Lucene search
K
PatchstackRecent

46684 matches found

Patchstack
Patchstack
added 2026/02/18 6:34 a.m.6 views

WordPress Business Directory Plugin plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter vulnerability

Unauthenticated SQL Injection via payment Parameter vulnerability discovered by Sein Linn in WordPress Plugin Business Directory versions = 6.4.21...

7.5CVSS5.9AI score0.00432EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 6:19 a.m.4 views

WordPress Spa and Salon theme <= 1.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Spa and Salon versions = 1.3.2...

5.3CVSS5.4AI score0.00272EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:47 a.m.12 views

WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment vulnerability

WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin = 6.0.6.9 - Unauthenticated Payment Bypass via rmprocesspaypalsdkpayment vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin RegistrationMagi...

5.3CVSS5.6AI score0.00216EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:43 a.m.7 views

WordPress Complianz | GDPR/CCPA Cookie Consent plugin <= 7.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Complianz versions = 7.4.3...

6.4CVSS5.5AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:42 a.m.8 views

WordPress User Submitted Posts plugin <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter vulnerability

Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter vulnerability discovered by type5afe in WordPress Plugin User Submitted Posts versions = 20260113...

5.3CVSS5.5AI score0.00345EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:39 a.m.9 views

WordPress Video Share VOD plugin <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Custom Field Meta Values vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Video Share VOD versions = 2.7.11...

4.4CVSS5.5AI score0.00274EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:37 a.m.10 views

WordPress SiteOrigin Widgets Bundle plugin <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by bashu - KCSC in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.70.4...

5.4CVSS5.5AI score0.00284EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:36 a.m.6 views

WordPress WP Event Aggregator plugin <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by WordFence in WordPress Plugin WP Event Aggregator versions = 1.8.7...

6.4CVSS5.5AI score0.0025EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:36 a.m.8 views

WordPress Community Events plugin <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'cevenuename' Parameter vulnerability discovered by Bee - FPT University in WordPress Plugin Community Events versions = 1.5.7...

4.4CVSS5.5AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:34 a.m.8 views

WordPress Business Directory Plugin plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Listing Modification vulnerability discovered by Sein Linn in WordPress Plugin Business Directory versions = 6.4.20...

5.3CVSS5.5AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:33 a.m.6 views

WordPress EventPrime plugin <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Event Modification via 'eventid' Parameter vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin EventPrime versions = 4.2.8.4...

4.3CVSS5.5AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:32 a.m.9 views

WordPress WP-DownloadManager plugin <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Read via 'downloadpath' Parameter vulnerability discovered by n4ur15 in WordPress Plugin WP-DownloadManager versions = 1.69...

2.7CVSS5.5AI score0.00718EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:31 a.m.12 views

WordPress Dam Spam plugin <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Pending Comment Deletion vulnerability discovered by Duong Quang Hao in WordPress Plugin Dam Spam versions = 1.0.8...

4.3CVSS5.5AI score0.00165EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:29 a.m.4 views

WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability

Missing Authorization to Authenticated Shop Manager+ License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

5.3CVSS5.5AI score0.00307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:28 a.m.9 views

WordPress Kali Forms plugin <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Form Data Exposure vulnerability discovered by Youssef Elouaer in WordPress Plugin Kali Forms versions = 2.4.8...

4.3CVSS5.5AI score0.00289EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:27 a.m.6 views

WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation vulnerability

Missing Authorization to Authenticated Shop Manager+ Plugin Installation and Activation vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

2.7CVSS5.5AI score0.00293EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:24 a.m.8 views

WordPress YayMail plugin <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting via Template Elements vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

4.4CVSS5.5AI score0.00264EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:23 a.m.8 views

WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action vulnerability

Missing Authorization to Authenticated Shop Manager+ Arbitrary Options Update via 'yaymailimportstate' AJAX Action vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

9.8CVSS5.5AI score0.00411EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:12 a.m.8 views

WordPress Private Comment plugin <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Label Text Setting vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin Private Comment versions = 0.0.4...

4.4CVSS5.5AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:11 a.m.5 views

WordPress InteractiveCalculator for WordPress plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin InteractiveCalculator for WordPress versions = 1.0.3...

6.4CVSS5.5AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:1 a.m.5 views

WordPress Cart All In One For WooCommerce plugin <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting vulnerability

Authenticated Administrator+ Code Injection via 'scassignpage' Setting vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Cart All In One For WooCommerce versions = 1.1.21...

7.2CVSS5.5AI score0.00481EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:58 p.m.6 views

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload vulnerability

Missing Authorization to Authenticated Contributor+ Unauthorized Media Upload vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...

4.3CVSS5.5AI score0.00327EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:58 p.m.6 views

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter vulnerability

Authenticated Contributor+ Server-Side Request Forgery via 'endpoint' Parameter vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...

4.3CVSS5.5AI score0.00283EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:57 p.m.7 views

WordPress Taskbuilder plugin <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Project/Task Comment Creation vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Taskbuilder versions = 5.0.2...

4.3CVSS5.5AI score0.00261EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:55 p.m.6 views

WordPress Keybase.io Verification plugin <= 1.4.5 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Keybase.io Verification versions = 1.4.5...

4.3CVSS5.5AI score0.00156EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:55 p.m.6 views

WordPress PDF Invoices & Packing Slips for WooCommerce plugin <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifier Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Peppol Identifier Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WooCommerce PDF Invoices & Packing Slips versions = 5.6.0...

4.3CVSS5.5AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:52 p.m.6 views

WordPress WP Plugin Info Card plugin <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation vulnerability

Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation vulnerability discovered by Duong Quang Hao in WordPress Plugin WP Plugin Info Card versions = 6.2.0...

