Lucene search
K
PatchstackRecent

46662 matches found

Patchstack
Patchstack
added 2026/02/05 10:21 p.m.7 views

WordPress easy.jobs plugin < 2.4.7 - Subscriber+ Arbitrary Settings Update vulnerability

Subscriber+ Arbitrary Settings Update vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin EasyJobs versions 2.4.7...

4.3CVSS5.3AI score0.00405EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 9:31 p.m.7 views

WordPress CommentTweets plugin <= 0.6 - Settings Update via CSRF vulnerability

Settings Update via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin CommentTweets versions = 0.6...

8.8CVSS5.3AI score0.0032EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 9:26 p.m.8 views

WordPress Keap Official Opt-in Forms plugin < 1.0.12 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by MINGYOUNG BAN in WordPress Plugin Keap Official Opt-in Forms versions 1.0.12...

4.8CVSS5.3AI score0.00402EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 9:20 p.m.8 views

WordPress JSM file_get_contents() Shortcode plugin < 2.7.1 - Contributor+ SSRF vulnerability

Contributor+ SSRF vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin JSM filegetcontents Shortcode versions 2.7.1...

8.8CVSS5.3AI score0.00694EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 9:13 p.m.6 views

WordPress WP All Import plugin < 3.7.3 - Admin+ Arbitrary File Upload to RCE vulnerability

Admin+ Arbitrary File Upload to RCE vulnerability discovered by quangnt in WordPress Plugin WP All Import versions 3.7.3...

7.2CVSS5.4AI score0.01231EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 9:9 p.m.7 views

WordPress Community by PeepSo plugin < 6.3.1.2 - User Post Creation via CSRF vulnerability

User Post Creation via CSRF vulnerability discovered by Bikram Kharal in WordPress Plugin Community by PeepSo versions 6.3.1.2...

4.3CVSS5.3AI score0.00237EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 8:55 p.m.8 views

WordPress Hubbub Lite plugin < 1.32.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Tycho Niestadt in WordPress Plugin Hubbub Lite versions 1.32.0...

4.8CVSS5.3AI score0.0044EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 8:37 p.m.7 views

WordPress Relevanssi Premium plugin < 2.25.0 - Unauthenticated Private/Draft Post Disclosure vulnerability

Unauthenticated Private/Draft Post Disclosure vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Relevanssi Premium versions 2.25.0...

5.3CVSS5.3AI score0.00616EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 8:36 p.m.7 views

WordPress Relevanssi plugin < 4.22.0 - Unauthenticated Private/Draft Post Disclosure vulnerability

Unauthenticated Private/Draft Post Disclosure vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Relevanssi versions 4.22.0...

5.3CVSS5.3AI score0.00616EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 7:50 p.m.6 views

WordPress Quiz And Survey Master plugin <= 10.3.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by mamadrce in WordPress Plugin Quiz And Survey Master versions = 10.3.4...

5.4AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 12:56 p.m.7 views

WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Product Filter for WooCommerce versions = 9.1.2...

5.3AI score0.00419EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 12:54 p.m.6 views

WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Phat RiO in WordPress Plugin User Extra Fields versions = 17.0...

7.7CVSS5.3AI score0.00456EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 12:43 p.m.4 views

WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Phat RiO in WordPress Plugin User Extra Fields versions = 17.0...

5.3AI score0.00518EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 10:58 a.m.5 views

WordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin LottieFiles versions = 3.0.0...

7.3CVSS5.3AI score0.00588EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 10:22 a.m.6 views

WordPress Woo File Dropzone plugin <= 1.1.7 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Skalucy in WordPress Plugin Woo File Dropzone versions = 1.1.7...

7.7CVSS5.3AI score0.00352EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 8:47 a.m.8 views

WordPress CozyStay theme < 1.9.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme CozyStay versions 1.9.1...

