Lucene search
K
PatchstackRecent

46704 matches found

Patchstack
Patchstack
added 2026/03/19 10:3 p.m.8 views

WordPress Photo Gallery, Sliders, Proofing and Themes - NextGEN Gallery plugin <= 4.0.4 - Authenticated (Author+) Local File Inclusion vulnerability

WordPress Photo Gallery, Sliders, Proofing and Themes - NextGEN Gallery plugin = 4.0.4 - Authenticated Author+ Local File Inclusion vulnerability discovered by WordFence in WordPress Plugin NextGEN Gallery versions = 4.0.4...

8.8CVSS5.8AI score0.00452EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/19 10:1 a.m.5 views

WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Client Invoicing by Sprout Invoices versions = 20.8.10...

5.9AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/19 4:42 a.m.4 views

WordPress Nelio Content plugin <= 4.3.1 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Steven Julian in WordPress Plugin Nelio Content versions = 4.3.1...

5.9AI score0.00145EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/19 4:32 a.m.9 views

WordPress Post SMTP plugin <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite vulnerability

Missing Authorization to Authenticated Subscriber+ Office 365 OAuth Configuration Overwrite vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Post SMTP versions = 3.8.0...

5.3CVSS5.8AI score0.0022EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/19 4:32 a.m.6 views

WordPress Code Embed plugin <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Fields vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Code Embed versions = 2.5.1...

6.4CVSS5.8AI score0.00198EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/19 4:31 a.m.10 views

WordPress Get Use APIs plugin < 2.0.10 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Ahmed Makawi in WordPress Plugin JSON Content Importer versions 2.0.10...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/18 1:6 p.m.6 views

WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Ultimate Post Kit versions = 4.0.21...

6.4CVSS5.8AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 1:5 p.m.5 views

WordPress WPVulnerability plugin <= 4.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WPVulnerability versions = 4.2.1...

6.5CVSS5.8AI score0.00363EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 12:44 p.m.7 views

WordPress Nexa Blocks plugin <= 1.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Nabil Irawan in WordPress Plugin Nexa Blocks versions = 1.1.1...

9.8CVSS5.8AI score0.00375EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 12:28 p.m.5 views

WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.2.2...

6.5CVSS5.8AI score0.00315EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 12:27 p.m.6 views

WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.9.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by johska in WordPress Plugin Print Invoice & Delivery Notes for WooCommerce versions = 5.9.0...

7.5CVSS5.8AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 12:26 p.m.11 views

WordPress Phox Hosting plugin <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Phox Hosting versions = 2.0.8...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 12:17 p.m.10 views

WordPress Booking calendar, Appointment Booking System plugin <= 3.2.36 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dragonzen in WordPress Plugin Booking calendar, Appointment Booking System versions = 3.2.36...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 12:6 p.m.5 views

WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Gutenberg Blocks versions = 1.2.8...

7.1CVSS5.8AI score0.00149EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 11:7 a.m.7 views

WordPress GZSEO plugin <= 2.0.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin GZSEO versions = 2.0.14...

6.5CVSS5.8AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 11:6 a.m.3 views

WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Que Thanh Tuan in WordPress Plugin Advanced WooCommerce Product Sales Reporting versions = 4.1.3...

9.3CVSS5.9AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 11:5 a.m.7 views

WordPress Kentha theme <= 4.7.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Kentha versions = 4.7.2...

5.8AI score0.00149EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 11:4 a.m.6 views

WordPress Fraud Prevention For Woocommerce plugin <= 2.3.3 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Fraud Prevention For Woocommerce versions = 2.3.3...

7.5CVSS5.8AI score0.00241EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 11:3 a.m.5 views

WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerability

Payment Bypass vulnerability discovered by Zeeshan Haider in WordPress Plugin EventPrime versions = 4.2.8.3...

7.5CVSS5.8AI score0.00206EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 10:12 a.m.4 views

WordPress Hide My WP Ghost plugin < 7.0.00 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Or Benit in WordPress Plugin Hide My WP Ghost versions 7.0.00...

5.9AI score0.00201EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 9:30 a.m.6 views

WordPress Contextual Related Posts plugin < 4.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Contextual Related Posts versions 4.2.2...

5.3CVSS5.8AI score0.00187EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 8:38 a.m.4 views

WordPress User Feedback plugin <= 1.10.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin User Feedback versions = 1.10.1...

5.9AI score0.00197EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 8:35 a.m.6 views

WordPress SUMO Affiliates Pro plugin < 11.4.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin SUMO Affiliates Pro versions 11.4.0...

9.8CVSS5.8AI score0.00375EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 8:18 a.m.6 views

WordPress WishList Member X plugin <= 3.29.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WishList Member X versions = 3.29.0...

