Lucene search
K
PatchstackRecent

46547 matches found

Patchstack
Patchstack
added 2026/06/22 11:0 p.m.6 views

NPM: devbridge-autocomplete has XSS in its default formatters: formatGroup and formatResult fail to escape HTML in untrusted inputs

NPM: devbridge-autocomplete has XSS in its default formatters: formatGroup and formatResult fail to escape HTML in untrusted inputs vulnerability discovered by ? in WordPress Npm devbridge-autocomplete versions = 2.0.0...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/22 10:57 p.m.4 views

NPM: scimPatch vulnerable to prototype pollution via unfiltered keys in patch

NPM: scimPatch vulnerable to prototype pollution via unfiltered keys in patch vulnerability discovered by ? in WordPress Npm scim-patch versions = 0.9.0...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/22 12:35 p.m.8 views

WordPress Transbank Webpay plugin < 1.14.0 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Mateo Contenla & Matías Schiappacasse in WordPress Plugin Transbank Webpay REST versions 1.14.0...

7.1CVSS5.8AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 12:33 p.m.3 views

WordPress CF7 Auto Responder Addon plugin < 2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin CF7 Auto Responder Addon versions 2.5...

5.3CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/22 11:32 a.m.7 views

WordPress LBG Zoominoutslider plugin <= 5.4.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin LBG Zoominoutslider versions = 5.4.4...

8.5CVSS6AI score0.00224EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/22 9:54 a.m.9 views

WordPress Vitepos plugin < 3.4.2 - Outlet Manager+ Privilege Escalation vulnerability

Outlet Manager+ Privilege Escalation vulnerability discovered by RealKingEngine ISAL FRAMEWORK in WordPress Plugin Vitepos versions 3.4.2...

8.8CVSS5.8AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 9:41 a.m.6 views

WordPress Simple File List plugin <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action vulnerability

Missing Authorization to Unauthenticated File Modification via simplefilelisteditjob AJAX Action vulnerability discovered by WordFence in WordPress Plugin Simple File List versions = 6.3.7...

7.5CVSS5.9AI score0.00433EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 9:25 a.m.9 views

WordPress Simple File List plugin <= 6.3.7 - Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' Parameter vulnerability

Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' Parameter vulnerability discovered by WordFence in WordPress Plugin Simple File List versions = 6.3.7...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 9:21 a.m.8 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability

Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability discovered by daroo in WordPress Plugin Contact Form Entries versions = 1.5.1...

8.1CVSS5.9AI score0.00662EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 8:54 a.m.8 views

WordPress Branda - White Label & Branding, Free Login Page Customizer plugin <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

WordPress Branda - White Label & Branding, Free Login Page Customizer plugin = 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin Branda versions = 3.4.29...

9.8CVSS5.8AI score0.00625EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 8:45 a.m.9 views

WordPress Motors Car Dealership & Classified Listings plugin < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media vulnerability

Unauthenticated Post-Meta Write via stmajaxaddacarmedia vulnerability discovered by Mustafa Ahmed in WordPress Plugin Motors versions 1.4.110...

5.3CVSS5.8AI score0.00117EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 8:42 a.m.6 views

WordPress Pie Register plugin < 3.8.4.10 - Unauthenticated Email Verification Bypass via Predictable Token vulnerability

Unauthenticated Email Verification Bypass via Predictable Token vulnerability discovered by Haitam Lazaar in WordPress Plugin Pie Register versions 3.8.4.10...

5.3CVSS5.8AI score0.00129EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 8:41 a.m.10 views

WordPress Simple File List plugin <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode Attribute vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary File Operations Deletion / Move / Folder Creation / Download via 'frontmanage' Shortcode Attribute vulnerability discovered by WordFence in WordPress Plugin Simple File List versions = 6.3.7...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 8:18 a.m.5 views

WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by nobody09 in WordPress Plugin User Registration versions = 5.2.2...

6.5CVSS5.9AI score0.00194EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:43 p.m.9 views

NPM: appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)

NPM: appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource createLocatorGeneratorUI vulnerability discovered by ? in WordPress Npm appium-mcp versions = 1.85.9...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.7 views

NPM: parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change

NPM: parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change vulnerability discovered by ? in WordPress Npm parse-server versions = 8.6.82...

