Lucene search
K
PatchstackRecent

46684 matches found

Patchstack
Patchstack
added 2026/02/16 11:49 a.m.6 views

WordPress Secure Copy Content Protection and Content Locking plugin <= 4.9.8 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header vulnerability

Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header vulnerability discovered by Deadbee - NA in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.9.8...

7.2CVSS5.5AI score0.00257EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/16 11:38 a.m.9 views

WordPress Customer Reviews for WooCommerce plugin <= 5.97.0 - Unauthenticated Stored Cross-Site Scripting via media[].href Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via media.href Parameter vulnerability discovered by type5afe in WordPress Plugin Customer Reviews for WooCommerce versions = 5.97.0...

7.2CVSS5.5AI score0.00257EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/16 10:46 a.m.6 views

WordPress Activity Log for WordPress plugin <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File vulnerability

Missing Authorization to Sensitive Information Exposure via Log File vulnerability discovered by WordFence in WordPress Plugin WP System Log versions = 1.2.8...

6.5CVSS5.5AI score0.00287EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/16 10:6 a.m.7 views

WordPress Converter for Media - Optimize images | Convert WebP & AVIF plugin <= 6.5.1 - Unauthenticated Server-Side Request Forgery via src vulnerability

WordPress Converter for Media - Optimize images | Convert WebP & AVIF plugin = 6.5.1 - Unauthenticated Server-Side Request Forgery via src vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Converter for Media versions = 6.5.1...

4.8CVSS5.4AI score0.00229EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/16 7:50 a.m.6 views

WordPress Product Options and Price Calculation Formulas for WooCommerce - Uni CPO (Premium) plugin <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion vulnerability

WordPress Product Options and Price Calculation Formulas for WooCommerce - Uni CPO Premium plugin = 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion vulnerability discovered by Stefan in WordPress Plugin Uni CPO Premium versions = 4.9.60...

5.8CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/16 7:45 a.m.10 views

WordPress BlueSnap Payment Gateway for WooCommerce plugin <= 3.3.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Manipulation vulnerability

Missing Authorization to Unauthenticated Arbitrary Order Status Manipulation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin BlueSnap Payment Gateway for WooCommerce versions = 3.3.0...

7.5CVSS5.5AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/16 7:42 a.m.8 views

WordPress Truelysell Core plugin <= 1.8.7 - Unauthenticated Privilege Escalation via Registration vulnerability

Unauthenticated Privilege Escalation via Registration vulnerability discovered by Alyudin Nafiie in WordPress Plugin Truelysell Core versions = 1.8.7...

9.8CVSS5.6AI score0.00439EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/16 7:30 a.m.7 views

WordPress wpForo Forum plugin <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection vulnerability

Authenticated Subscriber+ PHP Object Injection vulnerability discovered by Webbernaut in WordPress Plugin wpForo Forum versions = 2.4.13...

8.8CVSS5.5AI score0.00502EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/16 7:16 a.m.5 views

WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Skalucy in WordPress Plugin Jetpack CRM versions = 6.7.0...

7.5CVSS5.5AI score0.00423EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2026/02/16 7:5 a.m.7 views

WordPress Open User Map plugin <= 1.4.16 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Open User Map versions = 1.4.16...

6.5CVSS5.5AI score0.00319EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/16 7:3 a.m.5 views

WordPress Woocommerce Category Banner Management plugin <= 2.5.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Woocommerce Category Banner Management versions = 2.5.1...

8.8CVSS5.5AI score0.00468EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/15 10:35 p.m.8 views

WordPress Magic Login Mail or QR Code plugin <= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage vulnerability

Unauthenticated Privilege Escalation via Insecure QR Code File Storage vulnerability discovered by ifoundbug in WordPress Plugin Magic Login Mail or QR Code versions = 2.05...

8.1CVSS5.6AI score0.00466EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/15 10:12 p.m.9 views

WordPress midi-Synth plugin <= 1.1.0 - Unauthenticated Arbitrary File Upload via 'export' AJAX Action vulnerability

Unauthenticated Arbitrary File Upload via 'export' AJAX Action vulnerability discovered by WordFence in WordPress Plugin midi-Synth versions = 1.1.0...

9.8CVSS5.4AI score0.04458EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/15 9:48 p.m.6 views

WordPress PhotoStack Gallery plugin <= 0.4.1 - Unauthenticated SQL Injection via 'postid' Parameter vulnerability

Unauthenticated SQL Injection via 'postid' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin PhotoStack Gallery versions = 0.4.1...

