Lucene search
K
PatchstackRecent

46547 matches found

Patchstack
Patchstack
added 2026/06/18 2:26 p.m.14 views

NPM: npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining

NPM: npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining vulnerability discovered by ? in WordPress Npm praisonai versions = 1.5.1, = 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:26 p.m.14 views

NPM: npm PraisonAI AgentLoop onToolCall approval runs after tool execution

NPM: npm PraisonAI AgentLoop onToolCall approval runs after tool execution vulnerability discovered by ? in WordPress Npm praisonai versions = 1.4.0, = 1.7.1...

6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:26 p.m.13 views

NPM: npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call

NPM: npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call vulnerability discovered by ? in WordPress Npm praisonai versions = 1.5.0, = 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:26 p.m.7 views

NPM: npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation

NPM: npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation vulnerability discovered by ? in WordPress Npm praisonai versions = 1.6.0, = 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:26 p.m.13 views

NPM: PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool

NPM: PraisonAI: Remote Code Execution via Sandbox Escape in codeMode Tool vulnerability discovered by ? in WordPress Npm praisonai versions = 1.7.1...

5.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:26 p.m.56 views

NPM: npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining

NPM: npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining vulnerability discovered by ? in WordPress Npm praisonai versions = 1.2.3, = 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:26 p.m.6 views

NPM: npm PraisonAI codeMode sandbox escape via Function constructor

NPM: npm PraisonAI codeMode sandbox escape via Function constructor vulnerability discovered by ? in WordPress Npm praisonai versions = 1.4.0, = 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:26 p.m.6 views

NPM: npm PraisonAI SandboxExecutor network-isolated mode does not block non-proxy-aware network clients

NPM: npm PraisonAI SandboxExecutor network-isolated mode does not block non-proxy-aware network clients vulnerability discovered by ? in WordPress Npm praisonai versions = 1.2.3, = 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:25 p.m.14 views

NPM: npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation

NPM: npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation vulnerability discovered by ? in WordPress Npm praisonai versions = 1.5.1, = 1.7.1...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:21 p.m.5 views

WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou in WordPress Plugin APIExperts Square for WooCommerce versions = 4.7.3...

8.3CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:20 p.m.5 views

WordPress Syncee Premium Dropshipping & Wholesale plugin <= 1.0.27 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Syncee Premium Dropshipping & Wholesale versions = 1.0.27...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:17 p.m.7 views

WordPress MDTF plugin <= 1.3.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Ossacip Thanh in WordPress Plugin MDTF versions = 1.3.8...

8.1CVSS5.8AI score0.00274EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 2:1 p.m.6 views

WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Media LIbrary Assistant versions = 3.35...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:52 p.m.6 views

WordPress User Admin Simplifier plugin <= 3.0.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by 有馬 龍成 in WordPress Plugin User Admin Simplifier versions = 3.0.0...

4.3CVSS5.3AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:51 p.m.5 views

WordPress MDTF plugin <= 1.3.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Roll in WordPress Plugin MDTF versions = 1.3.7...

9.3CVSS6AI score0.00229EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:20 p.m.5 views

WordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dhamdham in WordPress Plugin Royal MCP versions = 1.4.25...

8.1CVSS5.8AI score0.00195EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:18 p.m.4 views

WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by qdtad in WordPress Plugin Vitepos versions = 3.4.2...

7.5CVSS5.8AI score0.00294EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:14 p.m.4 views

WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HieuPenguinnn in WordPress Plugin Newsletters versions = 4.13...

7.3CVSS5.8AI score0.00213EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:7 p.m.4 views

NPM: TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes

NPM: TinaCMS rich-text slatejson rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes vulnerability discovered by ? in WordPress Npm tinacms versions 3.9.3...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:6 p.m.4 views

NPM: Hydro: Insufficient session expiration when recreating sessions

NPM: Hydro: Insufficient session expiration when recreating sessions vulnerability discovered by ? in WordPress Npm hydrooj versions = 4.10.4, = 5.0.1...

5.8AI score
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:6 p.m.8 views

NPM: http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`

NPM: http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in fixRequestBody vulnerability discovered by ? in WordPress Npm http-proxy-middleware versions = 3.0.4, 3.0.7...

7.5CVSS5.8AI score0.00243EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:6 p.m.4 views

NPM: http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass

NPM: http-proxy-middleware router host+path substring matching allows Host-header-driven backend routing bypass vulnerability discovered by ? in WordPress Npm http-proxy-middleware versions = 0.16.0, 2.0.10...

8.6CVSS5.8AI score0.0034EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:5 p.m.4 views

WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2.0.9 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by dodoh4t in WordPress Plugin Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups versions = 2.0.9...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:5 p.m.6 views

NPM: piscina: Prototype Pollution Gadget → RCE via inherited options.filename

NPM: piscina: Prototype Pollution Gadget → RCE via inherited options.filename vulnerability discovered by ? in WordPress Npm piscina versions = 4.9.2...

8.1CVSS5.8AI score0.00296EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:5 p.m.4 views

NPM: jodit: Prototype pollution in Jodit via Jodit.modules.Helpers.set()

NPM: jodit: Prototype pollution in Jodit via Jodit.modules.Helpers.set vulnerability discovered by ? in WordPress Npm jodit versions 4.12.26...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:4 p.m.5 views

NPM: OpenClaw: Tool group policy callers could accept unvalidated group IDs

NPM: OpenClaw: Tool group policy callers could accept unvalidated group IDs vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.24...

