Lucene search
K
PatchstackRecent

46704 matches found

Patchstack
Patchstack
added 2026/03/13 3:43 a.m.6 views

WordPress GetGenie plugin <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Stored Cross-Site Scripting via REST API vulnerability

Insecure Direct Object Reference to Authenticated Author+ Stored Cross-Site Scripting via REST API vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin GetGenie versions = 4.3.2...

6.4CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/13 3:42 a.m.6 views

WordPress GetGenie plugin <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion vulnerability

Insecure Direct Object Reference to Authenticated Author+ Arbitrary Post Overwrite/Deletion vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin GetGenie versions = 4.3.2...

5.4CVSS5.8AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/13 3:31 a.m.5 views

WordPress Appointment Booking Calendar plugin <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Authenticated Staff+ Sensitive Information Exposure vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.29...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 11:12 p.m.6 views

WordPress Reading progressbar plugin < 1.3.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Reading progressbar versions 1.3.1...

4.3CVSS5.8AI score0.00138EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 11:11 p.m.11 views

WordPress Timetics plugin < 1.0.52 - Unauthenticated Payment/Booking Status Update vulnerability

Unauthenticated Payment/Booking Status Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Timetics versions 1.0.52...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 12:53 p.m.5 views

WordPress Golo theme <= 1.7.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Golo versions = 1.7.0...

9.8CVSS5.8AI score0.00321EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/12 12:51 p.m.6 views

WordPress Energox theme <= 1.2 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Energox versions = 1.2...

7.7CVSS5.8AI score0.00327EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/12 12:45 p.m.6 views

WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin MetForm Pro versions = 3.9.1...

5.8AI score0.00437EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/12 12:2 p.m.5 views

WordPress Instant VA theme <= 1.0.1 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Instant VA versions = 1.0.1...

7.7CVSS5.8AI score0.00327EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/12 11:57 a.m.7 views

WordPress Xagio SEO plugin <= 7.1.0.30 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Xagio SEO versions = 7.1.0.30...

9.8CVSS5.8AI score0.00408EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/12 11:52 a.m.11 views

WordPress Penci Soledad Data Migrator plugin <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Soledad Data Migrator versions = 1.3.1...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/12 11:36 a.m.8 views

WordPress BuilderPress plugin <= 2.0.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin BuilderPress versions = 2.0.1...

5.8AI score0.00335EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/12 11:27 a.m.7 views

WordPress Mobile App Editor plugin <= 1.3.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by NumeX in WordPress Plugin Mobile App Editor versions = 1.3.1...

9.1CVSS5.8AI score0.00275EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/12 11:24 a.m.7 views

WordPress Website LLMs.txt plugin <= 8.2.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by benzdeus in WordPress Plugin Website LLMs.txt versions = 8.2.6...

5.8AI score0.00145EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/12 10:39 a.m.5 views

WordPress WOLF plugin <= 1.0.8.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WOLF versions = 1.0.8.7...

7.6CVSS5.9AI score0.00224EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/12 10:36 a.m.7 views

WordPress RegistrationMagic plugin <= 6.0.7.1 - Account Takeover vulnerability

Account Takeover vulnerability discovered by 0xd4rk5id3 in WordPress Plugin RegistrationMagic versions = 6.0.7.1...

8.1CVSS5.8AI score0.00376EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/12 10:35 a.m.7 views

WordPress Everest Forms Pro plugin <= 1.9.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Kishan Vyas in WordPress Plugin Everest Forms Pro versions = 1.9.10...

7.1CVSS5.8AI score0.00145EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/12 10:30 a.m.7 views

WordPress WPCafe plugin <= 3.0.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin WPCafe versions = 3.0.7...

9.1CVSS5.8AI score0.00302EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/12 8:45 a.m.6 views

WordPress Simple Ajax Chat plugin <= 20260217 - Unauthenticated Stored Cross-Site Scripting via 'c' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'c' vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Simple Ajax Chat versions = 20260217...

