Lucene search
K
PatchstackRecent

46702 matches found

Patchstack
Patchstack
added 2026/03/10 11:27 p.m.5 views

WordPress 6.9-6.9.3 - Broken Access Control in Notes vulnerability

Broken Access Control in Notes vulnerability discovered by kaminuma in WordPress core versions 6.9-6.9.3...

4.3CVSS5.8AI score0.00305EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:22 p.m.7 views

WordPress Core <= 6.9.1 - Missing Authorization to Authenticated (Author+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Author+ Sensitive Information Disclosure vulnerability discovered by Vitaly Simonovich in WordPress core versions = 6.9.1...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:17 p.m.6 views

WordPress Happy Addons for Elementor plugin <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Post Duplication via 'postid' Parameter vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Happy Addons for Elementor versions = 3.21.0...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:16 p.m.6 views

WordPress Happy Addons for Elementor plugin <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Stored Cross-Site Scripting via Template Conditions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Happy Addons for Elementor versions = 3.21.0...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:15 p.m.9 views

WordPress Modular Connector plugin <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauth vulnerability

Cross-Site Request Forgery via postConfirmOauth vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Modular DS versions = 2.5.1...

4.3CVSS5.8AI score0.00104EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:14 p.m.5 views

WordPress Court Reservation plugin < 1.10.9 - Event Deletion via CSRF vulnerability

Event Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Court Reservation versions 1.10.9...

4.3CVSS5.8AI score0.00124EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:11 p.m.5 views

WordPress Astra theme <= 4.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Meta vulnerability discovered by at1as - Self-Employed in WordPress Theme Astra WordPress Theme versions = 4.12.3...

6.4CVSS5.8AI score0.00199EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 10:59 p.m.6 views

WordPress WP ULike plugin <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attribute vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin WP ULike versions = 5.0.1...

6.4CVSS5.8AI score0.0021EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 10:11 p.m.5 views

WordPress Dear Flipbook plugin <= 2.4.20 - Authenticated (Author+) Stored Cross-Site Scripting via PDF Page Labels vulnerability

Authenticated Author+ Stored Cross-Site Scripting via PDF Page Labels vulnerability discovered by Drew Webber mcdruid in WordPress Plugin DearFlip versions = 2.4.20...

6.4CVSS5.8AI score0.00152EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 9:55 p.m.4 views

WordPress NextScripts: Social Networks Auto-Poster plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'nxsfbembed' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NextScripts versions = 4.4.6...

6.4CVSS5.8AI score0.04279EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 9:40 p.m.9 views

WordPress Booktics plugin <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints vulnerability

Missing Authorization to Get Items via REST API endpoints vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Booktics versions = 1.0.16...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 9:38 p.m.5 views

WordPress Booktics plugin <= 1.0.16 - Missing Authorization to Addon Plugin Installation vulnerability

Missing Authorization to Addon Plugin Installation vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Booktics versions = 1.0.16...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 8:24 p.m.2 views

WordPress Core <= 6.9.1 - Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability discovered by sibwtf in WordPress core versions 6.9-6.9.1...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 7:8 p.m.4 views

WordPress Admin Menu Editor plugin <= 1.14.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by timomangcut in WordPress Plugin Admin Menu Editor versions = 1.14.1...

4.3CVSS5.8AI score0.00097EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 2:33 p.m.5 views

WordPress MDTF plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin MDTF versions = 1.3.5...

6.5CVSS5.8AI score0.00129EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 12:16 p.m.5 views

WordPress News Magazine X theme <= 1.2.50 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by John P in WordPress Theme News Magazine X versions = 1.2.50...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:38 a.m.6 views

WordPress EventPrime plugin <= 4.2.6.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin EventPrime versions = 4.2.6.0...

7.5CVSS5.8AI score0.00314EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:21 a.m.5 views

WordPress Addi – Cuotas que se adaptan a ti plugin <= 2.0.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Addi Cuotas que se adaptan a ti versions = 2.0.4...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:5 a.m.7 views

WordPress Love Story theme <= 1.3.12 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Love Story versions = 1.3.12...

9.8CVSS5.8AI score0.00375EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:5 a.m.6 views

WordPress Work & Travel Company theme <= 1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Work & Travel Company versions = 1.2...

9.8CVSS5.8AI score0.00375EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:4 a.m.6 views

WordPress Buisson theme <= 1.1.11 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Buisson versions = 1.1.11...

9.8CVSS5.8AI score0.00476EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:4 a.m.6 views

WordPress tagDiv Composer plugin <= 5.4.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin tagDiv Composer versions = 5.4.2...

