Lucene search
K
PatchstackRecent

46606 matches found

Patchstack
Patchstack
•added 2026/02/02 1:19 a.m.•7 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.13 - Unauthenticated Draft Posts Information Exposure vulnerability

Unauthenticated Draft Posts Information Exposure vulnerability discovered by Nguyen C in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.13...

5.3CVSS5.9AI score0.00214EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/02/02 1:12 a.m.•8 views

WordPress Featured Image from URL (FIFU) plugin <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url' vulnerability

Authenticated Contributor+ Server-Side Request Forgery via 'fifuinputurl' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Featured Image from URL versions = 5.3.1...

4.3CVSS5.9AI score0.00221EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/02/01 11:3 p.m.•5 views

WordPress Himer theme < 2.1.1 - Arbitrary Group Joining via CSRF vulnerability

Arbitrary Group Joining via CSRF vulnerability discovered by Sushmita Poudel in WordPress Theme Himer versions 2.1.1...

6.3CVSS5.9AI score0.00193EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2026/02/01 11:0 p.m.•6 views

WordPress Himer theme < 2.1.1 - Subscriber+ Private Group Joining via IDOR vulnerability

Subscriber+ Private Group Joining via IDOR vulnerability discovered by Sushmita Poudel in WordPress Theme Himer versions 2.1.1...

6.5CVSS5.9AI score0.00374EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2026/02/01 7:7 p.m.•8 views

WordPress Gyan Elements plugin <= 2.2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Gyan Elements versions = 2.2.1...

9.8CVSS5.3AI score0.00384EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/02/01 6:8 p.m.•4 views

WordPress KiviCare plugin <= 3.6.16 - SQL Injection vulnerability

SQL Injection vulnerability discovered by alakinnn in WordPress Plugin KiviCare versions = 3.6.16...

8.5CVSS5.7AI score0.00205EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/02/01 1:15 p.m.•6 views

WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Doan Dinh Van in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions = 4.7.8...

5.3CVSS5.5AI score0.00316EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/02/01 5:54 a.m.•7 views

WordPress Quiz And Survey Master plugin <= 10.3.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by johska in WordPress Plugin Quiz And Survey Master versions = 10.3.4...

5.3CVSS5.5AI score0.00315EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/30 11:54 p.m.•6 views

WordPress SupportCandy - Helpdesk & Customer Support Ticket System plugin <= 3.4.4 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

WordPress SupportCandy - Helpdesk & Customer Support Ticket System plugin = 3.4.4 - Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Theklis - Sentrium Security Ltd in WordPress Plugin SupportCandy versions = 3.4.4...

5.4CVSS5.9AI score0.00284EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 10:49 p.m.•7 views

WordPress Ajax Load More - Infinite Scroll, Lazy Load & Load More plugin <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure vulnerability

WordPress Ajax Load More - Infinite Scroll, Lazy Load & Load More plugin = 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure vulnerability discovered by shark3y in WordPress Plugin Ajax Load More versions = 7.8.1...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 10:0 p.m.•6 views

WordPress Booking Calendar plugin <= 10.14.13 - Missing Authorization to Unauthenticated Booking Details Exposure vulnerability

Missing Authorization to Unauthenticated Booking Details Exposure vulnerability discovered by type5afe in WordPress Plugin Booking Calendar versions = 10.14.13...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 9:58 p.m.•6 views

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Deadbee - NA in WordPress Plugin NEX-Forms versions = 9.1.8...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 9:0 p.m.•5 views

WordPress Mizan Demo Importer plugin <= 0.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Mizan Demo Importer versions = 0.1.3...

5.4CVSS5.3AI score0.0017EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:4 p.m.•5 views

WordPress WP Sync for Notion plugin <= 1.7.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Sync for Notion versions = 1.7.0...

4.3CVSS5.3AI score0.00152EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/30 6:44 p.m.•7 views

WordPress Atarim plugin <= 4.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Atarim versions = 4.3.1...