8.1CVSS5.3AI score0.00549EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 8:43 a.m.8 views

WordPress GreenShift - Animation and Page Builder Blocks plugin <= 12.5.7 - Authenticated (Subscriber+) Information Disclosure of AI API Keys vulnerability

WordPress GreenShift - Animation and Page Builder Blocks plugin = 12.5.7 - Authenticated Subscriber+ Information Disclosure of AI API Keys vulnerability discovered by ISMAILSHADOW in WordPress Plugin Greenshift versions = 12.5.7...

4.3CVSS5.3AI score0.00186EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 8:38 a.m.5 views

WordPress GMap Targeting plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin GMap Targeting versions = 1.1.7...

7.1CVSS5.3AI score0.00186EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 8:36 a.m.8 views

WordPress iContact for Gravity Forms plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin iContact for Gravity Forms versions = 1.3.2...

7.1CVSS5.3AI score0.00186EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 8:35 a.m.7 views

WordPress Okay Toolkit plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Okay Toolkit versions = 2.3...

5.3AI score0.00186EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 8:34 a.m.8 views

WordPress Court Reservation plugin <= 1.10.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Court Reservation versions = 1.10.9...

7.1CVSS5.4AI score0.00186EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 8:33 a.m.5 views

WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin GA4WP: Google Analytics for WordPress versions = 2.10.0...

6.5CVSS5.3AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 7:56 a.m.6 views

WordPress Checkout Gateway for IRIS plugin <= 1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Checkout Gateway for IRIS versions = 1.3...

6.5CVSS5.3AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 7:55 a.m.6 views

WordPress Portfolio Builder plugin <= 1.2.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Portfolio Builder versions = 1.2.5...

8.1CVSS5.3AI score0.00549EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 7:48 a.m.7 views

WordPress ElementInvader Addons for Elementor plugin <= 1.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin ElementInvader Addons for Elementor versions = 1.4.1...

5.4CVSS5.3AI score0.00193EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 7:39 a.m.5 views

WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 2.0.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Eleblog – Elementor Blog And Magazine Addons versions = 2.0.3...

8.1CVSS5.3AI score0.00549EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 7:38 a.m.6 views

WordPress LC Wizard plugin <= 2.1.1 - Settings Change vulnerability

Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin LC Wizard versions = 2.1.1...

6.5CVSS5.3AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 7:37 a.m.7 views

WordPress Advanced WC Analytics plugin <= 3.19.0 - Settings Change vulnerability

Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin Advanced WC Analytics versions = 3.19.0...

6.5CVSS5.3AI score0.00253EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 7:35 a.m.6 views

WordPress Addonify Floating Cart For WooCommerce plugin <= 1.2.17 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Addonify Floating Cart For WooCommerce versions = 1.2.17...

5.3AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 7:21 a.m.7 views

WordPress All In One Image Viewer Block plugin <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint vulnerability

Unauthenticated Server-Side Request Forgery via image-proxy Endpoint vulnerability discovered by WordFence in WordPress Plugin Image Map Block – Gutenberg block to create image map with hyperlink versions = 1.0.2...

7.2CVSS5.4AI score0.00293EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 7:19 a.m.10 views

WordPress Peter's Date Countdown plugin <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Peter’s Date Countdown versions = 2.0.0...

6.1CVSS5.3AI score0.00293EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 6:59 a.m.9 views

WordPress ShortPixel Image Optimizer plugin <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter vulnerability

Authenticated Editor+ Arbitrary File Read via 'loadFile' Parameter vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin ShortPixel Image Optimizer versions = 6.4.2...

4.9CVSS5.3AI score0.00519EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/05 2:54 a.m.7 views

WordPress Golo theme < 1.7.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Golo versions 1.7.5...

8.8CVSS5.2AI score0.00208EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/05 2:21 a.m.7 views

WordPress Golo theme < 1.7.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Golo versions 1.7.5...

9.8CVSS5.3AI score0.00384EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/04 11:3 p.m.5 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.5...

5.3CVSS5.4AI score0.00268EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/04 10:53 p.m.7 views

WordPress ProfileGrid plugin <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary User Profile and Cover Image Modification vulnerability discovered by knani alaaeddine iwd in WordPress Plugin ProfileGrid versions = 5.9.7.2...