7.5CVSS6AI score0.00497EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/15 9:13 p.m.5 views

WordPress SureForms - Drag and Drop Form Builder for WordPress plugin <= 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation vulnerability

WordPress SureForms - Drag and Drop Form Builder for WordPress plugin = 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation vulnerability discovered by andrea bocchetti in WordPress Plugin SureForms versions = 2.2.1...

5.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/15 6:58 p.m.6 views

WordPress Prime Listing Manager plugin <= 1.1 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Prime Listing Manager versions = 1.1...

9.8CVSS5.5AI score0.00366EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/15 6:56 p.m.9 views

WordPress WP eCommerce plugin <= 3.15.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin WP eCommerce versions = 3.15.1...

6.5CVSS5.6AI score0.00269EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/15 5:40 p.m.11 views

WordPress AdForest theme <= 6.0.12 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Phat RiO - BlueRock in WordPress Theme AdForest versions = 6.0.12...

9.8CVSS5.4AI score0.00581EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/15 9:7 a.m.5 views

WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Client Invoicing by Sprout Invoices versions = 20.8.8...

5.3CVSS5.4AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/15 5:44 a.m.4 views

WordPress FooGallery plugin <= 3.1.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Steven Julian in WordPress Plugin FooGallery versions = 3.1.11...

4.3CVSS5.4AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/15 5:43 a.m.5 views

WordPress FooGallery plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Steven Julian in WordPress Plugin FooGallery versions = 3.1.11...

5.9CVSS5.4AI score0.00167EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/14 9:2 a.m.5 views

WordPress Download Alt Text AI plugin <= 1.10.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Download Alt Text AI versions = 1.10.15...

5.3CVSS5.4AI score0.00277EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/14 5:18 a.m.6 views

WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Steven Julian in WordPress Plugin WP Activity Log versions = 5.5.4...

6.5CVSS5.4AI score0.00156EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:55 p.m.8 views

WordPress Media Library Folders plugin <= 8.3.6 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename vulnerability

Insecure Direct Object Reference to Authenticated Author+ Arbitrary Attachment Deletion and Rename vulnerability discovered by shivanandsnaidu - naidu computers in WordPress Plugin Media Library Folders versions = 8.3.6...

4.3CVSS5.5AI score0.00209EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:54 p.m.11 views

WordPress Essential Addons for Elementor plugin <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Info Box Widget vulnerability discovered by knani alaaeddine iwd in WordPress Plugin Essential Addons for Elementor versions = 6.5.9...

6.4CVSS5.4AI score0.00218EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:51 p.m.5 views

WordPress MP3 Audio Player 5.3-5.10 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by kr0d in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions 5.3-5.10...

5CVSS5.5AI score0.00183EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:49 p.m.4 views

WordPress Mail Mint plugin <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints vulnerability

Authenticated Administrator+ SQL Injection via Multiple API Endpoints vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Mail Mint versions = 1.19.2...

4.9CVSS6AI score0.00351EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:48 p.m.9 views

WordPress Modula Image Gallery - Photo Grid & Video Gallery plugin <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing vulnerability

WordPress Modula Image Gallery - Photo Grid & Video Gallery plugin = 2.13.6 - Missing Authorization to Authenticated Contributor+ Arbitrary Post/Page Editing vulnerability discovered by type5afe in WordPress Plugin Modula Image Gallery versions = 2.13.6...

4.3CVSS5.5AI score0.00177EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:44 p.m.6 views

WordPress myCred plugin <= 2.9.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'mycredloadcoupon' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin myCred versions = 2.9.7.3...

6.4CVSS5.4AI score0.00152EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:39 p.m.4 views

WordPress Link Hopper plugin <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'hop_name' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'hopname' Parameter vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Link Hopper versions = 2.5...

4.4CVSS5.4AI score0.00206EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:38 p.m.6 views

WordPress Ravelry Designs Widget plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'sbravelrydesigns' Shortcode 'layout' Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ravelry Designs Widget versions = 1.0.0...

6.4CVSS5.4AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:29 p.m.5 views

WordPress UpMenu plugin <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin UpMenu versions = 3.1...

6.4CVSS5.4AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:25 p.m.7 views

WordPress Chatbot for WordPress by Collect.chat ⚡️ plugin <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Meta Field vulnerability discovered by Deadbee - NA in WordPress Plugin collectchat versions = 2.4.8...

