Lucene search
K
PatchstackRecent

46704 matches found

Patchstack
Patchstack
added 2026/03/23 6:13 p.m.4 views

WordPress REST API TO MiniProgram plugin <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference via 'userid' REST API Parameter vulnerability discovered by WordFence in WordPress Plugin REST API TO MiniProgram versions = 5.1.2...

5.3CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:9 p.m.9 views

WordPress Sherk Custom Post Type Displays plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin Sherk Custom Post Type Displays versions = 1.2.1...

6.4CVSS5.8AI score0.00204EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:6 p.m.6 views

WordPress e-shot plugin <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via API Token via 'eshot_form_builder_get_account_data' AJAX Action vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure via API Token via 'eshotformbuildergetaccountdata' AJAX Action vulnerability discovered by Poli - CMC Global in WordPress Plugin e-shot versions = 1.0.2...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:5 p.m.6 views

WordPress Punnel plugin <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update via 'punnel_save_config' AJAX Action vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update via 'punnelsaveconfig' AJAX Action vulnerability discovered by Poli - CMC Global in WordPress Plugin Punnel – Landing Page Builder versions = 1.3.1...

5.3CVSS5.8AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:4 p.m.6 views

WordPress Smarter Analytics plugin <= 2.0 - Missing Authorization to Unauthenticated Plugin Settings Reset via 'reset' Parameter vulnerability

Missing Authorization to Unauthenticated Plugin Settings Reset via 'reset' Parameter vulnerability discovered by Poli - CMC Global in WordPress Plugin Smarter Analytics versions = 2.0...

5.3CVSS5.8AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:3 p.m.5 views

WordPress Integration with Hubspot Forms plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Integration with Hubspot Forms versions = 1.2.2...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:2 p.m.4 views

WordPress Twitter Feeds plugin <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute vulnerability

Authenticated Contributor+ Cross-Site Scripting via 'tweettitle' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Twitter Feeds versions = 1.0.0...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 6:1 p.m.5 views

WordPress Simple Football Scoreboard plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Football Scoreboard versions = 1.0...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 5:25 p.m.6 views

WordPress Speedup Optimization plugin <= 1.5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via 'speedup01_enabled' AJAX Action vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification via 'speedup01enabled' AJAX Action vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Speedup Optimization versions = 1.5.9...

4.3CVSS5.8AI score0.00207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 5:17 p.m.5 views

WordPress Outgrow plugin <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'outgrow' Shortcode 'id' Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'outgrow' Shortcode 'id' Attribute vulnerability discovered by theviper17y in WordPress Plugin Outgrow versions = 2.1...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 5:16 p.m.10 views

WordPress Neos Connector for Fakturama plugin <= 0.0.14 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Neos Connector for Fakturama versions = 0.0.14...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 5:0 p.m.5 views

WordPress Post Snippits plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Post Snippits versions = 1.0...

6.1CVSS5.8AI score0.0012EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 4:59 p.m.7 views

WordPress WordPress PayPal Donation plugin <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'amount' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin WordPress PayPal Donation versions = 1.01...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 4:57 p.m.5 views

WordPress Paypal Shortcodes plugin <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' and 'name' Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'amount' and 'name' Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Paypal Shortcodes versions = 0.3...

6.4CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 4:34 p.m.6 views

WordPress WP Games Embed plugin <= 0.1beta - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin WP Games Embed versions = 0.1beta...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 4:34 p.m.5 views

WordPress Text Toggle plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Text Toggle versions = 1.1...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 4:32 p.m.5 views

WordPress fyyd podcast shortcodes plugin <= 0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin fyyd podcast shortcodes versions = 0.3.1...

6.4CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 4:32 p.m.5 views

WordPress Sheets2Table plugin <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titles' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'titles' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Sheets2Table versions = 0.4.1...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 4:31 p.m.7 views

WordPress Show Posts list plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Show Posts list versions = 1.1.0...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 4:26 p.m.5 views

WordPress Ad Short plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'client' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'client' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Ad Short versions = 2.0.1...

6.4CVSS5.8AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 4:24 p.m.4 views

WordPress WP Random Button plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cat' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'cat' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin WP Random Button versions = 1.0...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 4:0 p.m.4 views

WordPress login_register plugin <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin loginregister versions = 1.2.0...

4.3CVSS5.8AI score0.00145EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 3:35 p.m.7 views

WordPress Ecover Builder For Dummies plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Ecover Builder For Dummies versions = 1.0...

6.4CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/23 3:26 p.m.11 views

WordPress WP REST Cache plugin <= 2026.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP REST Cache versions = 2026.1.0...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 3:21 p.m.6 views

WordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by 0xd4rk5id3 in WordPress Plugin User Registration versions = 4.4.9...

8.1CVSS5.8AI score0.00345EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2026/03/23 3:10 p.m.6 views

WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Element Pack Elementor Addons versions = 8.4.2...

