Lucene search
K
PatchstackRecent

46629 matches found

Patchstack
Patchstack
added 2026/02/03 11:19 p.m.6 views

WordPress Xendit Payment plugin <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid vulnerability

Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Xendit Payment versions = 6.0.2...

5.3CVSS5.4AI score0.00345EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:16 p.m.8 views

WordPress SIBS - WooCommerce plugin <= 2.2.0 - Authenticated (Admin+) SQL Injection via 'referencedId' Parameter vulnerability

WordPress SIBS - WooCommerce plugin = 2.2.0 - Authenticated Admin+ SQL Injection via 'referencedId' Parameter vulnerability discovered by whizzu in WordPress Plugin SIBS woocommerce payment gateway versions = 2.2.0...

4.9CVSS5.7AI score0.00333EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:5 p.m.6 views

WordPress Extended Random Number Generator plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings vulnerability discovered by 0x34rth in WordPress Plugin Extended Random Number Generator versions = 1.1...

4.4CVSS5.3AI score0.0025EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 10:49 p.m.8 views

WordPress Menu Icons by ThemeIsle plugin <= 0.13.20 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by lucsob in WordPress Plugin Menu Icons by ThemeIsle versions = 0.13.20...

6.4CVSS5.3AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 10:39 p.m.9 views

WordPress Tutor LMS plugin <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion vulnerability

Insecure Direct Object Reference to Authenticated Instructor+ Arbitrary Course Modification and Deletion vulnerability discovered by WordFence in WordPress Plugin Tutor LMS versions = 3.9.5...

8.1CVSS5.4AI score0.00345EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 9:13 p.m.6 views

WordPress ACF Quick Edit Fields plugin <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference vulnerability

Authenticated Contributor+ Insecure Direct Object Reference vulnerability discovered by Chris Grello in WordPress Plugin ACF Quick Edit Fields versions = 3.2.2...

6.5CVSS5.3AI score0.00421EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:24 p.m.5 views

WordPress Paid Memberships Pro plugin <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update vulnerability

Cross-Site Request Forgery to Level Orders Update vulnerability discovered by kodaichodai in WordPress Plugin Paid Memberships Pro versions = 2.12.7...

5.3CVSS5.4AI score0.00951EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:22 p.m.6 views

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin <= 6.1.7 - Missing Authorization via editor_html() vulnerability

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin = 6.1.7 - Missing Authorization via editorhtml vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Awesome Support versions = 6.1.7...

5.3CVSS5.3AI score0.004EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:20 p.m.6 views

WordPress Royal Elementor Addons and Templates plugin <= 1.3.87 - Missing Authorization via wpr_update_form_action_meta vulnerability

Missing Authorization via wprupdateformactionmeta vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.3.87...

5.3CVSS5.3AI score0.00225EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:19 p.m.7 views

WordPress Royal Elementor Addons and Templates plugin <= 1.3.87 - Cross-Site Request Forgery via remove_from_compare vulnerability

Cross-Site Request Forgery via removefromcompare vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.3.87...

4.3CVSS5.3AI score0.00208EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:19 p.m.7 views

WordPress Royal Elementor Addons and Templates plugin <= 1.3.87 - Cross-Site Request Forgery via add_to_compare vulnerability

Cross-Site Request Forgery via addtocompare vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.3.87...

4.3CVSS5.3AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:18 p.m.6 views

WordPress AI ChatBot plugin <= 5.3.4 - Missing Authorization via openai_file_delete_callback vulnerability

Missing Authorization via openaifiledeletecallback vulnerability discovered by Francesco Carlucci in WordPress Plugin ChatBot versions = 5.3.4...

7.7CVSS5.3AI score0.00363EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:18 p.m.6 views

WordPress Royal Elementor Addons and Templates plugin <= 1.3.87 - Cross-Site Request Forgery via remove_from_wishlist vulnerability

Cross-Site Request Forgery via removefromwishlist vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.3.87...