5.9AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.7 views

NPM: SearXNG MCP Server: DNS-resolved Private Hostname SSRF in `web_url_read`

NPM: SearXNG MCP Server: DNS-resolved Private Hostname SSRF in weburlread vulnerability discovered by ? in WordPress Npm mcp-searxng versions 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.11 views

NPM: SearXNG MCP Server: Unbounded Response Body Read Bypasses URL Size Limit in `web_url_read`

NPM: SearXNG MCP Server: Unbounded Response Body Read Bypasses URL Size Limit in weburlread vulnerability discovered by ? in WordPress Npm mcp-searxng versions 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.11 views

NPM: Network-AI: EnvironmentManager.restore() backup ID path traversal copies arbitrary directories into environment data

NPM: Network-AI: EnvironmentManager.restore backup ID path traversal copies arbitrary directories into environment data vulnerability discovered by ? in WordPress Npm network-ai versions = 5.12.1...

6AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.13 views

NPM: Network-AI: EnvironmentManager.backup() follows symlinked directories and copies files outside the environment root into backups

NPM: Network-AI: EnvironmentManager.backup follows symlinked directories and copies files outside the environment root into backups vulnerability discovered by ? in WordPress Npm network-ai versions = 5.12.1...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.16 views

NPM: Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions

NPM: Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions vulnerability discovered by ? in WordPress Npm network-ai versions = 5.0.0, = 5.12.1...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.10 views

NPM: Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory

NPM: Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory vulnerability discovered by ? in WordPress Npm network-ai versions = 5.12.1...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.16 views

NPM: Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning

NPM: Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning vulnerability discovered by ? in WordPress Npm network-ai versions = 5.12.1...

6AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:15 p.m.6 views

NPM: TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover

NPM: TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover vulnerability discovered by ? in WordPress Npm tinacms versions 3.9.3...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:47 p.m.6 views

NPM: flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key

NPM: flat-to-nested: Prototype pollution in flat-to-nested convert via proto parent/id key vulnerability discovered by ? in WordPress Npm flat-to-nested versions = 1.1.1...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:47 p.m.7 views

NPM: Kozou: Unauthenticated MCP HTTP server and bundled dev-stack hardening (DNS-rebinding, request-body limits, read-only reads, default network exposure)

NPM: Kozou: Unauthenticated MCP HTTP server and bundled dev-stack hardening DNS-rebinding, request-body limits, read-only reads, default network exposure vulnerability discovered by ? in WordPress Npm kozou versions = 1.8.0...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/19 7:36 p.m.6 views

NPM: parse-server: Stored XSS via non-standard file extension bypassing file upload extension blocklist

NPM: parse-server: Stored XSS via non-standard file extension bypassing file upload extension blocklist vulnerability discovered by ? in WordPress Npm parse-server versions = 8.6.80...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 7:35 p.m.5 views

NPM: parse-server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL

NPM: parse-server: Relation $relatedTo query bypasses protectedFields and owning-object ACL vulnerability discovered by ? in WordPress Npm parse-server versions 8.6.80...

6.9CVSS5.8AI score0.00276EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/06/19 7:35 p.m.5 views

NPM: parse-server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied

NPM: parse-server: Endpoints /login and /verifyPassword disclose MFA secrets and protected fields when User get is denied vulnerability discovered by ? in WordPress Npm parse-server versions = 9.8.0, 9.9.1-alpha.5...

5.9CVSS5.8AI score0.00251EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 7:35 p.m.6 views

NPM: parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist

NPM: parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist vulnerability discovered by ? in WordPress Npm parse-server versions = 8.6.78...

2.1CVSS5.8AI score0.00281EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/06/19 7:34 p.m.4 views

NPM: parse-server: Server option routeAllowList is bypassable through batch sub-requests

NPM: parse-server: Server option routeAllowList is bypassable through batch sub-requests vulnerability discovered by ? in WordPress Npm parse-server versions = 9.8.0, 9.9.1-alpha.3...

