Lucene search
K
PatchstackRecent

46681 matches found

Patchstack
Patchstack
added 2026/02/11 9:55 a.m.5 views

WordPress New User Approve plugin <= 3.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin New User Approve versions = 3.2.0...

8.6CVSS5.4AI score0.00261EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 9:51 a.m.5 views

WordPress Exzo theme <= 1.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Exzo versions = 1.2.4...

7.5CVSS5.4AI score0.00293EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 9:50 a.m.5 views

WordPress Prestige theme < 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Prestige versions 1.4.1...

7.1CVSS5.4AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 9:32 a.m.6 views

WordPress Prestige theme < 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Prestige versions 1.4.1...

9.8CVSS5.6AI score0.00375EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 9:28 a.m.5 views

WordPress Modal Popup Box plugin <= 1.6.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Modal Popup Box versions = 1.6.1...

8.8CVSS5.6AI score0.00468EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 9:21 a.m.6 views

WordPress Zota theme <= 1.3.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Zota versions = 1.3.14...

8.1CVSS5.4AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 9:4 a.m.7 views

WordPress Master Addons plugin <= 2.0.6.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget vulnerability

Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget vulnerability discovered by Webbernaut in WordPress Plugin Master Addons for Elementor versions = 2.0.6.1...

7.2CVSS5.5AI score0.00307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/11 8:43 a.m.4 views

WordPress Download Manager Addons for Elementor plugin <= 1.3.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by NumeX in WordPress Plugin Download Manager Addons for Elementor versions = 1.3.0...

9.3CVSS6AI score0.00229EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 8:41 a.m.4 views

WordPress iMoney plugin <= 0.36 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin iMoney versions = 0.36...

7.1CVSS5.4AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 8:40 a.m.7 views

WordPress Diamond theme <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Diamond versions = 2.4.8...

7.1CVSS5.4AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/11 8:35 a.m.13 views

WordPress Custom Block Builder - Lazy Blocks plugin <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution vulnerability

WordPress Custom Block Builder - Lazy Blocks plugin = 4.2.0 - Authenticated Contributor+ Remote Code Execution vulnerability discovered by Youssef Elouaer - ISET ZAGHOUAN in WordPress Plugin Lazy Blocks versions = 4.2.0...

8.8CVSS5.7AI score0.09093EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/11 7:45 a.m.6 views

WordPress Twitter posts to Blog plugin <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Twitter posts to Blog versions = 1.11.25...

6.5CVSS5.5AI score0.00284EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/11 7:43 a.m.4 views

WordPress SlimStat Analytics plugin <= 5.3.1 - Authenticated (Subscriber+) SQL Injection via `args` Parameter vulnerability

Authenticated Subscriber+ SQL Injection via args Parameter vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Slimstat Analytics versions = 5.3.1...

6.5CVSS6AI score0.00217EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/11 7:25 a.m.8 views

WordPress Videospirecore Theme Plugin plugin <= 1.0.6 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover vulnerability

Authenticated Subscriber+ Privilege Escalation via User Email Change/Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Videospirecore Theme versions = 1.0.6...

8.8CVSS5.5AI score0.00316EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/11 6:59 a.m.12 views

WordPress Migration, Backup, Staging plugin <= 0.9.123 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin WPvivid Backup and Migration versions = 0.9.123...

9.8CVSS5.5AI score0.32714EPSS
Exploits13References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:27 p.m.7 views

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more vulnerability

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin = 1.3.2 - Unauthenticated Protected Post Exposure via ajaxpostgridloadmore vulnerability discovered by Webbernaut in WordPress Plugin WPZOOM Addons for Elementor versions = 1.3.2...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:19 p.m.6 views

WordPress BuddyHolis ListSearch plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin BuddyHolis ListSearch versions = 1.1...

6.4CVSS5.4AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:19 p.m.9 views

WordPress IDE Micro code-editor plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin IDE Micro code-editor versions = 1.0.0...

6.4CVSS5.4AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:18 p.m.8 views

WordPress WDES Responsive Popup plugin <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'attr' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'attr' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WDES Responsive Popup versions = 1.3.6...

