPress Plugin Build App Online versions = 1.0.23...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46704