Lucene search
K
PatchstackRecent

46547 matches found

Patchstack
Patchstack
added 2026/06/17 5:37 p.m.6 views

WordPress SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin <= 4.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Customize My Account for WooCommerce versions = 4.3.6...

6.4CVSS5.2AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 5:23 p.m.6 views

WordPress Tutor LMS – eLearning and online course solution plugin <= 3.9.11 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by s1kr10s - Nayrox in WordPress Plugin Tutor LMS versions = 3.9.11...

4.9CVSS5.9AI score0.00363EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 4:52 p.m.5 views

WordPress Simple Membership plugin <= 4.7.5 - Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation vulnerability

Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation vulnerability discovered by Nikita Fenko - self in WordPress Plugin Simple Membership versions = 4.7.5...

5.3CVSS5.3AI score0.00352EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 4:51 p.m.5 views

WordPress Services Section Block – Showcase Service Details in Grid or Columns plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Philipp Doblhofer - codeaware GmbH in WordPress Plugin Services Section block versions = 1.4.4...

6.4CVSS5.2AI score0.00212EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 4:50 p.m.7 views

WordPress PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification vulnerability

Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Modification vulnerability discovered by Truong Tran in WordPress Plugin PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin versions = 2.3.0...

4.3CVSS5.3AI score0.0026EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 4:48 p.m.18 views

WordPress Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Meher Sudhakar Abbireddi in WordPress Plugin Orbit Fox by ThemeIsle versions = 3.0.6...

4.4CVSS5.2AI score0.00203EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 4:45 p.m.6 views

WordPress Advanced Order Export For WooCommerce plugin <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection vulnerability

Authenticated Shop Manager+ SQL Injection vulnerability discovered by Yaswanth Reddy Sunkara in WordPress Plugin Advanced Order Export For WooCommerce versions = 4.0.10...

4.9CVSS5.9AI score0.00369EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 4:14 p.m.6 views

WordPress Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by se1en in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.7.5...

4.3CVSS5.3AI score0.00243EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 4:13 p.m.6 views

WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.43 - Authenticated (Adminsitrator+) SQL Injection vulnerability

Authenticated Adminsitrator+ SQL Injection vulnerability discovered by Muhammad Arsalan Diponegoro tripoloski in WordPress Plugin Form Maker by 10Web versions = 1.15.43...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 4:12 p.m.6 views

WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.43 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Muhammad Arsalan Diponegoro tripoloski in WordPress Plugin Form Maker by 10Web versions = 1.15.43...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 4:8 p.m.6 views

WordPress Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin <= 1.3.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Umut Can Yurdayardım in WordPress Plugin Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets versions = 1.3.13.1...

5.3CVSS5.3AI score0.0031EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 4:7 p.m.6 views

WordPress Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin <= 1.42.1 - Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification vulnerability

Missing Authorization to Authenticated Author+ Arbitrary Accessibility Issue Modification vulnerability discovered by g0wthr in WordPress Plugin Accessibility Checker by Equalize Digital versions = 1.42.1...

4.3CVSS5.3AI score0.00245EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:55 p.m.6 views

WordPress E2Pdf – Export Pdf Tool for WordPress plugin <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation vulnerability

Missing Authorization to Authenticated Custom+ Arbitrary Option Update / Privilege Escalation vulnerability discovered by endy in WordPress Plugin e2pdf versions = 1.32.26...

8.8CVSS5.3AI score0.00387EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:54 p.m.6 views

WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification vulnerability

Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Order Modification vulnerability discovered by Kirasec in WordPress Plugin Dokan versions = 5.0.3...

4.3CVSS5.3AI score0.0025EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:23 p.m.8 views

WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by mxym in WordPress Plugin Gutenverse Companion versions = 2.5.0...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:22 p.m.7 views

WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability

SQL Injection vulnerability discovered by manop55555 in WordPress Plugin GeoDirectory versions = 2.8.162...

9.3CVSS6AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:16 p.m.5 views

WordPress Object Cache 4 everyone plugin <= 2.3.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by dodoh4t in WordPress Plugin Object Cache 4 everyone versions = 2.3.2...

7.5CVSS5.8AI score0.00294EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:8 p.m.4 views

NPM: NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint

NPM: NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

6.9CVSS5.8AI score0.00295EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:8 p.m.4 views

NPM: NocoDB: Server-Side Request Forgery via Base Migration URL

NPM: NocoDB: Server-Side Request Forgery via Base Migration URL vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.1CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:7 p.m.4 views

NPM: NocoDB: Stored Cross-Site Scripting via Secure Attachment

NPM: NocoDB: Stored Cross-Site Scripting via Secure Attachment vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.1CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:7 p.m.5 views

NPM: NocoDB: Refresh Tokens Persist Through Password Recovery

NPM: NocoDB: Refresh Tokens Persist Through Password Recovery vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

6.3CVSS5.8AI score0.00242EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:7 p.m.6 views

WordPress Five Star Restaurant Reservations plugin <= 2.7.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Vincent Sevkli in WordPress Plugin Five Star Restaurant Reservations versions = 2.7.19...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:6 p.m.6 views

WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin WP Photo Album Plus versions = 9.1.13.005...