6.1CVSS5.8AI score0.00172EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 8:11 a.m.6 views

WordPress PixelYourSite PRO plugin <= 12.4.0.2 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin PixelYourSite PRO versions = 12.4.0.2...

7.2CVSS5.8AI score0.00283EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 8:10 a.m.5 views

WordPress PixelYourSite plugin <= 11.2.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin PixelYourSite – Your smart PIXEL TAG Manager versions = 11.2.0...

7.2CVSS5.8AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 8:8 a.m.4 views

WordPress DukaPress plugin <= 3.2.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Vuln Seeker Cyber Security Team in WordPress Plugin DukaPress versions = 3.2.4...

7.1CVSS5.8AI score0.00145EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 8:7 a.m.5 views

WordPress WP Front User Submit plugin < 5.0.6 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Mike Gozdiskowski in WordPress Plugin WP Front User Submit / Front Editor versions 5.0.6...

5.9CVSS5.8AI score0.00221EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 8:4 a.m.6 views

WordPress ExactMetrics plugin 7.1.0-9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update vulnerability

Authenticated Custom Improper Privilege Management to Role Privilege Escalation via Settings Update vulnerability discovered by Ali Sünbül in WordPress Plugin ExactMetrics versions 7.1.0-9.0.2...

8.8CVSS5.8AI score0.0038EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 7:58 a.m.5 views

WordPress Name Directory plugin <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'namedirectoryname' vulnerability discovered by Youssef Elouaer in WordPress Plugin Name Directory versions = 1.32.1...

7.2CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 7:40 a.m.6 views

WordPress Checkout Field Editor (Checkout Manager) for WooCommerce plugin <= 2.1.7 - Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field vulnerability

Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Checkout Field Editor Checkout Manager for WooCommerce versions = 2.1.7...

7.2CVSS5.8AI score0.00321EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 7:32 a.m.6 views

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Youssef Elouaer in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 2.0.1...

7.2CVSS5.8AI score0.00241EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 7:26 a.m.6 views

WordPress Gravity Forms plugin <= 2.9.28.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Form Title vulnerability discovered by hoshino in WordPress Plugin Gravity Forms versions = 2.9.28...

6.4CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 7:9 a.m.6 views

WordPress My Sticky Bar plugin <= 2.8.6 - Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action vulnerability

Unauthenticated SQL Injection via 'stickymenucontactleadform' Action vulnerability discovered by Dimas Maulana in WordPress Plugin My Sticky Bar versions = 2.8.6...

7.5CVSS5.8AI score0.00338EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 7:1 a.m.7 views

WordPress Datalogics Ecommerce Delivery plugin < 2.6.60 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Datalogics Ecommerce Delivery versions 2.6.60...

9.8CVSS5.8AI score0.0058EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 6:59 a.m.5 views

WordPress Divi Booster plugin < 5.0.2 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Saif Team 51 in WordPress Plugin Divi Booster versions 5.0.2...

8.1CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 1:56 a.m.6 views

WordPress RegistrationMagic plugin <= 6.0.7.2 - Subscriber+ Sensitive Data Disclosure vulnerability

Subscriber+ Sensitive Data Disclosure vulnerability discovered by bRpsd in WordPress Plugin RegistrationMagic versions = 6.0.7.2...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 1:50 a.m.4 views

WordPress LearnPress plugin <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Email Notification Triggering vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin LearnPress versions = 4.3.2.8...

4.3CVSS5.8AI score0.002EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 12:58 a.m.5 views

WordPress Gutena Forms plugin < 1.6.1 - Contributor+ Arbitrary Limited Options Update vulnerability

Contributor+ Arbitrary Limited Options Update vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder versions 1.6.1...

6.8CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/12 12:25 a.m.8 views

WordPress ExactMetrics plugin 8.6.0-9.0.2 - Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation

Authenticated Custom Insecure Direct Object Reference to Arbitrary Plugin Installation vulnerability discovered by Ali Sünbül in WordPress Plugin ExactMetrics versions 8.6.0-9.0.2...

