Lucene search
K
PatchstackRecent

46704 matches found

Patchstack
Patchstack
•added 2026/03/17 6:49 a.m.•7 views

WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability

WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin = 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability discovered by WordFence in WordPress Plugin WowStore versions = 4.4.3...

7.5CVSS5.9AI score0.00304EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/03/17 6:35 a.m.•5 views

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nfsetentryupdateid vulnerability discovered by Youssef Elouaer in WordPress Plugin NEX-Forms versions = 9.1.9...

7.5CVSS5.8AI score0.00269EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/03/16 9:29 p.m.•9 views

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Authenticated Subscriber+ License Deactivation via deactivatelicense vulnerability discovered by Legion Hunter in WordPress Plugin NEX-Forms versions = 9.1.9...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/03/16 8:27 p.m.•5 views

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Modification via 'postid' Parameter vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WP User Frontend versions = 4.2.8...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/03/16 8:26 p.m.•7 views

WordPress Wicked Folders plugin <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Folder Deletion vulnerability discovered by Youssef Elouaer in WordPress Plugin Wicked Folders versions = 4.1.0...

4.3CVSS5.8AI score0.00233EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/03/16 7:57 p.m.•5 views

WordPress Thim Kit for Elementor plugin <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure vulnerability

Missing Authorization to Unauthenticated Private Course Disclosure vulnerability discovered by Youssef Elouaer in WordPress Plugin Thim Elementor Kit versions = 1.3.7...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/03/16 4:14 p.m.•6 views

WordPress Master Addons for Elementor plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by blank in WordPress Plugin Master Addons for Elementor versions = 2.1.3...

5.9CVSS5.8AI score0.00186EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 3:28 p.m.•7 views

WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP EasyPay versions = 4.2.11...

5.4CVSS5.8AI score0.00173EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 2:35 p.m.•3 views

WordPress Modern Events Calendar plugin <= 7.29.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Aman Rawat in WordPress Plugin Modern Events Calendar versions = 7.29.0...

5.3CVSS5.8AI score0.007EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 1:58 p.m.•5 views

WordPress Flexmls® IDX plugin <= 3.15.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Riski Gana Prasetya in WordPress Plugin Flexmls® IDX versions = 3.15.9...

5.8AI score0.00149EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 12:48 p.m.•7 views

WordPress Jannah theme <= 7.6.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jannah versions = 7.6.3...

8.1CVSS5.8AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 12:40 p.m.•10 views

WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Arif Shaikh in WordPress Plugin LearnPress Sepay Payment versions = 4.0.0...

7.5CVSS5.8AI score0.00271EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 12:37 p.m.•4 views

WordPress ViaBill – WooCommerce plugin <= 1.1.53 - Settings Change vulnerability

Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin ViaBill WooCommerce versions = 1.1.53...

6.5CVSS5.8AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 11:55 a.m.•8 views

WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerability

WordPress ACPT Pro - Custom Post Types plugin for WordPress plugin = 2.0.47 - Remote Code Execution RCE vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin ACPT Pro - Custom Post Types Plugin for WordPress versions = 2.0.47...

5.9AI score0.00414EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 11:43 a.m.•6 views

WordPress Admin Safety Guard plugin <= 1.2.7 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Robert Akhmerov v31dt in WordPress Plugin Admin Safety Guard versions = 1.2.7...

8.1CVSS5.9AI score0.0029EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 11:40 a.m.•6 views

WordPress WZone plugin <= 14.0.31 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WZone versions = 14.0.31...

8.5CVSS5.9AI score0.00253EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 11:39 a.m.•6 views

WordPress WZone plugin <= 14.0.31 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WZone versions = 14.0.31...

8.8CVSS5.8AI score0.00382EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 11:38 a.m.•5 views

WordPress Post Snippets plugin <= 4.0.12 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Doan Dinh Van in WordPress Plugin Post Snippets versions = 4.0.12...

8.5CVSS5.9AI score0.00234EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 10:56 a.m.•7 views

WordPress Unlimited Elements for Elementor (Premium) plugin <= 1.4.72 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Unlimited Elements for Elementor Premium versions = 1.4.72...

5.8AI score0.00319EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 10:34 a.m.•5 views

WordPress Photography theme < 7.7.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phat RiO in WordPress Theme Photography versions 7.7.6...

7.2CVSS5.9AI score0.00358EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 10:27 a.m.•6 views

WordPress Total Poll Lite plugin <= 4.12.0 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by hhhai in WordPress Plugin Total Poll Lite versions = 4.12.0...

9.9CVSS5.9AI score0.00296EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 10:23 a.m.•5 views

WordPress WooCommerce Infinite Scroll plugin <= 1.6.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Infinite Scroll versions = 1.6.2...

8.8CVSS5.8AI score0.00344EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 10:7 a.m.•7 views

WordPress StoreCustomizer plugin <= 2.6.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin StoreCustomizer versions = 2.6.3...

6.5CVSS5.8AI score0.00363EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 10:7 a.m.•4 views

WordPress Dokan plugin <= 4.2.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by daroo in WordPress Plugin Dokan versions = 4.2.4...

