Lucene search
K
PatchstackRecent

46662 matches found

Patchstack
Patchstack
added 2026/02/09 7:9 a.m.5 views

WordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Upload Files Anywhere versions = 2.8...

7.5CVSS5.5AI score0.00362EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/09 7:8 a.m.4 views

WordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Upload Files Anywhere versions = 2.8...

8.6CVSS5.5AI score0.00371EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/09 7:5 a.m.5 views

WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Theme WordPress Dating Theme versions = 11.2.0...

5.4AI score0.00261EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/09 6:59 a.m.6 views

WordPress User Extra Fields plugin <= 16.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin User Extra Fields versions = 16.8...

7.1CVSS5.4AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/09 6:58 a.m.6 views

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.5 - Unauthenticated Stored Cross-Site Scripting vulnerability

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin = 5.2.5 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by w41bu1 - VNPT Cyber Immunity in WordPress Plugin LatePoint versions = 5.2.5...

7.2CVSS5.3AI score0.00363EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/08 9:45 a.m.6 views

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by w41bu1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.4...

5.3CVSS5.4AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/08 4:48 a.m.6 views

WordPress Coachify theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Coachify versions = 1.1.5...

5.4CVSS5.5AI score0.00104EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/08 4:9 a.m.7 views

WordPress Coachify theme <= 1.1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Coachify versions = 1.1.5...

5.3CVSS5.4AI score0.00277EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/08 3:57 a.m.6 views

WordPress Secure Copy Content Protection and Content Locking plugin <= 5.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by w41bu1 in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 5.0.0...

4.3CVSS5.4AI score0.00271EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/07 9:3 a.m.4 views

WordPress Shopwell theme <= 1.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Shopwell versions = 1.0.11...

5.3CVSS5.4AI score0.00228EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/07 8:10 a.m.6 views

WordPress Sigmize plugin <= 0.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Sigmize versions = 0.0.9...

4.3CVSS5.5AI score0.00107EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/07 7:28 a.m.5 views

WordPress Endless Posts Navigation plugin <= 2.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Endless Posts Navigation versions = 2.2.9...

5.3CVSS5.4AI score0.00272EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/07 12:9 a.m.7 views

WordPress The Bucketlister plugin <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Bucket List Modification vulnerability discovered by Ivan Cese in WordPress Plugin The Bucketlister versions = 0.1.5...

4.3CVSS5.4AI score0.00158EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/07 12:7 a.m.8 views

WordPress The Bucketlister plugin <= 0.1.5 - Authenticated (Contributor+) SQL Injection via `category` and `id` Shortcode Attributes vulnerability

Authenticated Contributor+ SQL Injection via category and id Shortcode Attributes vulnerability discovered by Ivan Cese in WordPress Plugin The Bucketlister versions = 0.1.5...

6.5CVSS5.7AI score0.00217EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/07 12:6 a.m.5 views

WordPress Video Onclick plugin <= 0.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Video Onclick versions = 0.4.7...

6.4CVSS5.3AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/07 12:5 a.m.9 views

WordPress Simple Bible Verse via Shortcode plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zaim in WordPress Plugin Simple Bible Verse via Shortcode versions = 1.1...

6.4CVSS5.3AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 11:54 p.m.8 views

WordPress Wikiloops Track Player plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Wikiloops Track Player versions = 1.0.1...

6.4CVSS5.3AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 11:51 p.m.7 views

WordPress Advanced Country Blocker plugin <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability

Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability discovered by Hector Flores in WordPress Plugin Advanced Country Blocker versions = 2.3.1...

5.3CVSS5.3AI score0.00342EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 11:47 p.m.6 views

WordPress TITLE ANIMATOR plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin TITLE ANIMATOR versions = 1.0...

4.3CVSS5.4AI score0.00151EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 11:46 p.m.8 views

WordPress OMIGO plugin <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zaim in WordPress Plugin OMIGO versions = 3.3...

6.4CVSS5.3AI score0.00152EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 11:29 p.m.7 views

WordPress Wonka Slide plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Wonka Slide versions = 1.3.3...

6.4CVSS5.3AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 11:27 p.m.6 views

WordPress Bold Page Builder plugin <= 5.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Bold Page Builder versions = 5.4.8...

6.4CVSS5.3AI score0.00205EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 11:26 p.m.7 views

WordPress Bold Page Builder plugin <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid vulnerability

Authenticated Author+ Stored DOM-based Cross-Site Scripting in Post Grid vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Bold Page Builder versions = 5.5.3...

6.4CVSS5.3AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 11:25 p.m.6 views

WordPress Bold Page Builder plugin <= 5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_accordion_item Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via btbbaccordionitem Shortcode vulnerability discovered by theviper17y in WordPress Plugin Bold Page Builder versions = 5.5.7...

6.4CVSS5.3AI score0.00205EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 11:24 p.m.6 views

WordPress Bold Builder plugin <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via btbbtabs Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Bold Page Builder versions = 5.5.1...

6.4CVSS5.3AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 7:51 a.m.8 views

WordPress AIomatic - Automatic AI Content Writer plugin <= 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability

WordPress AIomatic - Automatic AI Content Writer plugin = 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability discovered by István Márton - Wordfence in WordPress Plugin Aiomatic versions = 2.0.5...

5.8CVSS5.3AI score0.00349EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 7:29 a.m.6 views

WordPress Form Maker by 10Web plugin <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field vulnerability

Unauthenticated Stored Cross-Site Scripting via Hidden Field vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Form Maker by 10Web versions = 1.15.35...