4.3CVSS5.3AI score0.00208EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:17 p.m.7 views

WordPress AI ChatBot plugin <= 5.3.4 - Missing Authorization via openai_file_list_callback vulnerability

Missing Authorization via openaifilelistcallback vulnerability discovered by Francesco Carlucci in WordPress Plugin ChatBot versions = 5.3.4...

5CVSS5.3AI score0.00383EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:16 p.m.4 views

WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...

6.4CVSS5.3AI score0.00544EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:14 p.m.5 views

WordPress Gestpay for WooCommerce plugin <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_delete_card vulnerability

Cross-Site Request Forgery CSRF via ajaxdeletecard vulnerability discovered by Francesco Carlucci in WordPress Plugin Gestpay for WooCommerce versions = 20221130...

4.3CVSS5.3AI score0.00275EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:14 p.m.4 views

WordPress Gestpay for WooCommerce plugin <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_unset_default_card vulnerability

Cross-Site Request Forgery CSRF via ajaxunsetdefaultcard vulnerability discovered by Francesco Carlucci in WordPress Plugin Gestpay for WooCommerce versions = 20221130...

4.3CVSS5.3AI score0.00275EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:13 p.m.6 views

WordPress Categorify plugin <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategory vulnerability

Missing Authorization in categorifyAjaxAddCategory vulnerability discovered by Francesco Carlucci in WordPress Plugin Categorify versions = 1.0.7.4...

4.3CVSS5.3AI score0.00578EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:12 p.m.5 views

WordPress WP Recipe Maker plugin <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group_tag' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'grouptag' vulnerability discovered by wesley wcraft in WordPress Plugin WP Recipe Maker versions = 9.1.0...

6.4CVSS5.3AI score0.00449EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:11 p.m.5 views

WordPress WP Recipe Maker plugin <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'tag' vulnerability discovered by wesley wcraft in WordPress Plugin WP Recipe Maker versions = 9.1.0...

6.4CVSS5.3AI score0.00578EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:11 p.m.6 views

WordPress Views for WPForms plugin <= 3.2.2 - Cross-Site Request Forgery via create_view vulnerability

Cross-Site Request Forgery via createview vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

4.3CVSS5.3AI score0.00234EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:10 p.m.6 views

WordPress Views for WPForms plugin <= 3.2.2 - Cross-Site Request Forgery via save_view vulnerability

Cross-Site Request Forgery via saveview vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

4.3CVSS5.3AI score0.00234EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:9 p.m.7 views

WordPress Views for WPForms plugin <= 3.2.2 - Missing Authorization via create_view vulnerability

Missing Authorization via createview vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

4.3CVSS5.3AI score0.00428EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:9 p.m.6 views

WordPress Views for WPForms plugin <= 3.2.2 - Missing Authorization via get_form_fields vulnerability

Missing Authorization via getformfields vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

4.3CVSS5.3AI score0.00359EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:8 p.m.7 views

WordPress Bulk Edit Post Titles plugin <= 5.0.0 - Missing Authorization via bulkUpdatePostTitles vulnerability

Missing Authorization via bulkUpdatePostTitles vulnerability discovered by Francesco Carlucci in WordPress Plugin Bulk Edit Post Titles versions = 5.0.0...

4.3CVSS5.3AI score0.00428EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 3:7 p.m.6 views

WordPress Jeg Elementor Kit plugin <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes vulnerability

Authenticated Contributor+ Cross-Site Scripting via Elementor Widget URL Custom Attributes vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 2.6.4...

6.4CVSS5.3AI score0.00402EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 12:55 p.m.6 views

WordPress WebSub (FKA. PubSubHubbub) plugin <= 3.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Sh in WordPress Plugin WebSub versions = 3.1.4...

4.8CVSS5.3AI score0.00304EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 12:53 p.m.7 views

WordPress Royal Elementor Kit plugin <= 1.0.116 - Missing Authorization to Arbitrary Transient Update vulnerability

Missing Authorization to Arbitrary Transient Update vulnerability discovered by Sean Murphy in WordPress Theme Royal Elementor Kit versions = 1.0.116...

