Lucene search
K
PatchstackRecent

46571 matches found

Patchstack
Patchstack
added 2026/06/23 4:38 p.m.4 views

WordPress Advance Nav Menu Manager plugin <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Nav Menu Item Modification vulnerability discovered by Hardik Patel in WordPress Plugin Advance Nav Menu Manager versions = 1.3...

4.3CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:38 p.m.6 views

WordPress SearchPlus plugin <= 1.7.1 - Missing Authorization to Unauthenticated Settings Modification and Deletion vulnerability

Missing Authorization to Unauthenticated Settings Modification and Deletion vulnerability discovered by Legion Hunter in WordPress Plugin SearchPlus versions = 1.7.1...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:38 p.m.5 views

WordPress Assistio plugin <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Assistio versions = 1.1.2...

4.3CVSS5.8AI score0.00238EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:37 p.m.5 views

WordPress Secufor_OAuth plugin <= 1.0.7 - Missing Authorization to Unauthenticated Account Logout vulnerability

Missing Authorization to Unauthenticated Account Logout vulnerability discovered by SHIVAM KUMAR in WordPress Plugin SecuforOAuth versions = 1.0.7...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:37 p.m.5 views

WordPress MP Customize Login Page plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin MP Customize Login Page versions = 1.0...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 2:2 p.m.3 views

WordPress Themify Store Locator plugin <= 1.2.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Store Locator versions = 1.2.0...

5.9AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 2:2 p.m.3 views

WordPress Themify Event Post plugin <= 1.3.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Event Post versions = 1.3.3...

5.9AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 2:1 p.m.5 views

WordPress Xpro Addons — 140+ Widgets for Elementor plugin <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Huazu Jiang anjhz0318 - Tsinghua University in WordPress Plugin Xpro Elementor Addons versions = 1.7.2...

6.4CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 1:58 p.m.4 views

WordPress Themify Portfolio Post plugin <= 1.2.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Portfolio Post versions = 1.2.9...

5.9AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 1:49 p.m.5 views

WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Popup versions = 1.4.3...

5.9AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 12:48 p.m.4 views

WordPress 워드프레스 결제 심플페이 plugin <= 5.5.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by qdtad in WordPress Plugin 워드프레스 결제 심플페이 versions = 5.5.6...

9.3CVSS6AI score0.00236EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 12:42 p.m.5 views

WordPress BitFire Security plugin <= 5.0.3 - Multiple Vulnerabilities vulnerability

Multiple Vulnerabilities vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin BitFire Security versions = 5.0.3...

8.6CVSS5.8AI score0.00275EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 12:30 p.m.8 views

WordPress Library Management System plugin <= 3.5.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Benedictus Jovan aillesim/eneri in WordPress Plugin Library Management System versions = 3.5.7...

9.3CVSS6AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 12:26 p.m.8 views

WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by VanTastic in WordPress Plugin Dokan Pro versions = 5.0.4...

9.8CVSS5.8AI score0.00331EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 12:19 p.m.5 views

WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by dutafi in WordPress Plugin Buddyboss Platform versions = 3.0.4...

9.8CVSS5.9AI score0.00525EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 12:8 p.m.5 views

WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by theviper17 in WordPress Plugin utm.codes versions = 1.9.0...

6.4CVSS5.8AI score0.0022EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 10:2 a.m.6 views

WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Uncanny Automator versions = 7.3.1.2...

8.1CVSS5.9AI score0.00317EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 9:31 a.m.6 views

WordPress Paytium plugin <= 5.0.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Nabil Irawan in WordPress Plugin Paytium versions = 5.0.2...

9.8CVSS5.8AI score0.00331EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 9:27 a.m.5 views

WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by ParkHyunWoo in WordPress Plugin CorvusPay WooCommerce Payment Gateway versions = 2.7.4...

7.5CVSS5.8AI score0.00294EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 9:27 a.m.6 views

WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Evan NR in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.9...

9.8CVSS5.8AI score0.0036EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 9:21 a.m.5 views

WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Jakub Herman in WordPress Plugin Booster for WooCommerce versions = 8.0.1...

9.9CVSS5.8AI score0.00328EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 9:15 a.m.6 views

WordPress Italian Restaurant theme <= 3.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Italian Restaurant versions = 3.0.2...

7.1CVSS5.8AI score0.00263EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 9:6 a.m.6 views

WordPress MainWP Child plugin <= 6.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by mcdruid in WordPress Plugin MainWP Child versions = 6.1.1...

7.5CVSS5.8AI score0.00223EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 12:0 a.m.5 views

WordPress Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin <= 2.11.4 - Authenticated (Contributor+) Account Takeover vulnerability

Authenticated Contributor+ Account Takeover vulnerability discovered by tiborisaak in WordPress Plugin Ultimate Member versions = 2.11.4...

8.8CVSS5.8AI score0.00499EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 11:0 p.m.6 views

NPM: devbridge-autocomplete has XSS in its default formatters: formatGroup and formatResult fail to escape HTML in untrusted inputs

NPM: devbridge-autocomplete has XSS in its default formatters: formatGroup and formatResult fail to escape HTML in untrusted inputs vulnerability discovered by ? in WordPress Npm devbridge-autocomplete versions = 2.0.0...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/22 10:57 p.m.4 views

NPM: scimPatch vulnerable to prototype pollution via unfiltered keys in patch

NPM: scimPatch vulnerable to prototype pollution via unfiltered keys in patch vulnerability discovered by ? in WordPress Npm scim-patch versions = 0.9.0...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/22 12:35 p.m.8 views

WordPress Transbank Webpay plugin < 1.14.0 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Mateo Contenla & Matías Schiappacasse in WordPress Plugin Transbank Webpay REST versions 1.14.0...

