Lucene search
K
PatchstackRecent

46606 matches found

Patchstack
Patchstack
added 2026/01/25 2:56 p.m.8 views

WordPress SiteLock Security plugin <= 5.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin SiteLock Security – WP Hardening, Login Security & Malware Scans versions = 5.0.2...

8.8CVSS5.4AI score0.00235EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/25 2:42 p.m.5 views

WordPress Share This Image plugin <= 2.09 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Share This Image versions = 2.09...

5.3CVSS5.3AI score0.00176EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/25 2:3 p.m.5 views

WordPress TOP Table Of Contents plugin <= 1.3.31 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin TOP Table Of Contents versions = 1.3.31...

4.3CVSS5.4AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/25 1:28 p.m.6 views

WordPress Booter plugin <= 1.5.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Booter versions = 1.5.7...

8.8CVSS5.9AI score0.00235EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/25 1:21 p.m.4 views

WordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Automatic Featured Images from Videos versions = 1.2.7...

4.3CVSS5.9AI score0.00201EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/25 12:40 p.m.5 views

WordPress Hustle plugin <= 7.8.9.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin Hustle versions = 7.8.9.2...

5.3CVSS5.3AI score0.00197EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/25 10:44 a.m.4 views

WordPress Omnipress plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Omnipress versions = 1.6.7...

6.5CVSS5.4AI score0.00161EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/25 10:24 a.m.6 views

WordPress Webpushr plugin <= 4.38.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Webpushr versions = 4.38.0...

7.5CVSS5.9AI score0.00305EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/25 6:50 a.m.4 views

WordPress FluentForm plugin <= 6.1.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin FluentForm versions = 6.1.14...

4.3CVSS5.4AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/24 9:3 p.m.7 views

WordPress Kentha Elementor Widgets plugin < 3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Kentha Elementor Widgets versions 3.1...

7.5CVSS5.9AI score0.00306EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/24 5:59 p.m.8 views

WordPress Omnipress plugin <= 1.6.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by theviper17 in WordPress Plugin Omnipress versions = 1.6.7...

7.6CVSS5.9AI score0.00392EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/24 4:42 p.m.6 views

WordPress Wired Impact Volunteer Management plugin <= 2.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hhhai in WordPress Plugin Wired Impact Volunteer Management versions = 2.8...

5.3CVSS5.3AI score0.00176EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/24 3:36 p.m.5 views

WordPress Protección de datos – RGPD plugin <= 0.68 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Protección de datos RGPD versions = 0.68...

5.3CVSS5.9AI score0.00277EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/24 3:28 p.m.6 views

WordPress Integrate Google Drive plugin <= 1.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Integrate Google Drive versions = 1.5.6...

5.4CVSS5.9AI score0.00222EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/24 2:58 p.m.6 views

WordPress Download After Email plugin <= 2.1.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Download After Email versions = 2.1.9...

5.3CVSS5.9AI score0.00197EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/24 1:36 p.m.8 views

WordPress WP Term Order plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin WP Term Order versions = 2.1.0...

4.3CVSS5.9AI score0.00133EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/24 1:27 p.m.12 views

WordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Nabil Irawan in WordPress Plugin WP Job Portal versions = 2.4.3...

9.1CVSS5.9AI score0.00234EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/24 12:54 p.m.5 views

WordPress Materialis Companion plugin <= 1.3.52 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Materialis Companion versions = 1.3.52...

4.3CVSS5.9AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/24 12:37 p.m.8 views

WordPress HD Quiz plugin <= 2.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin HD Quiz versions = 2.0.9...

4.3CVSS5.9AI score0.00197EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/24 8:58 a.m.5 views

WordPress WPElemento Importer plugin <= 0.6.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WPElemento Importer versions = 0.6.4...

4.3CVSS5.3AI score0.00152EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/24 6:16 a.m.9 views

WordPress Moderate Selected Posts plugin <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Moderate Selected Posts versions = 1.4...

4.3CVSS5.5AI score0.00107EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 5:57 a.m.7 views

WordPress All-in-One Video Gallery plugin 4.1.0-4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited User Meta Update vulnerability discovered by kr0d in WordPress Plugin All-in-One Video Gallery versions 4.1.0-4.6.4...

4.3CVSS5.5AI score0.00161EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 5:52 a.m.6 views

WordPress CM CSS Columns plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'tag' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin CM CSS Columns versions = 1.2.1...

6.4CVSS5.4AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 5:45 a.m.8 views

WordPress AdminQuickbar plugin <= 1.9.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Lior Yeshayahu in WordPress Plugin AdminQuickbar versions = 1.9.3...

4.3CVSS5.5AI score0.0016EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 5:43 a.m.7 views

WordPress Canto Testimonials plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fx' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'fx' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin Canto Testimonials versions = 1.0...

6.4CVSS5.4AI score0.0025EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 5:40 a.m.6 views

WordPress GZSEO plugin <= 2.0.11 - Authenticated (Contributor+) Authorization Bypass to Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Authorization Bypass to Stored Cross-Site Scripting vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin GZSEO versions = 2.0.11...

6.4CVSS5.5AI score0.00266EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 5:38 a.m.10 views

WordPress WP-ClanWars plugin <= 2.0.1 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter vulnerability

Authenticated Administrator+ SQL Injection via 'orderby' Parameter vulnerability discovered by 0x34rth in WordPress Plugin WP-ClanWars versions = 2.0.1...