7.1CVSS5.8AI score0.00169EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:4 p.m.3 views

NPM: OpenClaw: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution

NPM: OpenClaw: Workspace .env CLOUDSDKPYTHON could influence Gmail setup gcloud execution vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.2...

7.1CVSS6AI score0.00133EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:3 p.m.3 views

NPM: OpenClaw: Shell inline-command parsing could miss an allowlist check

NPM: OpenClaw: Shell inline-command parsing could miss an allowlist check vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.10-beta.1...

8.1CVSS5.8AI score0.0026EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:3 p.m.5 views

WordPress Intranet & Private Site – All-In-One Intranet plugin <= 1.8.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Intranet & Private Site All-In-One Intranet versions = 1.8.1...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:3 p.m.3 views

NPM: OpenClaw: Pairing-scoped device session could restore revoked node token authority

NPM: OpenClaw: Pairing-scoped device session could restore revoked node token authority vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.26...

8.8CVSS5.8AI score0.00275EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 1:2 p.m.4 views

NPM: OpenClaw: Host environment sanitizer missed two Node.js control variables

NPM: OpenClaw: Host environment sanitizer missed two Node.js control variables vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.22...

8.1CVSS5.8AI score0.00246EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 10:42 a.m.5 views

WordPress Bricksable for Bricks Builder plugin <= 1.6.83 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Bricksable for Bricks Builder versions = 1.6.83...

5.9CVSS5.8AI score0.0014EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 9:44 a.m.7 views

WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin WC Vendors Marketplace versions = 2.6.8...

8.5CVSS6AI score0.0027EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 9:43 a.m.9 views

WordPress Ocean Product Sharing plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ocean Product Sharing versions = 2.2.2...

5.9CVSS5.2AI score0.00143EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 9:38 a.m.5 views

WordPress Filter & Grids plugin <= 3.11.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Filter & Grids versions = 3.11.5...

9.3CVSS6AI score0.00229EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 9:25 a.m.5 views

WordPress Five Star Restaurant Menu plugin <= 2.5.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Vincent Sevkli in WordPress Plugin Five Star Restaurant Menu versions = 2.5.2...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 9:25 a.m.4 views

WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerability

Backdoor vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Enable CORS versions = 2.0.3...

7.4CVSS5.8AI score0.00236EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/18 9:1 a.m.7 views

WordPress CF7 to Webhook plugin <= 5.0.0 - Unauthenticated Server-Side Request Forgery vulnerability

Unauthenticated Server-Side Request Forgery vulnerability discovered by Lucius-log in WordPress Plugin CF7 to Webhook versions = 5.0.0...

7.2CVSS5.2AI score0.00231EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:56 a.m.7 views

WordPress SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin <= 4.3.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Customize My Account for WooCommerce versions = 4.3.6...

6.1CVSS5.2AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:49 a.m.11 views

WordPress Offload, AI & Optimize with Cloudflare Images plugin <= 1.10.2 - Authenticated (Author+) Remote Code Execution vulnerability

Authenticated Author+ Remote Code Execution vulnerability discovered by Yat in WordPress Plugin Offload, AI & Optimize with Cloudflare Images versions = 1.10.2...

8.8CVSS5.5AI score0.00577EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:46 a.m.7 views

WordPress Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin <= 30.0.2 - Authenticated (Author+) Privilege Escalation vulnerability

Authenticated Author+ Privilege Escalation vulnerability discovered by ? in WordPress Plugin Contest Gallery versions = 30.0.2...

8.8CVSS5.2AI score0.00408EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 8:0 p.m.7 views

WordPress Slideshow Gallery LITE plugin <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Slideshow Gallery versions = 1.8.5...

6.4CVSS5.2AI score0.00205EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 7:25 p.m.5 views

WordPress Fancy Testimonials plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Fancy Testimonials versions = 1.0...

6.4CVSS5.2AI score0.00187EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 6:14 p.m.6 views

WordPress Appointment Booking Calendar plugin <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by ? in WordPress Plugin Appointment Booking Calendar versions = 1.4.01...

4.3CVSS5.3AI score0.00285EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 6:13 p.m.4 views

NPM: webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies

NPM: webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies vulnerability discovered by ? in WordPress Npm webpack-dev-server versions 5.2.5...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References7Affected Software1
Patchstack
Patchstack
added 2026/06/17 6:12 p.m.4 views

NPM: Multer vulnerable to Denial of Service via deeply nested field names

NPM: Multer vulnerable to Denial of Service via deeply nested field names vulnerability discovered by ? in WordPress Npm multer versions = 1.0.0, 2.2.0...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/17 6:12 p.m.7 views

WordPress PowerPress Podcasting plugin by Blubrry plugin <= 11.16.8 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Mukhlis Amien in WordPress Plugin PowerPress Podcasting versions = 11.16.8...

6.4CVSS5.2AI score0.00202EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 6:11 p.m.11 views

NPM: Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads

NPM: Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads vulnerability discovered by ? in WordPress Npm multer versions = 2.0.0-alpha.1, 2.2.0...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/17 6:9 p.m.8 views

WordPress UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset vulnerability

Insecure Direct Object Reference to Authenticated Editor+ Arbitrary User Avatar/Banner Reset vulnerability discovered by Pasindu Dilshan K4PXD - HACK KAP PVT LTD in WordPress Plugin UsersWP versions = 1.2.63...

2.7CVSS5.3AI score0.0028EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 5:55 p.m.3 views

NPM: OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin

NPM: OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.12...

7.1CVSS5.8AI score0.00223EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities46547