5.3CVSS5.3AI score0.00171EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/30 6:37 p.m.•4 views

WordPress WP Wand plugin <= 1.3.07 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Wand versions = 1.3.07...

5.4CVSS5.4AI score0.00209EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/30 4:12 p.m.•8 views

WordPress Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress plugin <= 1.4.0 - Open Redirection vulnerability

Open Redirection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Update URLs Quick and Easy way to search old links and replace them with new links in WordPress versions = 1.4.1...

4.7CVSS5.4AI score0.00201EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/30 2:27 p.m.•5 views

WordPress Hello FSE theme <= 1.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Theme Hello FSE versions = 1.0.6...

4.3CVSS5.4AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/30 2:24 p.m.•5 views

WordPress Fitness FSE theme <= 1.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Theme Fitness FSE versions = 1.0.6...

4.3CVSS5.4AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/30 2:10 p.m.•5 views

WordPress Business Roy theme <= 1.1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Theme Business Roy versions = 1.1.4...

4.3CVSS5.4AI score0.00243EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/30 9:40 a.m.•8 views

WordPress Himer theme < 2.1.3 - CSRF While Sending the Invites

CSRF While Sending the Invites vulnerability discovered by Sushmita Poudel in WordPress Theme Himer versions 2.1.3...

8.1CVSS5.9AI score0.00261EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 9:38 a.m.•7 views

WordPress EventON Lite < 2.2.8 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...

6.1CVSS5.9AI score0.00366EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 9:38 a.m.•7 views

WordPress EventON < 4.5.5 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.5...

6.1CVSS5.9AI score0.00366EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 9:35 a.m.•7 views

WordPress Custom Login Page Customizer plugin < 2.5.4 - Unauthenticated Arbitrary Password Reset vulnerability

Unauthenticated Arbitrary Password Reset vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Custom Login Page Customizer versions 2.5.4...

8.1CVSS5.9AI score0.00306EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 9:0 a.m.•8 views

WordPress Himer theme < 2.1.1 - Bypass Poll Voting Restrictions via CSRF vulnerability

Bypass Poll Voting Restrictions via CSRF vulnerability discovered by Sushmita Poudel in WordPress Theme Himer versions 2.1.1...

6.3CVSS5.9AI score0.00193EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 8:57 a.m.•13 views

WordPress The Ultimate Video Player For WordPress plugin < 2.2.3 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Presto Player versions 2.2.3...

4.7CVSS5.9AI score0.00495EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 8:43 a.m.•5 views

WordPress VikBooking plugin < 1.6.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by cyc707 in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions 1.6.8...

5.9CVSS5.9AI score0.0028EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 8:41 a.m.•9 views

WordPress Genesis Blocks plugin < 3.1.3 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Genesis Blocks versions 3.1.3...

6.8CVSS5.9AI score0.00665EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 8:26 a.m.•6 views

WordPress Tutor LMS plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Course Completion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.2...

4.3CVSS5.9AI score0.00202EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 8:25 a.m.•7 views

WordPress PostX plugin < 4.0.2 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin PostX versions 4.0.2...

5.4CVSS5.9AI score0.00416EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 8:24 a.m.•6 views

WordPress WP Prayer plugin <= 2.0.9 - Email Settings Update via CSRF vulnerability

Email Settings Update via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Prayer versions = 2.0.9...

8.8CVSS5.9AI score0.0035EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 8:24 a.m.•7 views

WordPress All in One SEO plugin < 4.6.1.1 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmtirii Ignatyev in WordPress Plugin All In One SEO Pack versions 4.6.1.1...

6.1CVSS5.9AI score0.00369EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 8:23 a.m.•7 views

WordPress WP Prayer plugin <= 2.0.9 - Arbitrary Prayer Deletion via CSRF vulnerability

Arbitrary Prayer Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Prayer versions = 2.0.9...

5.3CVSS5.9AI score0.00189EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 8:14 a.m.•6 views

WordPress Community by PeepSo plugin < 6.3.1.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Community by PeepSo versions 6.3.1.2...