7.6CVSS6AI score0.00236EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 3:3 p.m.7 views

WordPress WPBookit Pro plugin <= 1.6.18 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phat RiO in WordPress Plugin WPBookit Pro versions = 1.6.18...

9.9CVSS5.8AI score0.00328EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 3:1 p.m.5 views

WordPress ProfileGrid plugin <= 5.9.8.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin ProfileGrid versions = 5.9.8.1...

6.5CVSS5.8AI score0.00156EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:56 p.m.7 views

WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin JetFormBuilder versions = 3.5.6.1...

9.9CVSS5.9AI score0.00294EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:51 p.m.4 views

WordPress WP Courses LMS plugin <= 3.2.26 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Duc Canh canhnguyen26 in WordPress Plugin WP Courses LMS versions = 3.2.26...

6.5CVSS5.8AI score0.00156EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:48 p.m.7 views

WordPress Contact Form Email plugin <= 1.3.63 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by huli07 in WordPress Plugin Contact Form Email versions = 1.3.63...

6.5CVSS5.8AI score0.00296EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:48 p.m.8 views

WordPress PPWP plugin <= 1.9.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin PPWP versions = 1.9.15...

5.4CVSS5.8AI score0.00131EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:47 p.m.11 views

WordPress WP Cost Estimation & Payment Forms Builder plugin < 10.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin WP Cost Estimation & Payment Forms Builder versions 10.3.0...

7.5CVSS5.8AI score0.00377EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:43 p.m.6 views

WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Phat RiO in WordPress Plugin Tutor LMS Pro versions = 3.9.4...

8.8CVSS5.8AI score0.00342EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:40 p.m.7 views

WordPress Car Dealer theme <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Car Dealer versions = 1.6.7...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:38 p.m.5 views

WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin The Grid versions 2.8.0...

7.1CVSS5.8AI score0.00307EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:38 p.m.10 views

WordPress Vertex Addons for Elementor plugin <= 1.6.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin Vertex Addons for Elementor versions = 1.6.4...

6.5CVSS5.8AI score0.00293EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:37 p.m.4 views

WordPress Commerce Coinbase For WooCommerce plugin <= 1.6.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Commerce Coinbase For WooCommerce versions = 1.6.6...

7.5CVSS5.8AI score0.00262EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:36 p.m.6 views

WordPress User Verification plugin <= 2.0.45 - Email Verification Bypass vulnerability

Email Verification Bypass vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin User Verification versions = 2.0.45...

5.3CVSS5.8AI score0.00221EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:35 p.m.6 views

WordPress weForms plugin <= 1.6.26 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin weForms versions = 1.6.26...

8.8CVSS5.8AI score0.0028EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:31 p.m.5 views

WordPress WP TripAdvisor Review Slider plugin <= 14.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Doan Dinh Van in WordPress Plugin WP TripAdvisor Review Slider versions = 14.1...

6.5CVSS5.8AI score0.00156EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:29 p.m.8 views

WordPress Booking and Rental Manager plugin <= 2.6.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin Booking and Rental Manager versions = 2.6.0...

6.5CVSS5.8AI score0.00305EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:28 p.m.5 views

WordPress Five Star Restaurant Reservations plugin <= 2.7.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by johska in WordPress Plugin Five Star Restaurant Reservations versions = 2.7.9...

6.5CVSS5.8AI score0.00209EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:25 p.m.6 views

WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 2.0.1...

7.1CVSS5.8AI score0.00142EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:19 p.m.5 views

WordPress VK All in One Expansion Unit plugin <= 9.113.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin VK All in One Expansion Unit versions = 9.113.3...

6.5CVSS5.9AI score0.00156EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:18 p.m.7 views

WordPress Nelio AB Testing plugin <= 8.2.7 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin Nelio AB Testing versions = 8.2.7...

9.1CVSS5.9AI score0.00297EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:15 p.m.5 views

WordPress Contact Form by WPForms plugin <= 1.9.8.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by CidKagenouSama in WordPress Plugin Contact Form by WPForms versions = 1.9.8.7...

6.5CVSS5.8AI score0.00234EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 2:15 p.m.7 views

WordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeover vulnerability

Account Takeover vulnerability discovered by daroo in WordPress Plugin Contest Gallery versions = 28.1.2.2...

9.8CVSS5.8AI score0.00416EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 1:57 p.m.4 views

WordPress Ultimate Membership Pro plugin <= 13.7 - Account Takeover vulnerability

Account Takeover vulnerability discovered by Phat RiO in WordPress Plugin Ultimate Membership Pro versions = 13.7...

8.1CVSS5.8AI score0.00342EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 1:41 p.m.5 views

WordPress The Grid plugin < 2.8.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO in WordPress Plugin The Grid versions 2.8.0...

6.5CVSS5.8AI score0.00205EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46704