Lucene search
K
PatchstackRecent

46681 matches found

Patchstack
Patchstack
added 2026/02/13 10:34 p.m.5 views

WordPress ZoomifyWP Free plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'filename' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'filename' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin ZoomifyWP Free versions = 1.1...

6.4CVSS5.4AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:27 p.m.6 views

WordPress Simple Plyr plugin <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'poster' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'poster' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Plyr versions = 0.0.1...

6.4CVSS5.4AI score0.00219EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:16 p.m.9 views

WordPress Appointment Booking Calendar Plugin plugin <= 1.0.2 - Missing Authorization to Unauthenticated Arbitrary Appointment Status Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Appointment Status Modification vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Bookr versions = 1.0.2...

5.3CVSS5.5AI score0.00284EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:13 p.m.7 views

WordPress Simple Wp colorfull Accordion plugin <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting via 'title' Shortcode Attribute vulnerability

Authenticated Contributor+ Cross-Site Scripting via 'title' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Wp colorfull Accordion versions = 1.0...

6.4CVSS5.4AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:7 p.m.7 views

WordPress AMP Enhancer plugin <= 1.0.49 - Authenticated (Administrator+) Stored Cross-Site Scripting via AMP Custom CSS Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via AMP Custom CSS Setting vulnerability discovered by Muqsith Barru - TCC in WordPress Plugin AMP Enhancer Compatibility Layer for Official AMP Plugin versions = 1.0.49...

4.4CVSS5.4AI score0.00202EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:4 p.m.11 views

WordPress Citations tools plugin <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'code' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Citations tools versions = 0.3.2...

6.4CVSS5.4AI score0.00152EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:2 p.m.6 views

WordPress Easy Voice Mail plugin <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting via 'message' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'message' vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Easy Voice Mail versions = 1.2.5...

6.1CVSS5.4AI score0.00194EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:0 p.m.7 views

WordPress SEATT: Simple Event Attendance plugin <= 1.5.0 - Cross-Site Request Forgery to Arbitrary Event Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Event Deletion vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin SEATT: Simple Event Attendance versions = 1.5.0...

4.3CVSS5.5AI score0.00124EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 9:58 p.m.9 views

WordPress WP Last Modified Info plugin <= 1.9.5 - Insecure Direct Object Reference to Authenticated (Author+) Post Metadata Modification vulnerability

Insecure Direct Object Reference to Authenticated Author+ Post Metadata Modification vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin WP Last Modified Info versions = 1.9.5...

5.3CVSS5.4AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 9:56 p.m.8 views

WordPress Easy Form Builder plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Response Data Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Form Response Data Exposure vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Easy Form Builder versions = 3.9.3...

5.3CVSS5.5AI score0.00231EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 9:52 p.m.8 views

WordPress StickEasy Protected Contact Form plugin <= 1.0.1 - Unauthenticated Information Disclosure vulnerability

Unauthenticated Information Disclosure vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin StickEasy Protected Contact Form versions = 1.0.1...

5.3CVSS5.5AI score0.00255EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/13 9:34 p.m.8 views

WordPress BFG Tools - Extension Zipper plugin <= 1.0.7 - Authenticated (Administrator+) Path Traversal via 'first_file' Parameter vulnerability

WordPress BFG Tools - Extension Zipper plugin = 1.0.7 - Authenticated Administrator+ Path Traversal via 'firstfile' Parameter vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin BFG Tools – Extension Zipper versions = 1.0.7...

4.9CVSS5.5AI score0.0035EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/12 10:28 p.m.6 views

WordPress FastDup - Fastest WordPress Migration & Duplicator plugin <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download vulnerability

WordPress FastDup - Fastest WordPress Migration & Duplicator plugin = 2.7.1 - Missing Authorization to Authenticated Contributor+ Backup Creation and Download vulnerability discovered by WordFence in WordPress Plugin FastDup versions = 2.7.1...

8.8CVSS5.5AI score0.00266EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/12 5:52 a.m.5 views

WordPress Passster plugin <= 4.2.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by johska in WordPress Plugin Passster versions = 4.2.25...

6.5CVSS5.4AI score0.00296EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:56 p.m.6 views

WordPress WP Server Log Viewer <= 1.0 - Stored Cross Site Scripting vulnerability

Stored Cross Site Scripting vulnerability discovered by strider in WordPress Plugin WP Server Log Viewer versions = 1.0...

6.4CVSS5.4AI score0.00184EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:49 p.m.9 views

WordPress Duplicate Post plugin <= 3.2.3 - Stored Cross-Site Scripting vulnerability

Stored Cross-Site Scripting vulnerability discovered by Unk9vvN in WordPress Plugin Duplicate Post versions = 3.2.3...

5.5CVSS5.4AI score0.00207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:30 p.m.4 views

WordPress OpenPix plugin <= 2.13.3 - Subscriber+ Payment Gateway Settings Reset vulnerability

Subscriber+ Payment Gateway Settings Reset vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan in WordPress Plugin OpenPix versions = 2.13.3...

6.5CVSS5.5AI score0.00307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:27 p.m.7 views

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.6 - Missing Authorization to Booking Details Exposure vulnerability

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin = 5.2.6 - Missing Authorization to Booking Details Exposure vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin LatePoint versions = 5.2.6...