5.3CVSS5.4AI score0.00315EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/04 10:50 p.m.8 views

WordPress ProfileGrid - User Profiles, Groups and Communities plugin <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension vulnerability

WordPress ProfileGrid - User Profiles, Groups and Communities plugin = 5.9.7.2 - Missing Authorization to Authenticated Subscriber+ Arbitrary User Suspension vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ProfileGrid versions = 5.9.7.2...

4.3CVSS5.4AI score0.00282EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/04 10:45 p.m.7 views

WordPress Robin Image Optimizer plugin <= 2.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Alternative Text Field vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Image Alternative Text Field vulnerability discovered by Vincent Theriault-Laine in WordPress Plugin Robin image optimizer versions = 2.0.2...

6.4CVSS5.3AI score0.00205EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/04 10:44 p.m.10 views

WordPress Dynamic Widget Content plugin <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Content Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Widget Content Field vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Dynamic Widget Content versions = 1.3.6...

6.4CVSS5.3AI score0.00288EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/04 10:25 p.m.10 views

WordPress Essential Widgets plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Shortcodes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Essential Widgets versions = 3.0...

6.4CVSS5.3AI score0.00279EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/04 10:18 p.m.8 views

WordPress Popup builder with Gamification plugin <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints vulnerability

Unauthenticated SQL Injection via Multiple REST API Endpoints vulnerability discovered by YCInfosec in WordPress Plugin PopupKit versions = 2.2.0...

8.2CVSS5.7AI score0.00399EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/04 1:6 p.m.4 views

WordPress Addonify – WooCommerce Wishlist plugin <= 2.0.15 - Settings Change vulnerability

Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin Addonify – WooCommerce Wishlist versions = 2.0.15...

6.5CVSS5.3AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/04 1:5 p.m.5 views

WordPress Addonify – Compare Products For WooCommerce plugin <= 1.1.17 - Settings Change vulnerability

Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin Addonify Compare Products For WooCommerce versions = 1.1.17...

5.3AI score0.00323EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/04 12:58 p.m.5 views

WordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Sync Master Sheet Product Sync with Google Sheet for WooCommerce versions = 1.1.3...

5.3AI score0.00256EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/04 12:53 p.m.10 views

WordPress Contact Manager plugin <= 9.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Skalucy in WordPress Plugin Contact Manager versions = 9.1.1...

8.8CVSS5.6AI score0.0033EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/04 12:52 p.m.5 views

WordPress TopperPack – Complete Elementor Addons, theme & CPT Builder plugin <= 1.2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Skalucy in WordPress Plugin TopperPack – Complete Elementor Addons, Theme & CPT Builder versions = 1.2.1...

7.5CVSS5.3AI score0.0037EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/04 12:40 p.m.6 views

WordPress UserPlus plugin <= 2.0 - Missing Authorization via Multiple Functions vulnerability

Missing Authorization via Multiple Functions vulnerability discovered by István Márton - Wordfence in WordPress Plugin UserPlus versions = 2.0...

6.3CVSS5.3AI score0.00324EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/04 12:22 p.m.5 views

WordPress Sell BTC - Cryptocurrency Selling Calculator plugin <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'orderform_data' AJAX Action vulnerability

WordPress Sell BTC - Cryptocurrency Selling Calculator plugin = 1.5 - Unauthenticated Stored Cross-Site Scripting via 'orderformdata' AJAX Action vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Sell BTC – Cryptocurrency Selling Calculator versions = 1.5...

7.2CVSS5.3AI score0.00319EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/04 12:11 p.m.6 views

WordPress School Management plugin <= 91.5.0 - Authenticated (Student+) Arbitrary File Upload vulnerability

Authenticated Student+ Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin School Management versions = 91.5.0...

8.8CVSS8.3AI score0.0103EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/04 11:52 a.m.7 views

WordPress MyRewards plugin <= 5.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin MyRewards versions = 5.6.1...

6.5CVSS5.4AI score0.00274EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities46662