Lucene search
K
PatchstackRecent

46684 matches found

Patchstack
Patchstack
added 2026/02/20 7:13 a.m.6 views

WordPress Product Table and List Builder for WooCommerce Lite plugin <= 4.6.2 - Unauthenticated Time-Based SQL Injection via 'search' Parameter vulnerability

Unauthenticated Time-Based SQL Injection via 'search' Parameter vulnerability discovered by Nguyen Ba Hung bashu - KCSC in WordPress Plugin WooCommerce Product Table Lite versions = 4.6.2...

7.5CVSS5.9AI score0.00337EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 11:54 p.m.8 views

WordPress Master Addons For Elementor plugin <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'maelbhtablebtntext' vulnerability discovered by Thanakorn Bunsin - KMITL in WordPress Plugin Master Addons for Elementor versions = 2.1.1...

6.4CVSS5.5AI score0.00152EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 11:39 p.m.7 views

WordPress Quiz Maker plugin <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Quiz Maker versions = 6.7.1.7...

6.4CVSS5.5AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 2:55 p.m.4 views

WordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Ally versions = 4.0.2...

5.3CVSS5.4AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/19 1:57 p.m.10 views

WordPress Advanced AJAX Product Filters plugin <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility vulnerability

Authenticated Author+ PHP Object Injection via Live Composer Compatibility vulnerability discovered by WordFence in WordPress Plugin Advanced AJAX Product Filters versions = 3.1.9.6...

8.8CVSS5.5AI score0.0046EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:58 p.m.7 views

WordPress Brevo plugin <= 3.3.0 - Unauthenticated Authorization Bypass via Type Juggling vulnerability

Unauthenticated Authorization Bypass via Type Juggling vulnerability discovered by ISMAILSHADOW in WordPress Plugin Brevo versions = 3.3.0...

6.5CVSS5.5AI score0.00463EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:55 p.m.5 views

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Modification vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Blog2Social versions = 8.7.4...

6.5CVSS5.5AI score0.00336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:52 p.m.5 views

WordPress Shield Security plugin <= 21.0.8 - Cross-Site Request Forgery to SQL Injection vulnerability

Cross-Site Request Forgery to SQL Injection vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.8...

6.5CVSS6AI score0.00397EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 10:27 a.m.4 views

WordPress Checkout Field Manager (Checkout Manager) for WooCommerce plugin <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by NosleeP++ in WordPress Plugin WooCommerce Checkout Manager versions = 7.8.5...

5.3CVSS5.5AI score0.00407EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 10:24 a.m.10 views

WordPress Prodigy Commerce plugin <= 3.2.9 - Unauthenticated Local File Inclusion via parameters[template_name] vulnerability

Unauthenticated Local File Inclusion via parameterstemplatename vulnerability discovered by WordFence in WordPress Plugin Prodigy Commerce versions = 3.2.9...

9.8CVSS5.5AI score0.09396EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 9:57 a.m.5 views

WordPress URL Shortify plugin <= 1.12.3 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Jitlada in WordPress Plugin URL Shortify versions = 1.12.3...

5.5CVSS5.5AI score0.00237EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/19 8:50 a.m.8 views

WordPress Orderable plugin <= 1.20.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Installation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Orderable versions = 1.20.0...

8.8CVSS5.5AI score0.00605EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 8:50 a.m.8 views

WordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin WP-Lister Lite for eBay versions = 3.8.5...

5.3CVSS5.4AI score0.00228EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/19 8:47 a.m.9 views

WordPress Two Factor (2FA) Authentication via Email plugin <= 1.9.8 - Two-Factor Authentication Bypass via token vulnerability

Two-Factor Authentication Bypass via token vulnerability discovered by Ulyses Saicha in WordPress Plugin Two Factor 2FA Authentication via Email versions = 1.9.8...

6.5CVSS5.5AI score0.00361EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 8:39 a.m.9 views

WordPress Library Management System plugin <= 3.2.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by WordFence in WordPress Plugin Library Management System versions = 3.2.1...

7.5CVSS5.9AI score0.00446EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 8:37 a.m.6 views

WordPress Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent plugin <= 4.1.2 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by Rafshanzani Suhada in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.1.2...