5.3CVSS5.5AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:16 p.m.5 views

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication vulnerability

Incorrect Authorization to Authenticated Contributor+ Post Publication vulnerability discovered by johska in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.5.32...

5.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/11 12:46 p.m.4 views

WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin JS Help Desk versions = 3.0.1...

8.5CVSS6AI score0.00217EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 12:34 p.m.4 views

WordPress Persian Woocommerce SMS plugin <= 7.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Persian Woocommerce SMS versions = 7.1.1...

7.1CVSS5.4AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 12:23 p.m.3 views

WordPress Mollie Payments for WooCommerce plugin <= 8.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Mollie Payments for WooCommerce versions = 8.1.1...

7.1CVSS5.4AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:52 a.m.6 views

WordPress JetEngine plugin <= 3.8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin JetEngine versions = 3.8.0...

7.1CVSS5.4AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:44 a.m.5 views

WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.5.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Slider Responsive Slideshow – Image slider, Gallery slideshow versions = 1.5.4...

8.8CVSS5.6AI score0.00344EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:44 a.m.6 views

WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery versions = 1.6.0...

8.8CVSS5.6AI score0.00344EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:42 a.m.4 views

WordPress WP FullCalendar plugin <= 1.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin WP FullCalendar versions = 1.6...

6.5CVSS5.4AI score0.00287EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:41 a.m.7 views

WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin PDF for Elementor Forms + Drag And Drop Template Builder versions = 6.3.1...

6.5CVSS5.4AI score0.00248EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:40 a.m.4 views

WordPress PDF for WPForms plugin <= 6.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin PDF for WPForms versions = 6.3.0...

6.5CVSS5.4AI score0.00248EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:31 a.m.6 views

WordPress FiveStar theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme FiveStar versions = 1.7...

8.1CVSS5.4AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:28 a.m.5 views

WordPress Belletrist theme <= 1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Belletrist versions = 1.2...

8.1CVSS5.4AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:28 a.m.3 views

WordPress PJ | Life & Business Coaching theme <= 3.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PJ | Life & Business Coaching versions = 3.0.0...

8.1CVSS5.4AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:26 a.m.5 views

WordPress HealthFirst theme <= 1.0.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme HealthFirst versions = 1.0.1...

8.1CVSS5.4AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 11:4 a.m.5 views

WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Struktur versions = 2.5.1...

8.1CVSS5.4AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:48 a.m.5 views

WordPress Lorem Ipsum | Books & Media Store theme <= 1.2.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lorem Ipsum | Books & Media Store versions = 1.2.6...

9.8CVSS5.6AI score0.00375EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:48 a.m.7 views

WordPress Extreme Store theme <= 1.5.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Extreme Store versions = 1.5.7...

9.8CVSS5.6AI score0.00375EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:42 a.m.6 views

WordPress Bravis Addons plugin <= 1.1.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Bravis Addons versions = 1.1.9...

9.9CVSS5.5AI score0.00434EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:42 a.m.6 views

WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Paid Member Subscriptions versions = 2.16.8...

6.5CVSS5.5AI score0.00348EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:37 a.m.5 views

WordPress WooODT Lite plugin <= 2.5.2 - Payment Bypass Vulnerability vulnerability

Payment Bypass Vulnerability vulnerability discovered by benzdeus in WordPress Plugin WooODT Lite versions = 2.5.2...

7.5CVSS5.5AI score0.00329EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:35 a.m.7 views

WordPress Cnvrse plugin <= 026.02.10.20 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Jitlada in WordPress Plugin Cnvrse versions = 026.02.10.20...

5.5AI score0.00445EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:11 a.m.4 views

WordPress FreightCo theme <= 1.1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme FreightCo versions = 1.1.7...

8.1CVSS5.4AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:11 a.m.7 views

WordPress R&F theme <= 1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme R&F versions = 1.5...

8.1CVSS5.4AI score0.00561EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:11 a.m.4 views

WordPress Yokoo theme <= 1.1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Yokoo versions = 1.1.11...

8.1CVSS5.4AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:11 a.m.4 views

WordPress Cobble theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Cobble versions = 1.7...

8.1CVSS5.4AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:10 a.m.5 views

WordPress Plank theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Plank versions = 1.7...

8.1CVSS5.4AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:10 a.m.3 views

WordPress Tint theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Tint versions = 1.7...

8.1CVSS5.4AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:10 a.m.3 views

WordPress Splendour theme <= 1.23 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Splendour versions = 1.23...

8.1CVSS5.4AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:10 a.m.7 views

WordPress Gable theme <= 1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Gable versions = 1.5...

8.1CVSS5.4AI score0.00561EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:9 a.m.7 views

WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nika versions = 1.2.14...

5.4AI score0.00504EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:9 a.m.8 views

WordPress Diza theme <= 1.3.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Diza versions = 1.3.15...

8.1CVSS5.4AI score0.00561EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 10:8 a.m.7 views

WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Fana versions = 1.1.35...

8.1CVSS5.4AI score0.00512EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46681