7.1CVSS5.8AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 12:33 p.m.3 views

WordPress CF7 Auto Responder Addon plugin < 2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin CF7 Auto Responder Addon versions 2.5...

5.3CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/22 11:32 a.m.7 views

WordPress LBG Zoominoutslider plugin <= 5.4.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin LBG Zoominoutslider versions = 5.4.4...

8.5CVSS6AI score0.00224EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/22 9:54 a.m.9 views

WordPress Vitepos plugin < 3.4.2 - Outlet Manager+ Privilege Escalation vulnerability

Outlet Manager+ Privilege Escalation vulnerability discovered by RealKingEngine ISAL FRAMEWORK in WordPress Plugin Vitepos versions 3.4.2...

8.8CVSS5.8AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 9:41 a.m.6 views

WordPress Simple File List plugin <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action vulnerability

Missing Authorization to Unauthenticated File Modification via simplefilelisteditjob AJAX Action vulnerability discovered by WordFence in WordPress Plugin Simple File List versions = 6.3.7...

7.5CVSS5.9AI score0.00433EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 9:25 a.m.9 views

WordPress Simple File List plugin <= 6.3.7 - Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' Parameter vulnerability

Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' Parameter vulnerability discovered by WordFence in WordPress Plugin Simple File List versions = 6.3.7...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 9:21 a.m.8 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability

Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability discovered by daroo in WordPress Plugin Contact Form Entries versions = 1.5.1...

8.1CVSS5.9AI score0.00662EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 8:54 a.m.8 views

WordPress Branda - White Label & Branding, Free Login Page Customizer plugin <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

WordPress Branda - White Label & Branding, Free Login Page Customizer plugin = 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin Branda versions = 3.4.29...

9.8CVSS5.8AI score0.00625EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 8:45 a.m.9 views

WordPress Motors Car Dealership & Classified Listings plugin < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media vulnerability

Unauthenticated Post-Meta Write via stmajaxaddacarmedia vulnerability discovered by Mustafa Ahmed in WordPress Plugin Motors versions 1.4.110...

5.3CVSS5.8AI score0.00117EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 8:42 a.m.6 views

WordPress Pie Register plugin < 3.8.4.10 - Unauthenticated Email Verification Bypass via Predictable Token vulnerability

Unauthenticated Email Verification Bypass via Predictable Token vulnerability discovered by Haitam Lazaar in WordPress Plugin Pie Register versions 3.8.4.10...

5.3CVSS5.8AI score0.00129EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 8:41 a.m.10 views

WordPress Simple File List plugin <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode Attribute vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary File Operations Deletion / Move / Folder Creation / Download via 'frontmanage' Shortcode Attribute vulnerability discovered by WordFence in WordPress Plugin Simple File List versions = 6.3.7...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/22 8:18 a.m.5 views

WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by nobody09 in WordPress Plugin User Registration versions = 5.2.2...

6.5CVSS5.9AI score0.00194EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:43 p.m.9 views

NPM: appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)

NPM: appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource createLocatorGeneratorUI vulnerability discovered by ? in WordPress Npm appium-mcp versions = 1.85.9...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.7 views

NPM: parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change

NPM: parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change vulnerability discovered by ? in WordPress Npm parse-server versions = 8.6.82...

5.9AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.8 views

NPM: SearXNG MCP Server: DNS-resolved Private Hostname SSRF in `web_url_read`

NPM: SearXNG MCP Server: DNS-resolved Private Hostname SSRF in weburlread vulnerability discovered by ? in WordPress Npm mcp-searxng versions 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.11 views

NPM: SearXNG MCP Server: Unbounded Response Body Read Bypasses URL Size Limit in `web_url_read`

NPM: SearXNG MCP Server: Unbounded Response Body Read Bypasses URL Size Limit in weburlread vulnerability discovered by ? in WordPress Npm mcp-searxng versions 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.11 views

NPM: Network-AI: EnvironmentManager.restore() backup ID path traversal copies arbitrary directories into environment data

NPM: Network-AI: EnvironmentManager.restore backup ID path traversal copies arbitrary directories into environment data vulnerability discovered by ? in WordPress Npm network-ai versions = 5.12.1...

6AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.14 views

NPM: Network-AI: EnvironmentManager.backup() follows symlinked directories and copies files outside the environment root into backups

NPM: Network-AI: EnvironmentManager.backup follows symlinked directories and copies files outside the environment root into backups vulnerability discovered by ? in WordPress Npm network-ai versions = 5.12.1...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.16 views

NPM: Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions

NPM: Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions vulnerability discovered by ? in WordPress Npm network-ai versions = 5.0.0, = 5.12.1...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.10 views

NPM: Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory

NPM: Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory vulnerability discovered by ? in WordPress Npm network-ai versions = 5.12.1...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:42 p.m.16 views

NPM: Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning

NPM: Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning vulnerability discovered by ? in WordPress Npm network-ai versions = 5.12.1...

6AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:15 p.m.6 views

NPM: TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover

NPM: TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover vulnerability discovered by ? in WordPress Npm tinacms versions 3.9.3...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:47 p.m.6 views

NPM: flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key

NPM: flat-to-nested: Prototype pollution in flat-to-nested convert via proto parent/id key vulnerability discovered by ? in WordPress Npm flat-to-nested versions = 1.1.1...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:47 p.m.7 views

NPM: Kozou: Unauthenticated MCP HTTP server and bundled dev-stack hardening (DNS-rebinding, request-body limits, read-only reads, default network exposure)

NPM: Kozou: Unauthenticated MCP HTTP server and bundled dev-stack hardening DNS-rebinding, request-body limits, read-only reads, default network exposure vulnerability discovered by ? in WordPress Npm kozou versions = 1.8.0...

5.8AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities46571