4.3CVSS5.5AI score0.00156EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:52 p.m.6 views

WordPress Membership Plugin - Restrict Content plugin <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings vulnerability

WordPress Membership Plugin - Restrict Content plugin = 3.2.18 - Authenticated Administrator+ Stored Cross-Site Scripting via Invoice Settings vulnerability discovered by Miguel Santareno in WordPress Plugin Restrict Content versions = 3.2.18...

4.4CVSS5.5AI score0.00308EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:48 p.m.6 views

WordPress VK All in One Expansion Unit plugin <= 9.112.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SNS Title vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via SNS Title vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin VK All in One Expansion Unit versions = 9.112.3...

6.4CVSS5.5AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:47 p.m.6 views

WordPress Tickera - WordPress Event Ticketing plugin <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update vulnerability

WordPress Tickera - WordPress Event Ticketing plugin = 3.5.6.4 - Missing Authorization to Authenticated Subscriber+ Event/Post Status Update vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Tickera versions = 3.5.6.4...

4.3CVSS5.5AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:46 p.m.5 views

WordPress Popup Box - Easily Create WordPress Popups plugin <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Popup Box - Easily Create WordPress Popups plugin = 3.2.12 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Popup Box versions = 3.2.12...

6.4CVSS5.4AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:45 p.m.7 views

WordPress Context Blog theme <= 1.2.5 - Unauthenticated Private Post Disclosure vulnerability

Unauthenticated Private Post Disclosure vulnerability discovered by jsonc in WordPress Theme Context Blog versions = 1.2.5...

5.3CVSS5.5AI score0.00336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:43 p.m.10 views

WordPress Frontend User Notes plugin <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Note Modification vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Frontend User Notes versions = 2.1.0...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:31 p.m.5 views

WordPress Order Splitter for WooCommerce plugin <= 5.3.5 - Missing Authorization to Authenticated (Subscriber+) Order Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Order Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Order Splitter for WooCommerce versions = 5.3.5...

4.3CVSS5.5AI score0.00221EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:29 p.m.9 views

WordPress WP 404 Auto Redirect plugin <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Cody Sixteen in WordPress Plugin WP 404 Auto Redirect to Similar Post versions = 1.0.5...

4.4CVSS5.5AI score0.00192EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:23 p.m.7 views

WordPress Filestack plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Filestack versions = 2.0.8...

6.4CVSS5.5AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:22 p.m.6 views

WordPress URL Shortify plugin <= 1.12.1 - Unauthenticated Open Redirect via 'redirect_to' Parameter vulnerability

Unauthenticated Open Redirect via 'redirectto' Parameter vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin URL Shortify versions = 1.12.1...

4.7CVSS5.5AI score0.00592EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:22 p.m.6 views

WordPress Frontend Post Submission Manager Lite plugin <= 1.2.7 - Unauthenticated Open Redirect via 'requested_page' Parameter vulnerability

Unauthenticated Open Redirect via 'requestedpage' Parameter vulnerability discovered by kr0d in WordPress Plugin Frontend Post Submission Manager Lite versions 1.0.0-1.2.7...

6.1CVSS5.5AI score0.0046EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:18 p.m.6 views

WordPress Display During Conditional Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via message Parameter vulnerability discovered by Gilang - DJ in WordPress Plugin Display During Conditional Shortcode versions = 1.2...

6.4CVSS5.5AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 8:7 p.m.7 views

WordPress Simple Ajax Chat plugin <= 20251121 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin Simple Ajax Chat versions = 20251121...

5.3CVSS5.3AI score0.00304EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/17 5:31 p.m.7 views

WordPress Academy LMS plugin <= 3.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Academy LMS versions = 3.5.3...

6.5CVSS5.4AI score0.00212EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/17 1:49 p.m.8 views

WordPress PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 11.2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin PixelYourSite – Your smart PIXEL TAG Manager versions = 11.2.0.1...

7.1CVSS5.4AI score0.00146EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/17 12:36 p.m.10 views

WordPress PixelYourSite plugin <= 11.2.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin PixelYourSite – Your smart PIXEL TAG Manager versions = 11.2.0...

7.2CVSS5.5AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 12:14 p.m.8 views

WordPress Wolmart Core plugin <= 1.9.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Wolmart Core versions = 1.9.6...

9.3CVSS5.9AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:52 a.m.8 views

WordPress Applay - Shortcodes plugin <= 3.7 - PHP Object Injection vulnerability

WordPress Applay - Shortcodes plugin = 3.7 - PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Applay - Shortcodes versions = 3.7...

8.8CVSS5.5AI score0.00304EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:46 a.m.6 views

WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability

WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme = 1.3 - Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PawFriends - Pet Shop and Veterinary WordPress Theme versions = 1.3...

5.4CVSS5.5AI score0.00271EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:45 a.m.2 views

WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Local File Inclusion vulnerability

WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme = 1.3 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PawFriends - Pet Shop and Veterinary WordPress Theme versions = 1.3...

8.1CVSS5.5AI score0.00327EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:44 a.m.13 views

WordPress Frontend File Manager Plugin plugin <= 23.5 - Unauthenticated Arbitrary Email Sending vulnerability

Unauthenticated Arbitrary Email Sending vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Frontend File Manager versions = 23.5...

5.8CVSS5.4AI score0.00682EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:33 a.m.5 views

WordPress Wiguard theme < 2.0.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wiguard versions 2.0.1...

9.9CVSS5.5AI score0.00434EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/17 8:13 a.m.3 views

WordPress UnlimHost theme <= 1.2.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme UnlimHost versions = 1.2.3...

8.1CVSS5.5AI score0.00334EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46684