4.9CVSS5.8AI score0.00371EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 5:35 a.m.9 views

WordPress Login Page Editor plugin <= 1.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Login Page Editor versions = 1.2...

4.3CVSS5.5AI score0.00154EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 5:30 a.m.9 views

WordPress ThemeRuby Multi Authors plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' and 'after' Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'before' and 'after' Shortcode Attributes vulnerability discovered by zaim in WordPress Plugin ThemeRuby Multi Authors versions = 1.0.0...

6.4CVSS5.4AI score0.0024EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 5:28 a.m.8 views

WordPress Wizit Gateway for WooCommerce plugin <= 1.2.9 - Missing Authentication to Unauthenticated Arbitrary Order Cancellation vulnerability

Missing Authentication to Unauthenticated Arbitrary Order Cancellation vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Wizit Gateway for WooCommerce versions = 1.2.9...

5.3CVSS5.5AI score0.00299EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 5:17 a.m.5 views

WordPress Latest Post Shortcode plugin <= 14.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Latest Post Shortcode versions = 14.2.0...

4.3CVSS5.3AI score0.00195EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/24 4:32 a.m.8 views

WordPress Set Bulk Post Categories plugin <= 1.1 - Cross-Site Request Forgery to Bulk Post Category Update vulnerability

Cross-Site Request Forgery to Bulk Post Category Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Set Bulk Post Categories versions = 1.1...

4.3CVSS5.5AI score0.00155EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 4:31 a.m.7 views

WordPress Alex User Counter plugin <= 6.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Alex User Counter versions = 6.0...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 4:29 a.m.7 views

WordPress Alpha Blocks plugin <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alpha_block_css' Post Meta vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'alphablockcss' Post Meta vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Alpha Blocks versions = 1.5.0...

6.4CVSS5.4AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 3:9 a.m.8 views

WordPress Star Review Manager plugin <= 1.2.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Star Review Manager versions = 1.2.2...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 3:8 a.m.10 views

WordPress Administrative Shortcodes plugin <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes vulnerability discovered by zaim in WordPress Plugin Administrative Shortcodes versions = 0.3.4...

6.4CVSS5.4AI score0.00232EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 3:7 a.m.6 views

WordPress Administrative Shortcodes plugin <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute vulnerability

Authenticated Contributor+ Local File Inclusion via 'slug' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Administrative Shortcodes versions = 0.3.4...

7.5CVSS5.4AI score0.00678EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 3:6 a.m.13 views

WordPress ZT Captcha plugin <= 1.0.4 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin ZT Captcha versions = 1.0.4...

4.3CVSS5.5AI score0.00191EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 3:5 a.m.10 views

WordPress Cookie consent for developers plugin <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Multiple Settings Fields vulnerability discovered by 0x34rth in WordPress Plugin Cookie consent for developers versions = 1.7.1...

4.4CVSS5.4AI score0.00279EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 1:21 a.m.8 views

WordPress Wise Analytics plugin <= 1.1.9 - Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter vulnerability discovered by Lior Yeshayahu in WordPress Plugin Wise Analytics versions = 1.1.9...

5.3CVSS5.5AI score0.00314EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 1:20 a.m.11 views

WordPress AIKTP plugin <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions vulnerability

Missing Authorization to Authenticated Subscriber+ Multiple Administrator Actions vulnerability discovered by Os in WordPress Plugin AIKTP versions = 5.0.04...

5.4CVSS5.5AI score0.00239EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 12:49 a.m.9 views

WordPress WP Youtube Video Gallery plugin <= 1.0 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin WP Youtube Video Gallery versions = 1.0...

4.3CVSS5.5AI score0.00132EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 12:39 a.m.9 views

WordPress Alchemist Ajax Upload plugin <= 1.1 - Missing Authorization to Unauthenticated Arbitrary Media File Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Media File Deletion vulnerability discovered by ChamlaVic in WordPress Plugin Alchemist Ajax Upload versions = 1.1...

5.3CVSS5.5AI score0.00294EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 12:17 a.m.11 views

WordPress Same Category Posts plugin <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Widget Title Placeholder vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Same Category Posts versions = 1.1.19...

5.4CVSS5.4AI score0.00214EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 12:15 a.m.13 views

WordPress VK Google Job Posting Manager plugin <= 1.2.20 - Authenticated (Author+) Stored Cross-Site Scripting via Job Description Field vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Job Description Field vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin VK Google Job Posting Manager versions = 1.2.20...

6.4CVSS5.4AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/24 12:13 a.m.9 views

WordPress Simple Crypto Shortcodes plugin <= 1.0.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Simple Crypto Shortcodes versions = 1.0.2...

4.3CVSS5.5AI score0.00155EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/23 6:58 p.m.6 views

WordPress Happy Addons for Elementor plugin <= 3.20.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by knani alaaeddine iwd in WordPress Plugin Happy Addons for Elementor versions = 3.20.4...

8.5CVSS5.8AI score0.00253EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2026/01/23 12:2 p.m.5 views

WordPress Sunshine Photo Cart plugin <= 3.5.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Sunshine Photo Cart versions = 3.5.7.2...

5.3CVSS5.3AI score0.00187EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/23 10:44 a.m.8 views

WordPress Radio Player plugin <= 2.0.91 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Radio Player versions = 2.0.91...

5.3CVSS5.4AI score0.00163EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/23 10:18 a.m.6 views

WordPress GeoDirectory plugin <= 2.8.149 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin GeoDirectory versions = 2.8.149...

4.3CVSS5.9AI score0.00133EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46606