6.4CVSS5.4AI score0.00255EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:20 p.m.7 views

WordPress Press3D plugin <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability discovered by WordFence in WordPress Plugin Press3D versions = 1.0.2...

6.4CVSS5.4AI score0.00279EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:18 p.m.7 views

WordPress Smart Forms plugin <= 2.6.99 - Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Campaign Data Exposure vulnerability discovered by lucsob in WordPress Plugin Smart Forms versions = 2.6.99...

4.3CVSS5.5AI score0.00252EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:17 p.m.6 views

WordPress User Language Switch plugin <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'tabcolorpickerlanguageswitch' Parameter vulnerability discovered by 0x34rth in WordPress Plugin User Language Switch versions = 1.6.10...

4.4CVSS5.4AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:15 p.m.7 views

WordPress User Language Switch plugin <= 1.6.10 - Authenticated (Administrator+) Server-Side Request Forgery via 'info_language' Parameter vulnerability

Authenticated Administrator+ Server-Side Request Forgery via 'infolanguage' Parameter vulnerability discovered by 0x34rth in WordPress Plugin User Language Switch versions = 1.6.10...

7.2CVSS5.5AI score0.00335EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:14 p.m.8 views

WordPress Payment Page | Payment Form for Stripe plugin <= 1.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'pricing_plan_select_text_font_family' Parameter vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'pricingplanselecttextfontfamily' Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Payment Page versions = 1.4.6...

6.4CVSS5.4AI score0.00269EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:12 p.m.7 views

WordPress MDirector Newsletter plugin <= 4.5.8 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin MDirector Newsletter versions = 4.5.8...

4.3CVSS5.5AI score0.00163EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:9 p.m.6 views

WordPress MailChimp Campaigns plugin <= 3.2.4 - Missing Authorization to Authenticated (Subscriber+) MailChimp App Disconnection vulnerability

Missing Authorization to Authenticated Subscriber+ MailChimp App Disconnection vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin MailChimp Campaigns versions = 3.2.4...

5.3CVSS5.5AI score0.00287EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:2 p.m.7 views

WordPress WP Quick Contact Us plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin WP Quick Contact Us versions = 1.0...

4.3CVSS5.5AI score0.00153EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 11:0 p.m.3 views

WordPress Best-wp-google-map plugin <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'latitude' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'latitude' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin Best-wp-google-map versions = 2.1...

6.4CVSS5.4AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:57 p.m.5 views

WordPress Percent to Infograph plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Percent to Infograph versions = 1.0...

6.4CVSS5.5AI score0.0026EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:56 p.m.7 views

WordPress Scheduler Widget plugin <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Event Modification vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Scheduler Widget versions = 0.1.6...

5.4CVSS5.5AI score0.00308EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:49 p.m.6 views

WordPress QuestionPro Surveys plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin QuestionPro Surveys versions = 1.0...

6.4CVSS5.4AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:44 p.m.7 views

WordPress Sphere Manager plugin <= 1.0.2 - Authenticated (Contributor+) Cross-Site Scripting via 'width' Shortcode Attribute vulnerability

Authenticated Contributor+ Cross-Site Scripting via 'width' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Sphere Manager versions = 1.0.2...

6.4CVSS5.4AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:43 p.m.5 views

WordPress CallbackKiller service widget plugin <= 1.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Update vulnerability

Missing Authorization to Unauthenticated Arbitrary Plugin Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin CallbackKiller service widget versions = 1.2...

5.3CVSS5.5AI score0.00337EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:41 p.m.6 views

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.5 - Cross-Site Request Forgery vulnerability

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin = 5.2.5 - Cross-Site Request Forgery vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin LatePoint versions = 5.2.5...

4.3CVSS5.5AI score0.00143EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:39 p.m.7 views

WordPress MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode vulnerability

WordPress MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin = 3.7.11 - Authenticated Contributor+ Stored Cross-Site Scripting via 'stmlmscoursesgriddisplay' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin MasterStudy LMS versions = 3.7.11...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:38 p.m.6 views

WordPress Accordion and Accordion Slider plugin <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Attachment Metadata Modification vulnerability

Missing Authorization to Authenticated Contributor+ Attachment Metadata Modification vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Accordion and Accordion Slider versions = 1.4.5...

5.4CVSS5.5AI score0.00266EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46684