Lucene search
K
PatchstackRecent

46606 matches found

Patchstack
Patchstack
added 2026/01/28 6:22 a.m.12 views

WordPress Snow Monkey Forms plugin <= 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal vulnerability

Unauthenticated Arbitrary File Deletion via Path Traversal vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Snow Monkey Forms versions = 12.0.3...

9.8CVSS5.9AI score0.12024EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 6:19 a.m.12 views

WordPress New User Approve plugin <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure vulnerability

Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure vulnerability discovered by Deadbee - NA in WordPress Plugin New User Approve versions = 3.2.2...

7.3CVSS5.9AI score0.00323EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 6:8 a.m.8 views

WordPress Search Atlas SEO plugin 2.4.4 - 2.5.12 - Missing Authorization to Authenticated (Subscriber+) Authentication Bypass via Account Takeover vulnerability

WordPress Search Atlas SEO plugin 2.4.4 - 2.5.12 - Missing Authorization to Authenticated Subscriber+ Authentication Bypass via Account Takeover vulnerability discovered by kr0d in WordPress Plugin Search Atlas SEO versions 2.4.4-2.5.12...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 4:18 a.m.4 views

WordPress Popularis Extra plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Popularis Extra versions = 1.2.10...

5.5AI score0.00104EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:56 a.m.9 views

WordPress Stop Spammers Classic plugin <= 2026.1 - Cross-Site Request Forgery via Email Allowlist vulnerability

Cross-Site Request Forgery via Email Allowlist vulnerability discovered by JoanClarke2 in WordPress Plugin Stop Spammers versions = 2026.1...

4.3CVSS5.9AI score0.0016EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:55 a.m.9 views

WordPress Passster plugin <= 4.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Passster versions = 4.2.24...

6.4CVSS5.9AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:54 a.m.6 views

WordPress Frontend File Manager plugin plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary File Sharing via 'fileid' Parameter vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Frontend File Manager versions = 23.5...

7.5CVSS5.9AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:53 a.m.7 views

WordPress Bitcoin Donate Button plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Bitcoin Donate Button versions = 1.0...

4.3CVSS5.9AI score0.00124EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:51 a.m.9 views

WordPress Recooty plugin <= 1.0.6 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by omer yeshayahu in WordPress Plugin Recooty versions 1.0.1-1.0.6...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:50 a.m.8 views

WordPress imwptip plugin <= 1.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin imwptip versions = 1.1...

4.3CVSS5.9AI score0.00124EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:50 a.m.7 views

WordPress Change WP URL plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Change WP URL versions = 1.0...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:49 a.m.9 views

WordPress WP Google Ad Manager Plugin plugin <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Admin Settings vulnerability discovered by Abdualrhman Muzamil - 0bytes in WordPress Plugin WP Google Ad Manager versions = 1.1.0...

4.4CVSS5.9AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:48 a.m.6 views

WordPress Rupantorpay plugin <= 2.0.0 - Missing Authorization to Unauthenticated Order Status Modification vulnerability

Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Rupantorpay versions = 2.0.0...

5.3CVSS5.9AI score0.00205EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:47 a.m.9 views

WordPress BlockArt Blocks plugin <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin BlockArt Blocks versions = 2.2.14...

6.4CVSS5.9AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:44 a.m.6 views

WordPress Ivory Search plugin <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'menugcse' and 'nothingfoundtext' Parameters vulnerability discovered by JongHwan Shin zzzsleep in WordPress Plugin Ivory Search versions = 5.5.13...

4.4CVSS5.9AI score0.00261EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:44 a.m.9 views

WordPress Order Minimum/Maximum Amount Limits for WooCommerce plugin <= 4.6.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Hide Add to Cart Content Fields vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting via Hide Add to Cart Content Fields vulnerability discovered by whizzu in WordPress Plugin Order Minimum/Maximum Amount Limits for WooCommerce versions = 4.6.8...

4.4CVSS5.9AI score0.00251EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:41 a.m.10 views

WordPress Document Embedder plugin <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion vulnerability

Insecure Direct Object Reference to Authenticated Author+ Arbitrary Document Library Entry Deletion vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Document Embedder versions = 2.0.4...

5.3CVSS5.9AI score0.00194EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:40 a.m.6 views

WordPress RegistrationMagic plugin <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Settings Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin RegistrationMagic versions = 6.0.7.4...

5.3CVSS5.9AI score0.00232EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:40 a.m.7 views

WordPress Simple calendar for Elementor plugin <= 1.6.6 - Missing Authorization to Unauthenticated Arbitrary Calendar Entry Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Calendar Entry Deletion vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Simple calendar for Elementor versions = 1.6.6...

5.3CVSS5.9AI score0.00338EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:39 a.m.5 views

WordPress Interactions plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Interactions versions = 1.3.1...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:38 a.m.11 views

WordPress Buy Now Plus plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin Buy Now Plus versions = 1.0.2...

6.4CVSS5.9AI score0.0027EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:37 a.m.8 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export vulnerability

Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export vulnerability discovered by Teerachai Somprasong in WordPress Plugin Contact Form Entries versions = 1.4.5...

