Lucene search
K
PatchstackRecent

46571 matches found

Patchstack
Patchstack
added 1 hour ago7 views

WordPress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin <= 4.3.9.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Sensitive Information Disclosure vulnerability discovered by javitoia in WordPress Plugin LearnPress versions = 4.3.9.1...

6.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 1 hour ago6 views

WordPress Custom Payment Gateways for WooCommerce plugin <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Azril Fathoni kiseki - Heroes Cyber Security in WordPress Plugin Custom Payment Gateways for WooCommerce versions = 2.1.0...

7.2CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 1 hour ago6 views

WordPress WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin <= 8.4.9 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin ChatBot versions = 8.4.9...

7.2CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 hours ago6 views

WordPress WP Google Review Slider plugin <= 18.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin WP Google Review Slider versions = 18.1...

6.1CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 hours ago5 views

WordPress Webmention plugin <= 5.8.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Volodymyr Kolesnykov in WordPress Plugin Webmention versions = 5.8.0...

7.2CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 hours ago7 views

WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by suyoung kimAhnLab - AhnLab in WordPress Plugin Ninja Forms versions = 3.14.1...

7.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 hours ago5 views

WordPress BookingPress Appointment Booking Pro plugin <= 5.7.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin BookingPress Appointment Booking Pro versions = 5.7.1...

7.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 hours ago6 views

WordPress WP-BusinessDirectory – Business directory plugin for WordPress plugin <= 4.0.1 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP-BusinessDirectory versions = 4.0.1...

9.1CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 hours ago4 views

WordPress Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin <= 5.0.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by d.v4ns3c in WordPress Plugin Taskbuilder versions = 5.0.8...

6.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 hours ago7 views

WordPress Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin <= 5.0.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Catalin Oancea 0x4D5A in WordPress Plugin Taskbuilder versions = 5.0.8...

6.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 3 hours ago5 views

WordPress Visualizer – Tables & Charts Manager with Built-in AI Generator plugin <= 4.0.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Niv Kochan in WordPress Plugin Visualizer versions = 4.0.3...

7.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 3 hours ago5 views

WordPress SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin <= 3.9.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by ? in WordPress Plugin SMS Alert Order Notifications versions = 3.9.5...

9.8CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 3 hours ago6 views

WordPress Video Gallery – YouTube Gallery, Playlist & Video Grid plugin <= 4.0.3 - Authenticated (Subscriber+) Arbitrary Function Call vulnerability

Authenticated Subscriber+ Arbitrary Function Call vulnerability discovered by PRISM in WordPress Plugin YouTube Showcase versions = 4.0.3...

7.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday3 views

WordPress WP Photo Album Plus plugin <= 9.1.13.005 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Photo Album Plus versions = 9.1.13.005...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress MotoPress Appointment Booking plugin <= 2.4.5 - Authenticated (Staff+) SQL Injection vulnerability

Authenticated Staff+ SQL Injection vulnerability discovered by MatilJ in WordPress Plugin MotoPress Appointment Booking versions = 2.4.5...

6.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation vulnerability

Cross-Site Request Forgery to Privilege Escalation vulnerability discovered by ? in WordPress Plugin RegistrationMagic versions = 6.0.9.1...

8.8CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure vulnerability

Authenticated Contributor+ Insufficient Authorization to Private Content Disclosure vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Slim SEO versions = 4.9.8...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Qi Blocks plugin <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification vulnerability

Insecure Direct Object Reference to Authenticated Author+ Arbitrary Style Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Qi Blocks versions = 1.4.9...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Motors – Car Dealership & Classified Listings Plugin plugin <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Meta Modification vulnerability discovered by Michael Perla vizen5 - clixhouse in WordPress Plugin Motors versions = 1.4.111...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin <= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin LearnPress versions = 4.4.0...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Download Manager plugin <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin Download Manager versions = 3.3.60...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.15.3 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by javitoia in WordPress Plugin GiveWP versions = 4.15.3...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Appointment Booking Calendar plugin <= 1.4.02 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by PRISM in WordPress Plugin Appointment Booking Calendar versions = 1.4.02...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday3 views

WordPress WPForms – AI Form Builder for WordPress – Contact Forms, Payment Forms, Survey Form, Quiz & More plugin <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection vulnerability

Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Contact Form by WPForms versions = 1.10.2...