6.1CVSS5.9AI score0.00515EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 8:5 a.m.•13 views

WordPress EventON < 2.2.8 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...

5.3CVSS5.9AI score0.37957EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 8:2 a.m.•12 views

WordPress EventON < 4.5.5 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.5...

5.3CVSS5.9AI score0.37957EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:49 a.m.•8 views

WordPress EventON plugin < 4.5.9 - Unauthenticated Virtual Event Settings Update vulnerability

Unauthenticated Virtual Event Settings Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.9...

5.3CVSS5.9AI score0.00411EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:48 a.m.•8 views

WordPress EventON Lite< 2.2.9 - Unauthenticated Virtual Event Settings Update vulnerability

Unauthenticated Virtual Event Settings Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.9...

5.3CVSS5.9AI score0.00411EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:47 a.m.•6 views

WordPress EventON < 2.2.8 - Unauthenticated Virtual Event Password Disclosure vulnerability

Unauthenticated Virtual Event Password Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...

5.3CVSS5.9AI score0.00453EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:45 a.m.•6 views

WordPress EventON < 4.5.5 - Unauthenticated Virtual Event Password Disclosure vulnerability

Unauthenticated Virtual Event Password Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.5...

5.3CVSS5.9AI score0.00453EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:42 a.m.•8 views

WordPress Hunk Companion plugin < 1.9.0 - Unauthenticated Plugin Installation vulnerability

Unauthenticated Plugin Installation vulnerability discovered by Daniel Rodriguez in WordPress Plugin Hunk Companion versions 1.9.0...

9.8CVSS5.9AI score0.54754EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:38 a.m.•8 views

WordPress EventON plugin < 4.5.6 - Unauthenticated Arbitrary Post Metadata Update vulnerability

Unauthenticated Arbitrary Post Metadata Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.6...

6.1CVSS5.9AI score0.00373EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:36 a.m.•11 views

WordPress EventON < 2.2.8 - Unauthenticated Arbitrary Post Metadata Update vulnerability

Unauthenticated Arbitrary Post Metadata Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...

6.1CVSS5.9AI score0.00373EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:32 a.m.•4 views

WordPress ConvertForce Popup Builder plugin <= 0.0.7 - Stored Cross-Site Scripting via entrance_animation vulnerability

Stored Cross-Site Scripting via entranceanimation vulnerability discovered by WordFence in WordPress Plugin ConvertForce Popup Builder versions = 0.0.7...

6.4CVSS5.9AI score0.00192EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:31 a.m.•7 views

WordPress EventPrime plugin <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API vulnerability

Unauthenticated Sensitive Information Exposure via REST API vulnerability discovered by Deadbee - NA in WordPress Plugin EventPrime versions = 4.2.7.0...

5.3CVSS5.9AI score0.00378EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:30 a.m.•6 views

WordPress CAS <= 1.0.0 - Unauthenticated SSRF vulnerability

Unauthenticated SSRF vulnerability discovered by Aly Khaled Aly Abd Al-aal in WordPress Theme Cas versions = 1.0.0...

9.1CVSS5.9AI score0.01836EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:30 a.m.•6 views

WordPress MediaPress plugin <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Plugin's Shortcode vulnerability discovered by zaim in WordPress Plugin MediaPress versions = 1.6.1...

6.4CVSS5.9AI score0.00155EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:30 a.m.•8 views

WordPress Widget Countdown plugin <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Widget Countdown versions = 2.7.7...

6.4CVSS5.9AI score0.00192EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:29 a.m.•6 views

WordPress Internal Link Builder plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin's Settings vulnerability discovered by 0x34rth in WordPress Plugin Internal Link Builder versions = 1.0...

4.4CVSS5.9AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/30 7:29 a.m.•10 views

WordPress Amelia plugin <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions vulnerability

Missing Authorization to Unauthenticated Multiple AJAX Actions vulnerability discovered by type5afe in WordPress Plugin Amelia versions = 1.2.38...

5.3CVSS5.9AI score0.0028EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46606