8.8CVSS5.8AI score0.00518EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 10:6 a.m.•5 views

WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Tutor LMS versions = 3.9.4...

6.5CVSS5.8AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 10:4 a.m.•8 views

WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin tagDiv Opt-In Builder versions = 1.7.3...

7.1CVSS5.8AI score0.0019EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 8:46 a.m.•9 views

WordPress Visionary Core plugin <= 1.4.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Visionary Core versions = 1.4.9...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 8:46 a.m.•4 views

WordPress Jobica Core plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Jobica Core versions = 1.4.1...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 8:45 a.m.•4 views

WordPress The Aisle Core plugin <= 2.0.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin The Aisle Core versions = 2.0.5...

8.1CVSS5.8AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 8:44 a.m.•5 views

WordPress Visionary Core plugin <= 1.4.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Visionary Core versions = 1.4.9...

8.8CVSS5.8AI score0.00344EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 8:44 a.m.•9 views

WordPress Jobica Core plugin <= 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Jobica Core versions = 1.4.1...

8.8CVSS5.8AI score0.00344EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 8:43 a.m.•12 views

WordPress Jobica Core plugin <= 1.4.2 - Account Takeover vulnerability

Account Takeover vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Jobica Core versions = 1.4.2...

9.8CVSS5.8AI score0.00525EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 7:54 a.m.•7 views

WordPress Curly Core plugin <= 2.1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Curly Core versions = 2.1.6...

8.1CVSS5.8AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 7:25 a.m.•6 views

WordPress Organici Library plugin <= 2.1.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Organici Library versions = 2.1.2...

8.5CVSS5.9AI score0.00253EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 7:24 a.m.•9 views

WordPress Organici Library plugin <= 2.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Organici Library versions = 2.1.2...

8.8CVSS5.8AI score0.00344EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 7:23 a.m.•6 views

WordPress Organici Library plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Organici Library versions = 2.1.2...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 6:22 a.m.•9 views

WordPress CitiLights theme <= 3.7.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CitiLights versions = 3.7.1...

8.8CVSS5.8AI score0.00344EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 6:21 a.m.•6 views

WordPress CitiLights theme <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CitiLights versions = 3.7.1...

7.1CVSS5.8AI score0.00237EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/16 6:19 a.m.•7 views

WordPress Elated Listing plugin <= 1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Elated Listing versions = 1.4...

6.5CVSS5.8AI score0.00269EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/15 4:47 p.m.•4 views

WordPress Really Simple SSL plugin <= 9.5.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Or Benit in WordPress Plugin Really Simple SSL versions = 9.5.7...

5.3CVSS5.8AI score0.00164EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/14 8:2 p.m.•5 views

WordPress Ultimate Addons for Contact Form 7 plugin <= 3.5.36 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Marc-André Beaulieu h3dg3h0g in WordPress Plugin Ultimate Addons for Contact Form 7 versions = 3.5.36...

6.5CVSS5.8AI score0.00137EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/14 4:54 a.m.•6 views

WordPress UpsellWP plugin <= 2.2.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin UpsellWP versions = 2.2.4...

8.5CVSS5.9AI score0.00222EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/13 7:55 a.m.•5 views

WordPress Search & Go theme <= 2.8 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Search & Go versions = 2.8...

9.8CVSS5.8AI score0.00321EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/13 7:52 a.m.•7 views

WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by PPzzAArr in WordPress Plugin Subscriptions for WooCommerce versions = 1.8.10...

7.5CVSS5.8AI score0.00463EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/03/13 7:51 a.m.•4 views

WordPress Formidable Forms plugin <= 6.28 - Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter vulnerability

Unauthenticated Payment Amount Manipulation via 'itemmeta' Parameter vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Formidable Forms versions = 6.28...

5.3CVSS5.8AI score0.0035EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/03/13 7:51 a.m.•3 views

WordPress Formidable Forms plugin <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse vulnerability

Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse vulnerability discovered by Andres Cruciani in WordPress Plugin Formidable Forms versions = 6.28...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/03/13 7:9 a.m.•9 views

WordPress Appointment Booking Calendar plugin <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability discovered by Muhammad Sharief in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.29...

7.5CVSS5.8AI score0.0029EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/03/13 6:56 a.m.•8 views

WordPress Pix for WooCommerce plugin <= 1.5.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Alexis Lafontaine in WordPress Plugin Pix for WooCommerce versions = 1.5.0...

9.8CVSS5.8AI score0.00845EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
•added 2026/03/13 3:44 a.m.•5 views

WordPress Social Icons Widget & Block plugin <= 4.5.8 - Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Sharing Configuration Creation vulnerability discovered by darkmode in WordPress Plugin Social Icons Widget & Block by WPZOOM versions = 4.5.8...

4.3CVSS5.8AI score0.00207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/03/13 3:44 a.m.•6 views

WordPress Calculated Fields Form plugin <= 5.4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Form Settings vulnerability discovered by Hunter Jensen skid in WordPress Plugin Calculated Fields Form versions = 5.4.5.0...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46704