7.5CVSS6AI score0.00195EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:6 p.m.5 views

NPM: NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URL

NPM: NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URL vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.1CVSS5.8AI score0.00282EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:1 p.m.4 views

NPM: Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

NPM: Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory vulnerability discovered by ? in WordPress Npm chrome-devtools-mcp versions = 0.20.0, = 1.0.1...

6.1CVSS5.8AI score0.00077EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/06/17 1:59 p.m.8 views

WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HaiND in WordPress Plugin Motors versions = 1.4.109...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 1:59 p.m.6 views

WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by HieuPenguinnn in WordPress Plugin SupportCandy versions = 3.4.6...

7.6CVSS5.8AI score0.00288EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 1:55 p.m.6 views

NPM: n8n: Wrong OAuth Scope on Evaluation Test Runs Endpoints

NPM: n8n: Wrong OAuth Scope on Evaluation Test Runs Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/17 1:55 p.m.5 views

WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Real Estate 7 versions = 3.5.9...

9.3CVSS6AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 1:30 p.m.6 views

WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Expatch in WordPress Plugin wpDataTables versions = 7.4...

9.3CVSS6AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 1:22 p.m.6 views

WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by HaiND in WordPress Plugin Ads by WPQuads versions = 3.0.3...

7.5CVSS5.8AI score0.00294EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 1:12 p.m.5 views

WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin Widget Options versions = 4.2.3...

9.9CVSS5.9AI score0.00426EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 1:7 p.m.9 views

WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by endy in WordPress Plugin SALESmanago & Leadoo versions = 3.11.2...

8.5CVSS6AI score0.0027EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 12:58 p.m.6 views

WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by she11f in WordPress Plugin Visual Link Preview versions = 2.3.1...

7.4CVSS5.8AI score0.00264EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 12:55 p.m.6 views

WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin JetBooking versions = 4.0.4.1...

9.3CVSS6AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 9:37 a.m.4 views

WordPress Listdom plugin <= 5.4.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Evan NR in WordPress Plugin Listdom versions = 5.4.0...

9.3CVSS6AI score0.00236EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 9:22 a.m.8 views

WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin Slimstat Analytics versions = 5.4.11...

8.5CVSS6AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 9:13 a.m.6 views

WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin MStore API versions = 4.18.4...

6.5CVSS5.8AI score0.00261EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 9:7 a.m.5 views

WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Advanced Ads versions = 2.0.21...

7.5CVSS5.9AI score0.00292EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 8:56 a.m.6 views

WordPress SureDash plugin <= 1.8.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin SureDash versions = 1.8.0...

8.5CVSS6AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 8:43 a.m.6 views

WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Benedictus Jovan aillesim/eneri in WordPress Plugin Cargo Shipping Location for WooCommerce versions = 5.6...

9.3CVSS6AI score0.00236EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 8:38 a.m.5 views

WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by endy in WordPress Plugin Motors versions = 1.4.109...

8.1CVSS5.8AI score0.00337EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 8:31 a.m.7 views

WordPress Motors plugin <= 1.4.109 - SQL Injection vulnerability

SQL Injection vulnerability discovered by endy in WordPress Plugin Motors versions = 1.4.109...

9.3CVSS6AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 8:28 a.m.4 views

WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin WP Travel Gutenberg Blocks versions = 3.9.4...

9.3CVSS6AI score0.00317EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 8:25 a.m.5 views

WordPress GIFT4U plugin <= 1.0.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ali Osman ERBAS 0110m4n in WordPress Plugin GIFT4U versions = 1.0.10...

9.3CVSS6AI score0.00241EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 8:15 a.m.4 views

WordPress Nexi XPay plugin <= 8.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hivesec in WordPress Plugin Nexi XPay versions = 8.3.1...

7.5CVSS5.8AI score0.00243EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 12:0 a.m.6 views

WordPress FireBox Popups – Increase Sales and Grow Your Email List plugin <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter vulnerability

Unauthenticated Sensitive Information Exposure in 'formid' Parameter vulnerability discovered by Duc Manh in WordPress Plugin FireBox versions = 3.1.7...

5.3CVSS5.3AI score0.00331EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 12:0 a.m.7 views

WordPress Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin <= 4.2.6 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Alexandru Bucur in WordPress Plugin Optimole versions = 4.2.6...

4.3CVSS5.3AI score0.00157EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 11:38 p.m.6 views

NPM: Cross-site scripting via <NoScript> slot content in Nuxt's head components

NPM: Cross-site scripting via slot content in Nuxt's head components vulnerability discovered by ? in WordPress Npm nuxt versions 3.21.7...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/16 11:34 p.m.5 views

NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

7.7CVSS5.8AI score0.00353EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities46547