5.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday3 views

WordPress JetWidgets For Elementor plugin <= 1.0.21 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin JetWidgets For Elementor versions = 1.0.21...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Event Organiser plugin <= 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Event Organiser versions = 3.12.9...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress FV Flowplayer Video Player plugin <= 7.5.51.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin FV Flowplayer Video Player versions = 7.5.51.7212...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday3 views

WordPress Kali Forms — Contact Form & Drag-and-Drop Builder plugin <= 2.4.13 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Kali Forms versions = 2.4.13...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Tutor LMS – eLearning and online course solution plugin <= 3.9.13 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by skyv3il - aisafe.io in WordPress Plugin Tutor LMS versions = 3.9.13...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday2 views

WordPress Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin <= 3.7.7 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Optimizer Data Deletion/Read/Modification vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Optimizer Data Deletion/Read/Modification vulnerability discovered by se1en in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.7.7...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday3 views

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.16.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by AmonRa in WordPress Plugin GiveWP versions = 4.16.0...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress JoomSport – for Sports: Team & League, Football, Hockey & more plugin <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Deletion vulnerability

Authenticated Subscriber+ Missing Authorization to Arbitrary Group Deletion vulnerability discovered by ? in WordPress Plugin JoomSport versions = 5.7.8...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday9 views

WordPress Ajax Load More - Filters plugin <= 3.4.1 - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability

WordPress Ajax Load More - Filters plugin = 3.4.1 - Filters = 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by jonathan dunn in WordPress Plugin Ajax Load More - Filters versions = 3.4.1...

7.2CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday24 views

WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting vulnerability

Authenticated Custom+ Stored Cross-Site Scripting vulnerability discovered by hackthesoul - TossBank in WordPress Plugin Dokan versions = 5.0.4...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday54 views

WordPress Frisbii Pay plugin <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Payment Token Modification vulnerability discovered by momopon1415 in WordPress Plugin Frisbii Pay versions = 1.8.9...

6.5CVSS5.8AI score0.00276EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress MaxButtons – Create buttons plugin <= 9.8.5 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin MaxButtons versions = 9.8.5...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress EventON (Pro) - WordPress Virtual Event Calendar Plugin plugin <= 5.0.11 - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection vulnerability

WordPress EventON Pro - WordPress Virtual Event Calendar Plugin plugin = 5.0.11 - WordPress Virtual Event Calendar Plugin = 5.0.11 - Unauthenticated Blind SQL Injection vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin EventON versions = 5.0.11...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday9 views

WordPress Export User Data plugin <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion vulnerability

Authenticated Subscriber+ PHP Object Injection to Arbitrary File Deletion vulnerability discovered by Webbernaut in WordPress Plugin Export User Data versions = 2.2.6...

8CVSS5.8AI score0.00341EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday7 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.9.5 - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability

User Profiles, Groups and Communities plugin = 5.9.9.5 - User Profiles, Groups and Communities = 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability discovered by Ivan Kuzymchak - Wordfence in WordPress Plugin ProfileGrid versions = 5.9.9.5...

9.8CVSS5.8AI score0.0031EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Frontend File Manager plugin plugin <= 23.6 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by sorawautsukushiii in WordPress Plugin Frontend File Manager versions = 23.6...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday2 views

WordPress Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin <= 3.7.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Attachment Creation vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Media Attachment Creation vulnerability discovered by se1en in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.7.7...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress Editorial Rating – Product Review & Rating System plugin <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin Editorial Rating – Product Review & Rating System versions = 4.0.5...

4.4CVSS5.8AI score0.0024EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress Premium Addons for KingComposer plugin <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Premium Addons for KingComposer versions = 1.1.1...

5.3CVSS5.8AI score0.00239EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago4 views

WordPress PixMagix – WordPress Image Editor plugin <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' Parameter vulnerability

Authenticated Author+ Path Traversal in 'layers.id' Parameter vulnerability discovered by devploit in WordPress Plugin PixMagix WordPress Image Editor versions = 1.7.2...

6.5CVSS5.8AI score0.00541EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress Plugin for Google Analytics by IO technologies plugin <= 1.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Plugin for Google Analytics by IO technologies versions = 1.1...

4.3CVSS5.8AI score0.00102EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress Team Members – Multi Language Supported Team Plugin plugin <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by AveronSec - Averon Security in WordPress Plugin Team Member versions = 8.7...

4.4CVSS5.8AI score0.00212EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago7 views

WordPress Werkstatt theme <= 4.7.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Werkstatt versions = 4.7.2...

5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2 days ago7 views

WordPress Werkstatt theme <= 4.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Werkstatt versions = 4.7.2...

5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2 days ago6 views

WordPress Martfury - WooCommerce Marketplace WordPress theme theme <= 3.2.8 - Broken Access Control vulnerability

WordPress Martfury - WooCommerce Marketplace WordPress theme theme = 3.2.8 - Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Martfury - WooCommerce Marketplace WordPress Theme versions = 3.2.8...

5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2 days ago6 views

WordPress TheFox theme <= 3.9.70 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme TheFox versions = 3.9.70...

5.8AI score
Exploits0Affected Software1
Total number of security vulnerabilities46571