7.1CVSS5.8AI score0.00145EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 11:3 a.m.5 views

WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin WP User Frontend versions = 4.2.5...

6.5CVSS5.8AI score0.00311EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 10:44 a.m.5 views

WordPress Wolverine Framework plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Wolverine Framework versions = 1.9...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 10:44 a.m.4 views

WordPress Darna Framework plugin <= 2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Darna Framework versions = 2.9...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 10:37 a.m.4 views

WordPress Contest Gallery plugin <= 28.1.2.1 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by lilmingwa13 in WordPress Plugin Contest Gallery versions = 28.1.2.1...

6.4CVSS5.8AI score0.00163EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 10:36 a.m.5 views

WordPress TotalContest Lite plugin <= 2.9.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin TotalContest Lite versions = 2.9.1...

7.2CVSS5.8AI score0.00233EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 10:29 a.m.5 views

WordPress Belfort theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Belfort versions = 1.0...

8.1CVSS5.8AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 10:29 a.m.5 views

WordPress LuxeDrive theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme LuxeDrive versions = 1.0...

8.1CVSS5.8AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 10:29 a.m.5 views

WordPress MultiOffice theme <= 1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme MultiOffice versions = 1.2...

8.1CVSS5.8AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 10:28 a.m.5 views

WordPress Amfissa theme <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Amfissa versions = 1.1...

8.1CVSS5.8AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 10:28 a.m.4 views

WordPress Deston theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Deston versions = 1.0...

8.1CVSS5.8AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 10:28 a.m.6 views

WordPress Emaurri theme <= 1.0.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Emaurri versions = 1.0.1...

8.1CVSS5.8AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 10:27 a.m.4 views

WordPress Rosebud theme <= 1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rosebud versions = 1.4...

8.1CVSS5.8AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 10:5 a.m.5 views

WordPress PitchPrint plugin <= 11.1.2 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by NumeX in WordPress Plugin PitchPrint versions = 11.1.2...

7.5CVSS5.8AI score0.00552EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 8:27 a.m.2 views

WordPress Core <= 6.9.1 - Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress core versions 6.9-6.9.1...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 8:11 a.m.7 views

WordPress UiPress lite plugin <= 3.5.09 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by w41bu1 in WordPress Plugin UiPress lite versions = 3.5.09...

6.3CVSS5.8AI score0.00157EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 7:44 a.m.8 views

WordPress Avada Core plugin < 5.15.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Avada Core versions 5.15.0...

6.5CVSS5.8AI score0.00129EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 7:43 a.m.6 views

WordPress Avada Core plugin < 5.15.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin Avada Core versions 5.15.0...

5.3CVSS5.8AI score0.00174EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 7:41 a.m.5 views

WordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin Fusion Builder versions 3.15.0...

5.3CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 7:40 a.m.5 views

WordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin Fusion Builder versions 3.15.0...

6.3CVSS5.8AI score0.00154EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 7:29 a.m.9 views

WordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Krissaphat Jankaew in WordPress Plugin Jobs for WordPress versions = 2.8...

7.5CVSS5.8AI score0.00353EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 7:27 a.m.4 views

WordPress Zorka theme <= 1.5.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Zorka versions = 1.5.7...

7.1CVSS5.8AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 7:24 a.m.5 views

WordPress Legacy Admin plugin <= 9.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Legacy Admin versions = 9.5...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 7:21 a.m.6 views

WordPress Ultra WordPress Admin plugin <= 11.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Ultra WordPress Admin versions = 11.7...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 6:26 a.m.6 views

WordPress Primer MyData for Woocommerce plugin <= 4.2.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Primer MyData for Woocommerce versions = 4.2.1...

6.1CVSS7.3AI score0.00285EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 12:30 a.m.3 views

WordPress Core <= 6.9.1 - Stored Cross-Site Scripting

Stored Cross-Site Scripting vulnerability discovered by Phill Savage in WordPress core versions 6.9-6.9.1...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/10 12:28 a.m.7 views

WordPress Active Products Tables for WooCommerce plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Active Products Tables for WooCommerce versions = 1.0.7...

6.5CVSS5.8AI score0.00129EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/10 12:2 a.m.6 views

WordPress WooCommerce plugin < 10.5.3 - Arbitrary Admin User Creation via CSRF vulnerability

Arbitrary Admin User Creation via CSRF vulnerability discovered by oolongeya in WordPress Plugin WooCommerce versions 10.5.3...

7.5CVSS5.8AI score0.00126EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/09 1:50 p.m.7 views

WordPress Handmade Framework plugin <= 3.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Handmade Framework versions = 3.9...

7.1CVSS5.8AI score0.0023EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46702