7.1CVSS5.3AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 7:21 a.m.5 views

WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by johska in WordPress Plugin PublishPress Authors versions = 4.10.1...

4.3CVSS5.4AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/06 7:18 a.m.7 views

WordPress OS DataHub Maps plugin <= 1.8.3 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by Williwollo CybrX in WordPress Plugin OS DataHub Maps versions = 1.8.3...

8.8CVSS5.3AI score0.0052EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 7:0 a.m.6 views

WordPress Form Maker by 10Web plugin <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG file vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Form Maker by 10Web versions = 1.15.35...

7.2CVSS5.3AI score0.00338EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 6:47 a.m.7 views

WordPress PeproDev WooCommerce Receipt Uploader plugin <= 2.6.9 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin PeproDev WooCommerce Receipt Uploader versions = 2.6.9...

6.1CVSS8.3AI score0.00471EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 6:42 a.m.6 views

WordPress Mail Mint plugin <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by w41bu1 - VNPT Cyber Immunity in WordPress Plugin Mail Mint versions = 1.19.2...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 6:32 a.m.6 views

WordPress Library Viewer plugin < 3.2.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Muhammad Rohan khan in WordPress Plugin Library Viewer versions 3.2.0...

7.1CVSS5.3AI score0.00222EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 6:30 a.m.7 views

WordPress EventON-RSVP plugin < 2.9.5 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by kauenavarro in WordPress Plugin EventON-RSVP versions 2.9.5...

6.1CVSS6.2AI score0.0042EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 6:29 a.m.8 views

WordPress Meris theme <= 1.2.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Angelo Delicato in WordPress Theme Meris versions = 1.1.2...

6.1CVSS7AI score0.00331EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 6:17 a.m.11 views

WordPress Essential Blocks plugin < 4.4.3 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Marc Montpas in WordPress Plugin Essential Blocks for Gutenberg versions 4.4.3...

9.8CVSS8.3AI score0.50673EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 6:14 a.m.6 views

WordPress WP Duplicate plugin <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action vulnerability

Authenticated Subscriber+ Arbitrary File Upload via 'processaddsite' AJAX Action vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WP Duplicate versions = 1.1.8...

9.8CVSS5.3AI score0.0094EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 12:43 a.m.9 views

WordPress Yoast SEO plugin <= 26.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'yoast-schema' Block Attribute vulnerability discovered by dragonzenai - AhnLab in WordPress Plugin Yoast SEO versions = 26.8...

6.4CVSS5.3AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 12:41 a.m.6 views

WordPress Events Listing Widget plugin <= 1.3.4 - Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Event URL Field vulnerability discovered by WordFence in WordPress Plugin Events Listing Widget versions = 1.3.4...

6.4CVSS5.3AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 12:40 a.m.8 views

WordPress Code Snippets plugin <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions vulnerability

Cross-Site Request Forgery to Cloud Snippet Download/Update Actions vulnerability discovered by type5afe in WordPress Plugin Code Snippets versions = 3.9.4...

4.3CVSS5.4AI score0.00191EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 12:39 a.m.7 views

WordPress Employee Directory plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'formtitle' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Employee Directory versions = 1.2.1...

6.4CVSS5.3AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 12:38 a.m.7 views

WordPress Docus plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Docus versions = 1.0.6...

6.4CVSS5.3AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 12:37 a.m.7 views

WordPress WaveSurfer-WP plugin <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability discovered by Ivan Cese in WordPress Plugin WaveSurfer-WP versions = 2.8.3...

6.4CVSS5.3AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 12:35 a.m.10 views

WordPress Orange Confort+ accessibility toolbar for WordPress plugin <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Orange Comfort+ accessibility toolbar for WordPress versions = 0.7...

6.4CVSS5.3AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 12:34 a.m.6 views

WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 6.26.14 - Missing Authorization vulnerability

WordPress OAuth Single Sign On - SSO OAuth Client plugin = 6.26.14 - Missing Authorization vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin OAuth Single Sign On – SSO OAuth Client versions = 6.26.14...

5.3CVSS5.3AI score0.00334EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 12:23 a.m.7 views

WordPress Timeline Block plugin <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute vulnerability

Insecure Direct Object Reference to Authenticated Author+ Private Timeline Exposure via Shortcode Attribute vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Timeline Block versions = 1.3.3...

4.3CVSS5.4AI score0.00178EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 10:45 p.m.9 views

WordPress Product Enquiry for WooCommerce plugin < 3.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Product Enquiry for WooCommerce versions 3.1...

4.8CVSS5.3AI score0.00402EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 10:39 p.m.7 views

WordPress Ultimate Maps by Supsystic plugin < 1.2.16 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Mert Umut in WordPress Plugin Ultimate Maps by Supsystic versions 1.2.16...

4.8CVSS5.3AI score0.00416EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 10:35 p.m.7 views

WordPress WP Customer Area plugin < 8.2.1 - Subscriber+ Account Address Update vulnerability

Subscriber+ Account Address Update vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin WP Customer Area versions 8.2.1...

4.3CVSS5.3AI score0.00394EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 10:24 p.m.8 views

WordPress Post SMTP plugin < 2.8.7 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Alex Sanford in WordPress Plugin Post SMTP versions 2.8.7...

7.2CVSS5.7AI score0.14169EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities46662