6.4CVSS5.4AI score0.0024EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:17 p.m.6 views

WordPress Invoct - PDF Invoices & Billing for WooCommerce plugin <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability

WordPress Invoct - PDF Invoices & Billing for WooCommerce plugin = 1.6 - Missing Authorization to Authenticated Subscriber+ Information Exposure vulnerability discovered by WordFence in WordPress Plugin Invoct – PDF Invoices & Billing for WooCommerce versions = 1.6...

4.3CVSS5.5AI score0.00309EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:16 p.m.7 views

WordPress MMA Call Tracking plugin <= 2.3.15 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin MMA Call Tracking versions = 2.3.15...

4.3CVSS5.5AI score0.0016EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:15 p.m.9 views

WordPress WPlyr Media Block plugin <= 1.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via '_wplyr_accent_color' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'wplyraccentcolor' Parameter vulnerability discovered by 0x34rth in WordPress Plugin WPlyr Media Block versions = 1.3.0...

4.4CVSS5.4AI score0.00264EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:14 p.m.8 views

WordPress Slideshow Wp plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Slideshow Wp versions = 1.1...

6.4CVSS5.4AI score0.0024EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:13 p.m.6 views

WordPress Sudoku Shortcode plugin <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'background' Shortcode Attribute vulnerability

Authenticated Contributor+ Cross-Site Scripting via 'background' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Sudoku Shortcode versions = 1.0.0...

5.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:9 p.m.6 views

WordPress HTML Shortcodes plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin HTML Shortcodes versions = 1.1...

6.4CVSS5.4AI score0.00253EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:7 p.m.6 views

WordPress OpenPOS Lite plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin OpenPOS Lite – Point of Sale for WooCommerce versions = 3.0...

6.4CVSS5.5AI score0.00253EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:6 p.m.8 views

WordPress WaMate Confirm plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Phone Number Blocking/Unblocking vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Phone Number Blocking/Unblocking vulnerability discovered by Legion Hunter in WordPress Plugin WaMate Confirm versions = 2.0.1...

5.3CVSS5.5AI score0.00285EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:4 p.m.8 views

WordPress Category Image plugin <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via 'tag-image' Parameter vulnerability discovered by 0x34rth in WordPress Plugin Category Image versions = 2.0...

4.4CVSS5.4AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:2 p.m.6 views

WordPress Microtango plugin <= 0.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Microtango versions = 0.9.29...

6.4CVSS5.4AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:0 p.m.6 views

WordPress Post Slides plugin <= 1.0.1 - Contributor+ Local File Inclusion vulnerability

Contributor+ Local File Inclusion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Post Slides versions = 1.0.1...

5.5CVSS5.5AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 10:58 p.m.7 views

WordPress Orbisius Random Name Generator plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'btnlabel' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Orbisius Random Name Generator versions = 1.0.2...

6.4CVSS5.4AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 10:57 p.m.9 views

WordPress Beaver Builder Page Builder - Drag and Drop Website Builder plugin <= 2.10.0.5 - Authenticated (Custom+) Missing Authorization to Stored Cross-Site Scripting via Global Settings vulnerability

WordPress Beaver Builder Page Builder - Drag and Drop Website Builder plugin = 2.10.0.5 - Authenticated Custom+ Missing Authorization to Stored Cross-Site Scripting via Global Settings vulnerability discovered by WordFence in WordPress Plugin Beaver Builder versions = 2.10.0.5...

6.4CVSS5.5AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 10:55 p.m.7 views

WordPress Gallery by FooGallery plugin <= 3.1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Gallery Metadata Exposure vulnerability discovered by s00me00ne in WordPress Plugin FooGallery versions = 3.1.9...

4.3CVSS5.5AI score0.00221EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 10:54 p.m.7 views

WordPress Lucky Wheel Giveaway plugin <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter vulnerability

Authenticated Administrator+ Remote Code Execution via 'conditionaltags' Parameter vulnerability discovered by Nguyen Truong Roll - FPT IS in WordPress Plugin Lucky Wheel Giveaway versions = 1.0.22...