4.3CVSS5.3AI score0.00533EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 12:41 p.m.7 views

WordPress Schema App Structured Data plugin <= 2.2.0 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Francesco Carlucci in WordPress Plugin Schema App Structured Data versions = 2.2.0...

4.3CVSS5.3AI score0.00343EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 12:40 p.m.5 views

WordPress PDF Flipbook, 3D Flipbook - DearFlip plugin <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress PDF Flipbook, 3D Flipbook - DearFlip plugin = 2.2.26 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Daffa in WordPress Plugin DearFlip versions = 2.2.26...

5.4CVSS5.3AI score0.00442EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 12:37 p.m.6 views

WordPress Beaver Builder plugin <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Beaver Builder versions = 2.7.4.2...

6.4CVSS5.3AI score0.00505EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 12:36 p.m.7 views

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via restore_records() vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via restorerecords vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...

5.3CVSS5.3AI score0.00598EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 12:34 p.m.5 views

WordPress WP ERP plugin <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection vulnerability

Authenticated Accounting Manager+ SQL Injection vulnerability discovered by Edwin Siebel edwinsiebel in WordPress Plugin WP ERP versions = 1.13.0...

7.2CVSS5.7AI score0.00615EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 12:19 p.m.6 views

WordPress WP AdCenter plugin <= 2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpadcenter_ad Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpadcenterad Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WP AdCenter versions = 2.5.7...

6.4CVSS5.3AI score0.00362EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 12:14 p.m.7 views

WordPress Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.1...

6.4CVSS5.3AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:59 a.m.8 views

WordPress ShopLentor plugin <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin ShopLentor versions = 2.8.1...

6.4CVSS5.3AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:36 a.m.5 views

WordPress Shortcodes for Elementor plugin <= 1.0.4 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Shortcodes for Elementor versions = 1.0.4...

4.3CVSS5.3AI score0.00289EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:27 a.m.6 views

WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Order Deletion vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...

4.3CVSS5.4AI score0.00344EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:27 a.m.5 views

WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Import vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Import vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...

4.3CVSS5.4AI score0.00367EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:26 a.m.7 views

WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Plugin Installation vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Tutor LMS Elementor Addons versions = 2.1.5...

4.3CVSS5.4AI score0.00304EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:16 a.m.8 views

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin = 3.4.3 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.3...

6.5CVSS5.4AI score0.00324EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:15 a.m.7 views

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export vulnerability

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin = 3.4.1 - Missing Authorization to Authenticated Subscriber+ Event Export vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.1...

4.3CVSS5.4AI score0.0053EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:3 a.m.8 views

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via set_starred() vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via setstarred vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...

5.3CVSS5.3AI score0.00598EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:0 a.m.12 views

WordPress SEOPress - On-site SEO plugin <= 7.5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress SEOPress - On-site SEO plugin = 7.5.2.1 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Daffa in WordPress Plugin SEOPress versions = 7.5.2.1...

6.4CVSS5.3AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 10:56 a.m.5 views

WordPress WP eMember plugin < 10.6.7 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.7...

6.8CVSS5.3AI score0.0043EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 10:42 a.m.4 views

WordPress Redirects plugin <= 1.2.1 - Missing Authorization via save vulnerability

Missing Authorization via save vulnerability discovered by Francesco Carlucci in WordPress Plugin Redirects versions = 1.2.1...

6.5CVSS5.3AI score0.0053EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 10:13 a.m.4 views

WordPress Optimize More! – Images plugin <= 1.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Optimize More! Images versions = 1.1.3...

6.5CVSS5.3AI score0.00261EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/03 10:12 a.m.5 views

WordPress SevenHills theme <= 1.6.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme SevenHills versions = 1.6.2...

9.8CVSS5.5AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/03 10:10 a.m.5 views

WordPress Authorsy plugin <= 1.0.6 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by NumeX in WordPress Plugin Authorsy versions = 1.0.6...

7.5CVSS5.3AI score0.0025EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/03 10:10 a.m.9 views

WordPress PhotoMe theme <= 5.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PhotoMe versions = 5.7.1...

7.1CVSS5.3AI score0.00151EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46629