7.5CVSS5.5AI score0.00369EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 8:37 a.m.8 views

WordPress Video Conferencing with Zoom API plugin < 4.6.6 - Unauthenticated SDK Signature Generation vulnerability

Unauthenticated SDK Signature Generation vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Video Conferencing with Zoom versions 4.6.6...

7.5CVSS5.5AI score0.01211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 8:36 a.m.7 views

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name vulnerability

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.37 - Authenticated Subscriber+ SQL Injection via File Name vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.37...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 8:17 a.m.7 views

WordPress s2Member plugin <= 260127 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Alyudin Nafiie in WordPress Plugin s2Member versions = 260127...

9.8CVSS5.5AI score0.00376EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 7:57 a.m.5 views

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function vulnerability

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via idonatedonorprofile Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.1.5-2.1.9...

8.8CVSS5.5AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 7:53 a.m.12 views

WordPress Slider Future plugin <= 1.0.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Slider Future versions = 1.0.5...

9.8CVSS5.5AI score0.03177EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 7:39 a.m.8 views

WordPress Lizza LMS Pro plugin <= 1.0.3 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Lizza LMS Pro versions = 1.0.3...

9.8CVSS5.5AI score0.00368EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 7:27 a.m.6 views

WordPress Buyent Theme (with Buyent Classified Plugin) plugin <= 1.0.7 - Unauthenticated Privilege Escalation via User Registration vulnerability

Unauthenticated Privilege Escalation via User Registration vulnerability discovered by シルAsuna in WordPress Theme Buyent versions = 1.0.7...

9.8CVSS5.6AI score0.0031EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 7:21 a.m.6 views

WordPress WP AUDIO GALLERY plugin <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation vulnerability

Authenticated Subscriber+ Arbitrary File Read via .htaccess Manipulation vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP AUDIO GALLERY versions = 2.0...

8.8CVSS5.5AI score0.00372EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 7:16 a.m.6 views

WordPress Tablesome Table 0.5.4-1.2.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure and Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Information Exposure and Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Tablesome versions 0.5.4-1.2.1...

8.8CVSS5.5AI score0.00356EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 7:3 a.m.6 views

WordPress Clasifico Listing plugin <= 2.0 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Clasifico Listing versions = 2.0...

9.8CVSS5.5AI score0.00413EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 3:21 a.m.6 views

WordPress Nelio AB Testing plugin <= 8.2.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Nelio AB Testing versions = 8.2.4...

7.6CVSS5.9AI score0.00361EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:21 a.m.6 views

WordPress Dealia plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Gutenberg Block Attributes vulnerability discovered by Ronnachai Sretawat Na Ayutaya Simonhaskelly - Reconix Co., Ltd. in WordPress Plugin Dealia versions = 1.0.6...

6.4CVSS5.5AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:20 a.m.9 views

WordPress Client Testimonial Slider plugin <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Testimonial Heading' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Testimonial Heading' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Client Testimonial Slider versions = 2.0...

4.4CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:18 a.m.9 views

WordPress MP3 Audio Player 4.0-5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability

Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability discovered by kr0d in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions 4.0-5.10...

5.3CVSS5.5AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:14 a.m.9 views

WordPress XO Event Calendar plugin <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'xoeventfield' shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin XO Event Calendar versions = 3.2.10...

6.4CVSS5.5AI score0.00307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:13 a.m.7 views

WordPress Groups plugin <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'groupsgroupinfo' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Groups versions = 3.10.0...

6.4CVSS5.5AI score0.00279EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:12 a.m.5 views

WordPress YaMaps for WordPress plugin <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Parameters vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin YaMaps for WordPress versions = 0.6.40...

6.4CVSS5.5AI score0.00242EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:11 a.m.7 views

WordPress BackWPup plugin <= 5.6.2 - Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update vulnerability

Authenticated BackWPup Helper+ Privilege Escalation via Arbitrary Options Update vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin BackWPup versions = 5.6.2...

7.2CVSS5.5AI score0.00375EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:11 a.m.8 views

WordPress Advanced Custom Fields: Font Awesome plugin <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by JongHwan Shin zzzsleep in WordPress Plugin Advanced Custom Fields: Font Awesome Field versions = 5.0.1...

6.4CVSS5.5AI score0.00293EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:9 a.m.6 views

WordPress Virusdie plugin <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key Disclosure vulnerability

Missing Authorization to Authenticated Subscriber+ API Key Disclosure vulnerability discovered by Sushi Com Abacate in WordPress Plugin Virusdie versions = 1.1.7...