7.2CVSS5.7AI score0.00478EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 8:23 p.m.6 views

WordPress WP SMS plugin <= 7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ali Osman ERBAS 0110m4n in WordPress Plugin WP SMS versions = 7.1...

5.9CVSS5.4AI score0.00172EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/10 5:33 p.m.4 views

WordPress Real 3D FlipBook plugin <= 4.16.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Real 3D FlipBook versions = 4.16.4...

3.8CVSS5.4AI score0.00231EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/10 12:26 p.m.5 views

WordPress Business Template Blocks for WPBakery (Visual Composer) Page Builder plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Business Template Blocks for WPBakery Visual Composer Page Builder versions = 1.3.2...

7.1CVSS5.4AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:41 a.m.4 views

WordPress Visitor Maps Extended Referer Field plugin <= 1.2.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Visitor Maps Extended Referer Field versions = 1.2.6...

7.1CVSS5.4AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:39 a.m.4 views

WordPress WooCommerce Coming Soon Product with Countdown plugin <= 5.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Coming Soon Product with Countdown versions = 5.0...

5.4AI score0.0047EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/10 11:37 a.m.6 views

WordPress Tune Library plugin <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via CSV Import vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting via CSV Import vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Tune Library versions = 1.6.3...

6.4CVSS5.5AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 9:10 a.m.6 views

WordPress Name Directory plugin <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form vulnerability

Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form vulnerability discovered by duy.thai in WordPress Plugin Name Directory versions = 1.32.0...

7.2CVSS5.4AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 8:11 a.m.7 views

WordPress Fluent Forms plugin <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via AI Form Builder Module vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin FluentForm versions = 6.1.14...

6.4CVSS5.4AI score0.00277EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 7:7 a.m.7 views

WordPress Ninja Forms plugin <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action vulnerability

Unauthenticated Information Disclosure in nfajaxsubmit AJAX Action vulnerability discovered by johska in WordPress Plugin Ninja Forms versions = 3.14.0...

7.5CVSS5.5AI score0.00331EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/10 6:29 a.m.6 views

WordPress Miraculous Elementor plugin <= 2.0.7 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Miraculous Elementor versions = 2.0.7...

8.8CVSS5.4AI score0.0036EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/09 11:43 p.m.8 views

WordPress The Events Calendar Shortcode & Block plugin <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin The Events Calendar Shortcode & Block versions = 3.1.2...

6.4CVSS5.5AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/09 11:42 p.m.7 views

WordPress PopupKit plugin <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion vulnerability

Missing Authorization to Sensitive Information Disclosure and Data Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin PopupKit versions = 2.2.0...

5.4CVSS5.5AI score0.00282EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/09 11:39 p.m.8 views

WordPress WCFM Marketplace plugin <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation vulnerability

Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation vulnerability discovered by Gibran Abdillah in WordPress Plugin WCFM Marketplace versions = 3.7.0...

5.3CVSS5.5AI score0.00294EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/09 11:34 p.m.10 views

WordPress Fluent Forms Pro Add On Pack plugin <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource' vulnerability

Authenticated Subscriber+ Server-Side Request Forgery via 'saveDataSource' vulnerability discovered by andrea bocchetti in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.12...

5.4CVSS5.5AI score0.00225EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/09 11:33 p.m.6 views

WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update vulnerability

WordPress WCFM - WooCommerce Frontend Manager plugin = 6.7.24 - Authenticated Shop Manager+ Arbitrary Options Update vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin WCFM – Frontend Manager for WooCommerce versions...

7.2CVSS5.5AI score0.00436EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/09 11:32 p.m.8 views

WordPress WCFM Membership - WooCommerce Memberships for Multivendor Marketplace plugin <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment vulnerability

WordPress WCFM Membership - WooCommerce Memberships for Multivendor Marketplace plugin = 2.11.8 - Insecure Direct Object Reference to Update Membership Payment vulnerability discovered by Jing Xuan Sun in WordPress Plugin WCFM Membership versions = 2.11.8...

4.3CVSS5.5AI score0.00256EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46681