6.9CVSS5.8AI score0.00342EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 7:18 p.m.14 views

NPM: TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)

NPM: TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy MySQL/MariaDB vulnerability discovered by ? in WordPress Npm typeorm versions = 0.1.12, = 0.3.28...

6AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 3:12 p.m.14 views

NPM: Agentic-Flow: OS Command Injection in agentic-flow MCP server tools via unsanitized tool-parameter interpolation into execSync

NPM: Agentic-Flow: OS Command Injection in agentic-flow MCP server tools via unsanitized tool-parameter interpolation into execSync vulnerability discovered by ? in WordPress Npm agentic-flow versions = 2.0.13...

5.9AI score
Exploits0References8Affected Software1
Patchstack
Patchstack
added 2026/06/19 2:50 p.m.14 views

NPM: parse-server: Denial of service via exponential-time processing of deeply nested query operators

NPM: parse-server: Denial of service via exponential-time processing of deeply nested query operators vulnerability discovered by ? in WordPress Npm parse-server versions 8.6.82...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 2:34 p.m.4 views

NPM: undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching

NPM: undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...

3.7CVSS5.8AI score0.00248EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 2:22 p.m.4 views

NPM: undici WebSocket client vulnerable to denial of service via fragment count bypass

NPM: undici WebSocket client vulnerable to denial of service via fragment count bypass vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...

7.5CVSS5.8AI score0.0057EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 2:21 p.m.5 views

NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...

5.9CVSS5.8AI score0.00257EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 2:20 p.m.7 views

NPM: undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

NPM: undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse vulnerability discovered by ? in WordPress Npm undici versions = 7.23.0, 7.28.0...

8.8CVSS6.4AI score0.00277EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/06/19 2:19 p.m.4 views

NPM: undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse

NPM: undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...

3.7CVSS5.8AI score0.00228EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/06/19 1:35 p.m.5 views

NPM: Network-AI: Improper Neutralization of Special Elements used in an OS Command

NPM: Network-AI: Improper Neutralization of Special Elements used in an OS Command vulnerability discovered by ? in WordPress Npm network-ai versions 5.9.1...

5.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/19 1:34 p.m.6 views

NPM: Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests

NPM: Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests vulnerability discovered by ? in WordPress Npm network-ai versions = 5.7.1...

9.1CVSS5.8AI score0.00297EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:18 a.m.7 views

WordPress WP Hotel Booking plugin < 2.3.1 - Subscriber+ Missing Authorization in Multiple AJAX Handlers vulnerability

Subscriber+ Missing Authorization in Multiple AJAX Handlers vulnerability discovered by Sanjorn Keeratirungsan in WordPress Plugin WP Hotel Booking versions 2.3.1...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:16 a.m.6 views

WordPress WP Go Maps plugin <= 10.1.01 - Unauthenticated Arbitrary Record Creation vulnerability

Unauthenticated Arbitrary Record Creation vulnerability discovered by Thanh Điềm in WordPress Plugin WP Go Maps versions = 10.1.01...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:10 a.m.4 views

WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ParkHyunWoo in WordPress Plugin UPI QR Code Payment Gateway for WooCommerce versions = 1.6.2...

5.4CVSS5.9AI score0.00203EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:4 a.m.5 views

WordPress Paymob for WooCommerce plugin <= 4.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Sajjad Haqi in WordPress Plugin Paymob for WooCommerce versions = 4.1.3...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:3 a.m.4 views

WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Master Slider versions = 3.11.2...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:59 a.m.8 views

WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin License Manager for WooCommerce versions = 3.0.15...

6.5CVSS5.8AI score0.00235EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:51 a.m.5 views

WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Activity Log versions = 5.6.3.1...

7.1CVSS5.8AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:46 a.m.7 views

WordPress CheckView Automated Testing plugin <= 2.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by sequenceX0 in WordPress Plugin CheckView Automated Testing versions = 2.1.0...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:45 a.m.6 views

WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by l3m3s in WordPress Plugin MapPress Maps for WordPress versions = 2.97.3...

7.1CVSS5.8AI score0.00244EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46547