8.8CVSS5.8AI score0.00301EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 8:17 a.m.4 views

WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin WishList Member X versions = 3.29.0...

5.8AI score0.00434EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 8:16 a.m.9 views

WordPress Widget Wrangler plugin <= 2.3.9 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by NumeX in WordPress Plugin Widget Wrangler versions = 2.3.9...

9.1CVSS5.9AI score0.00314EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/18 6:55 a.m.6 views

WordPress Writeprint Stylometry plugin <= 0.1 - Reflected Cross-Site Scripting via 'p' Parameter vulnerability

Reflected Cross-Site Scripting via 'p' Parameter vulnerability discovered by johska in WordPress Plugin Writeprint Stylometry versions = 0.1...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/18 6:45 a.m.6 views

WordPress [CR]Paid Link Manager plugin <= 0.5 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin CRPaid Link Manager versions = 0.5...

6.1CVSS5.8AI score0.00168EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/18 6:41 a.m.8 views

WordPress WP Go Maps (formerly WP Google Maps) plugin <= 10.0.05 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting via adminpostwpgmzasavesettings vulnerability discovered by Nguyen Ba Hung bashu - KCSC in WordPress Plugin WP Go Maps versions = 10.0.05...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/18 2:29 a.m.7 views

WordPress Yoast Duplicate Post plugin <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability

Authenticated Contributor+ Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability discovered by johska in WordPress Plugin Duplicate Post versions = 4.5...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/18 2:24 a.m.5 views

WordPress Subscriptions for WooCommerce plugin <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability

Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability discovered by shrikant bhosale in WordPress Plugin Subscriptions for WooCommerce versions = 1.9.2...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/18 2:23 a.m.5 views

WordPress Royal Addons for Elementor - Addons and Templates Kit for Elementor plugin <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure vulnerability

WordPress Royal Addons for Elementor - Addons and Templates Kit for Elementor plugin = 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Royal Elementor Addons versions = 1.7.1049...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/17 12:40 p.m.6 views

WordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin WP System Log versions = 1.2.7...

6.5CVSS5.8AI score0.00363EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 12:23 p.m.5 views

WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Traveler versions 3.2.8.1...

9.8CVSS5.8AI score0.00322EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 11:32 a.m.5 views

WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan in WordPress Plugin PublishPress Authors versions = 4.10.1...

7.5CVSS5.8AI score0.00287EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 11:21 a.m.3 views

WordPress The League theme <= 4.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The League versions = 4.4.1...

6.5CVSS5.8AI score0.00329EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 11:20 a.m.6 views

WordPress Remoji plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Doan Dinh Van in WordPress Plugin Remoji versions = 2.2...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 11:3 a.m.10 views

WordPress XStore Core plugin <= 5.6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin XStore Core versions = 5.6.4...

7.1CVSS5.8AI score0.00184EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 11:1 a.m.4 views

WordPress Product Slider for WooCommerce plugin <= 1.13.61 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin Product Slider for WooCommerce versions = 1.13.61...

6.5CVSS5.9AI score0.00315EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 11:1 a.m.8 views

WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by johska in WordPress Plugin Automated FedEx live/manual rates with shipping labels versions = 5.1.8...

7.5CVSS5.8AI score0.00219EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 10:55 a.m.6 views

WordPress Mixtape theme <= 2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Mixtape versions = 2.1...

8.1CVSS5.8AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 10:47 a.m.6 views

WordPress Moments theme <= 2.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Moments versions = 2.2...

8.1CVSS5.8AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 10:36 a.m.6 views

WordPress Ave Core plugin <= 2.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Ave Core versions = 2.9.1...

6.3CVSS5.8AI score0.00189EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 10:35 a.m.9 views

WordPress Education Zone theme <= 1.3.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by John P in WordPress Theme Education Zone versions = 1.3.8...

6.5CVSS5.8AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 10:34 a.m.7 views

WordPress avalex plugin <= 3.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin avalex versions = 3.1.3...

6.5CVSS5.8AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 10:33 a.m.5 views

WordPress EventPrime plugin <= 4.2.8.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin EventPrime versions = 4.2.8.0...

9.8CVSS5.8AI score0.0051EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 8:22 a.m.5 views

WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Booster for WooCommerce versions 7.11.3...

5.3CVSS5.8AI score0.00225EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 8:2 a.m.5 views

WordPress Listeo Core plugin <= 2.0.21 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Listeo Core versions = 2.0.21...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 8:1 a.m.6 views

WordPress UpSolution Core plugin <= 8.41 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin UpSolution Core versions = 8.41...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/17 7:58 a.m.8 views

WordPress CP Multi View Event Calendar plugin <= 1.4.35 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by PPzzAArr in WordPress Plugin CP Multi View Event Calendar versions = 1.4.35...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46704