8.8CVSS5.8AI score0.00631EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/11 6:18 p.m.8 views

WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.18 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin Advanced Product Fields Product Addons for WooCommerce versions = 1.6.18...

5.3CVSS5.8AI score0.00174EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/11 1:34 p.m.6 views

WordPress Responsive Blocks plugin <= 2.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Silver Asu in WordPress Plugin Responsive Blocks versions = 2.2.0...

5.3CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/11 10:42 a.m.7 views

WordPress weForms plugin <= 1.6.27 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Hidden Field Value via REST API vulnerability discovered by Muhammad Sharief in WordPress Plugin weForms versions = 1.6.27...

6.4CVSS5.8AI score0.00214EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/11 10:19 a.m.7 views

WordPress Royal Addons for Elementor plugin <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass vulnerability

Authenticated Author+ Arbitrary File Upload via main.php Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin Royal Elementor Addons versions = 1.7.1049...

8.8CVSS5.8AI score0.00468EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/11 9:59 a.m.6 views

WordPress MC4WP: Mailchimp for WordPress plugin <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin MC4WP versions = 4.11.1...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/11 9:37 a.m.7 views

WordPress RTMKit plugin <= 1.6.8 - Reflected Cross-Site Scripting via 'themebuilder' Parameter vulnerability

Reflected Cross-Site Scripting via 'themebuilder' Parameter vulnerability discovered by LionTree in WordPress Plugin RTMKit versions = 1.6.8...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/11 9:35 a.m.6 views

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting vulnerability

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin = 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting vulnerability discovered by lucsob in WordPress Plugin LatePoint versions = 5.2.7...

6.1CVSS5.8AI score0.00095EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/11 9:16 a.m.6 views

WordPress Unlimited Elements For Elementor plugin <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields vulnerability

Unauthenticated Stored Cross-Site Scripting via Form Entry Fields vulnerability discovered by WordFence in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.5...

7.2CVSS5.8AI score0.00345EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/11 9:3 a.m.6 views

WordPress MetForm Pro plugin <= 3.9.6 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by andrea bocchetti in WordPress Plugin MetForm Pro versions = 3.9.6...

7.2CVSS5.8AI score0.00308EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/11 8:30 a.m.6 views

WordPress The Events Calendar plugin <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import vulnerability

Authenticated Author+ Arbitrary File Read via ajaxcreateimport vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin The Events Calendar versions = 6.15.17...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/11 8:12 a.m.6 views

WordPress Appointment Booking Calendar plugin <= 1.6.9.27 - Unauthenticated SQL Injection via 'append_where_sql' Parameter vulnerability

Unauthenticated SQL Injection via 'appendwheresql' Parameter vulnerability discovered by d.v4ns3c in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.27...

7.5CVSS5.8AI score0.00406EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/11 7:59 a.m.5 views

WordPress JetBooking plugin <= 4.0.3 - Unauthenticated SQL Injection via 'check_in_date' Parameter vulnerability

Unauthenticated SQL Injection via 'checkindate' Parameter vulnerability discovered by hoshino in WordPress Plugin JetBooking versions = 4.0.3...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/11 7:46 a.m.9 views

WordPress WP Maps plugin <= 4.9.1 - Unauthenticated SQL Injection via 'location_id' Parameter vulnerability

Unauthenticated SQL Injection via 'locationid' Parameter vulnerability discovered by johska in WordPress Plugin WP Maps versions = 4.9.1...

7.5CVSS5.8AI score0.00418EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/03/11 7:28 a.m.5 views

WordPress Ally - Web Accessibility & Usability plugin <= 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability

WordPress Ally - Web Accessibility & Usability plugin = 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Ally versions = 4.0.3...

7.5CVSS5.8AI score0.02289EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/03/11 7:19 a.m.6 views

WordPress ProfilePress plugin <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Subscription Cancellation/Expiration vulnerability discovered by kai63001 in WordPress Plugin ProfilePress versions = 4.16.11...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46704