4.3CVSS5.5AI score0.00327EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:8 a.m.8 views

WordPress Image Hotspot by DevVN plugin <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Meta vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Custom Field Meta vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Image Hotspot by DevVN versions = 1.2.9...

6.4CVSS5.5AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:5 a.m.7 views

WordPress Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update vulnerability

Missing Authorization to Authenticated Subscriber+ Email MFA Update vulnerability discovered by shark3y in WordPress Plugin Shield Security versions = 21.0.9...

4.3CVSS5.5AI score0.00198EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:5 a.m.6 views

WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.14 - Missing Authorization to Authenticated (Subscriber+) Cloud Service Disconnection vulnerability

Missing Authorization to Authenticated Subscriber+ Cloud Service Disconnection vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin SEO Plugin by Squirrly SEO versions = 12.4.14...

4.3CVSS5.5AI score0.00291EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:2 a.m.10 views

WordPress OneClick Chat to Order plugin <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update vulnerability

Missing Authorization to Authenticated Editor+ Plugin Settings Update vulnerability discovered by Mohammad Amin Hajian mamadrce in WordPress Plugin OneClick Chat to Order versions = 1.0.9...

2.7CVSS5.5AI score0.00314EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:0 a.m.7 views

WordPress Tennis Court Bookings plugin <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings and Calendar Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Admin Settings and Calendar Parameters vulnerability discovered by 0x34rth in WordPress Plugin Tennis Court Bookings versions = 1.2.7...

4.4CVSS5.5AI score0.00254EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 11:59 p.m.6 views

WordPress salavat counter Plugin plugin <= 0.9.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'image_url' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'imageurl' Parameter vulnerability discovered by 0x34rth in WordPress Plugin salavat counter versions = 0.9.5...

4.4CVSS5.5AI score0.00297EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 11:58 p.m.5 views

WordPress Remove Post Type Slug plugin <= 1.0.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Remove Post Type Slug versions = 1.0.2...

4.3CVSS5.5AI score0.00151EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 11:56 p.m.4 views

WordPress TalkJS plugin <= 0.1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'welcomeMessage' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'welcomeMessage' Parameter vulnerability discovered by 0x34rth in WordPress Plugin TalkJS versions = 0.1.15...

4.4CVSS5.5AI score0.00203EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 11:54 p.m.8 views

WordPress Dealia - Request a quote plugin <= 1.0.6 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset vulnerability

WordPress Dealia - Request a quote plugin = 1.0.6 - Missing Authorization to Authenticated Contributor+ Plugin Configuration Reset vulnerability discovered by Ronnachai Sretawat Na Ayutaya Simonhaskelly - Reconix Co., Ltd. in WordPress Plugin Dealia versions = 1.0.6...

4.3CVSS5.5AI score0.00208EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 11:42 p.m.6 views

WordPress Slidorion plugin <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Slidorion Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Slidorion Settings vulnerability discovered by san6051 - PWC in WordPress Plugin Slidorion versions = 1.0.2...

4.4CVSS5.5AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 11:41 p.m.6 views

WordPress News Element Elementor Blog Magazine plugin <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Data Loss vulnerability

Missing Authorization to Authenticated Subscriber+ Data Loss vulnerability discovered by Legion Hunter in WordPress Plugin News Element Elementor Blog Magazine versions = 1.0.8...

5.4CVSS5.5AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 11:36 p.m.6 views

WordPress Advance Block Extend plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability discovered by WordFence in WordPress Plugin Advance Block Extend versions = 1.0.4...

6.4CVSS5.5AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 11:34 p.m.5 views

WordPress Toret Manager plugin <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions vulnerability

Authenticated Subscriber+ Arbitrary Options Update via AJAX actions vulnerability discovered by vgo0 in WordPress Plugin Toret Manager versions = 1.2.7...

8.8CVSS5.5AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 11:30 p.m.10 views

WordPress Whatsiplus Scheduled Notification for Woocommerce plugin <= 1.0.1 - Cross-Site Request Forgery to 'wsnfw_save_users_settings' AJAX Action vulnerability

Cross-Site Request Forgery to 'wsnfwsaveuserssettings' AJAX Action vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Whatsiplus Scheduled Notification for Woocommerce versions = 1.0.1...

4.3CVSS5.5AI score0.00124EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46684