5.3CVSS5.9AI score0.00408EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:36 a.m.6 views

WordPress Forms Bridge plugin <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Forms Bridge versions = 4.2.5...

6.4CVSS5.9AI score0.00251EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:36 a.m.9 views

WordPress WPBITS Addons For Elementor plugin <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin WPBITS Addons For Elementor Page Builder versions = 1.8...

6.4CVSS5.9AI score0.0027EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:35 a.m.10 views

WordPress Simple Folio plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simple Folio versions = 1.1.1...

6.4CVSS5.9AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:34 a.m.8 views

WordPress TableMaster for Elementor plugin <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter vulnerability

Authenticated Author+ Server-Side Request Forgery via 'csvurl' Parameter vulnerability discovered by WordFence in WordPress Plugin TableMaster for Elementor versions = 1.3.6...

7.2CVSS5.9AI score0.00284EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:33 a.m.8 views

WordPress Appointment Hour Booking plugin <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration vulnerability discovered by ALockWooD in WordPress Plugin Appointment Hour Booking versions = 1.5.60...

4.4CVSS5.9AI score0.00262EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:33 a.m.8 views

WordPress Target Video Easy Publish plugin <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder_img Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via placeholderimg Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Target Video Easy Publish versions = 3.8.8...

6.4CVSS5.9AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:32 a.m.7 views

WordPress Easy Replace Image plugin <= 3.5.2 - Missing Authorization to Authenticated (Contributor+) Arbitrary Attachment Replacement vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Attachment Replacement vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Easy Replace Image versions = 3.5.2...

5.3CVSS5.9AI score0.00254EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/27 1:14 p.m.5 views

WordPress Crete Core plugin <= 1.4.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Crete Core versions = 1.4.3...

9.3CVSS5.9AI score0.00372EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 12:55 p.m.9 views

WordPress HAPPY plugin <= 1.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin HAPPY versions = 1.0.8...

8.2CVSS5.9AI score0.00269EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 11:59 a.m.6 views

WordPress DesignThemes Core Features plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes Core Features versions = 2.3...

7.1CVSS5.9AI score0.00186EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 11:58 a.m.4 views

WordPress Simple Archive Generator plugin <= 5.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xVenus in WordPress Plugin Simple Archive Generator versions = 5.2...

7.1CVSS5.9AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 11:46 a.m.4 views

WordPress Widget Logic Visual plugin <= 1.52 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Widget Logic Visual versions = 1.52...

7.1CVSS5.9AI score0.00183EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 11:34 a.m.3 views

WordPress Allmart plugin <= 1.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Allmart versions = 1.1...

9.3CVSS5.9AI score0.00389EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 11:33 a.m.5 views

WordPress Leadpages plugin <= 1.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Leadpages versions = 1.1.3...

6.5CVSS5.9AI score0.00235EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 11:31 a.m.7 views

WordPress JobBoard Job listing plugin <= 1.2.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by MyungJu Kim in WordPress Plugin JobBoard Job listing versions = 1.2.8...

5.9AI score0.00309EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 11:31 a.m.4 views

WordPress FeedWordPress Advanced Filters plugin <= 0.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin FeedWordPress Advanced Filters versions = 0.6.2...

7.1CVSS5.9AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 11:29 a.m.6 views

WordPress PhotoMe theme <= 5.6.11 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PhotoMe versions = 5.6.11...

9.8CVSS5.9AI score0.00375EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 11:27 a.m.6 views

WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ModelTheme Addons for WPBakery and Elementor versions 1.5.6...

8.8CVSS5.9AI score0.00344EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 10:9 a.m.5 views

WordPress Oxygen theme <= 6.0.8 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Oxygen versions = 6.0.8...

7.2CVSS5.9AI score0.00188EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 7:48 a.m.5 views

WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Theme WPJobster versions = 6.3.5...

5.9AI score0.00372EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 7:33 a.m.5 views

WordPress WPJobster theme <= 6.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Theme WPJobster versions = 6.3.5...

5.9AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 7:31 a.m.3 views

WordPress Membee Login plugin <= 2.3.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Membee Login versions = 2.3.6...

7.1CVSS5.9AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 7:25 a.m.5 views

WordPress ConveyThis plugin <= 269.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin ConveyThis versions = 269.6...

5.2AI score0.00323EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 7:22 a.m.5 views

WordPress aDirectory plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin aDirectory versions = 3.0.3...

5.9AI score0.00316EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 7:21 a.m.4 views

WordPress WPLegalPages plugin <= 3.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin WPLegalPages versions = 3.5.4...

7.5CVSS5.9AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 7:20 a.m.5 views

WordPress AhaChat Messenger Marketing plugin <= 1.1 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Rapid0nion in WordPress Plugin AhaChat Messenger Marketing versions = 1.1...

5.9AI score0.00384EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 7:19 a.m.4 views

WordPress Sunshine Photo Cart plugin <= 3.5.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Sunshine Photo Cart versions = 3.5.6.2...

5.9AI score0.00235EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 7:18 a.m.7 views

WordPress eDS Responsive Menu plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin eDS Responsive Menu versions = 1.2...

7.1CVSS5.9AI score0.00175EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46606