Lucene search
K
PatchstackRecent

46606 matches found

Patchstack
Patchstack
added 2 hours ago6 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.16...

6.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2 hours ago5 views

WordPress HubSpot plugin <= 11.3.51 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin HubSpot versions = 11.3.51...

7.4CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 3 hours ago2 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.12 - CSRF to Arbitrary File Deletion vulnerability

CSRF to Arbitrary File Deletion vulnerability discovered by VDsec in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.12...

7.4CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 3 hours ago3 views

WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Enable Media Replace versions = 4.2.1...

5.9CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 3 hours ago4 views

WordPress ApplyOnline plugin <= 2.6.7.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin ApplyOnline versions = 2.6.7.6...

5.3CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 3 hours ago3 views

WordPress ThumbPress plugin <= 6.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin ThumbPress versions = 6.3.2...

4.3CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 4 hours ago4 views

WordPress Webba Booking plugin <= 6.4.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Webba Booking versions = 6.4.13...

5.3CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 6 hours ago4 views

WordPress PrivateContent plugin <= 9.9.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by 0xd4rk5id3 in WordPress Plugin PrivateContent versions = 9.9.2...

9.8CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 7 hours ago3 views

WordPress LatePoint – Calendar Booking plugin for Appointments and Events plugin <= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator vulnerability

Authenticated Custom+ Privilege Escalation to Administrator vulnerability discovered by d.v4ns3c in WordPress Plugin LatePoint versions = 5.6.3...

8.8CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 7 hours ago4 views

WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.2.2 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Anthony Cihan Hann1bl3L3ct3r - Obviam in WordPress Plugin NEX-Forms versions = 9.2.2...

7.2CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 7 hours ago5 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.12 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.12...

6.1CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 9 hours ago9 views

WordPress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin <= 4.3.9.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Sensitive Information Disclosure vulnerability discovered by javitoia in WordPress Plugin LearnPress versions = 4.3.9.1...

6.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 9 hours ago8 views

WordPress Custom Payment Gateways for WooCommerce plugin <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Azril Fathoni kiseki - Heroes Cyber Security in WordPress Plugin Custom Payment Gateways for WooCommerce versions = 2.1.0...

7.2CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 9 hours ago8 views

WordPress WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin <= 8.4.9 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin ChatBot versions = 8.4.9...

7.2CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 10 hours ago7 views

WordPress WP Google Review Slider plugin <= 18.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin WP Google Review Slider versions = 18.1...

6.1CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 10 hours ago7 views

WordPress Webmention plugin <= 5.8.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Volodymyr Kolesnykov in WordPress Plugin Webmention versions = 5.8.0...

7.2CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 10 hours ago11 views

WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by suyoung kimAhnLab - AhnLab in WordPress Plugin Ninja Forms versions = 3.14.1...

7.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 10 hours ago7 views

WordPress BookingPress Appointment Booking Pro plugin <= 5.7.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin BookingPress Appointment Booking Pro versions = 5.7.1...

7.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 10 hours ago8 views

WordPress WP-BusinessDirectory – Business directory plugin for WordPress plugin <= 4.0.1 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP-BusinessDirectory versions = 4.0.1...

9.1CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 10 hours ago5 views

WordPress Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin <= 5.0.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by d.v4ns3c in WordPress Plugin Taskbuilder versions = 5.0.8...

6.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 11 hours ago9 views

WordPress Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin <= 5.0.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Catalin Oancea 0x4D5A in WordPress Plugin Taskbuilder versions = 5.0.8...

6.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 11 hours ago7 views

WordPress Visualizer – Tables & Charts Manager with Built-in AI Generator plugin <= 4.0.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Niv Kochan in WordPress Plugin Visualizer versions = 4.0.3...

7.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 11 hours ago6 views

WordPress SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin <= 3.9.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by ? in WordPress Plugin SMS Alert Order Notifications versions = 3.9.5...

9.8CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 11 hours ago7 views

WordPress Video Gallery – YouTube Gallery, Playlist & Video Grid plugin <= 4.0.3 - Authenticated (Subscriber+) Arbitrary Function Call vulnerability

Authenticated Subscriber+ Arbitrary Function Call vulnerability discovered by PRISM in WordPress Plugin YouTube Showcase versions = 4.0.3...

7.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress WP Photo Album Plus plugin <= 9.1.13.005 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Photo Album Plus versions = 9.1.13.005...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress MotoPress Appointment Booking plugin <= 2.4.5 - Authenticated (Staff+) SQL Injection vulnerability

Authenticated Staff+ SQL Injection vulnerability discovered by MatilJ in WordPress Plugin MotoPress Appointment Booking versions = 2.4.5...

6.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation vulnerability

Cross-Site Request Forgery to Privilege Escalation vulnerability discovered by ? in WordPress Plugin RegistrationMagic versions = 6.0.9.1...

8.8CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure vulnerability

Authenticated Contributor+ Insufficient Authorization to Private Content Disclosure vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Slim SEO versions = 4.9.8...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Qi Blocks plugin <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification vulnerability

Insecure Direct Object Reference to Authenticated Author+ Arbitrary Style Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Qi Blocks versions = 1.4.9...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Motors – Car Dealership & Classified Listings Plugin plugin <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Meta Modification vulnerability discovered by Michael Perla vizen5 - clixhouse in WordPress Plugin Motors versions = 1.4.111...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin <= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin LearnPress versions = 4.4.0...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Download Manager plugin <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin Download Manager versions = 3.3.60...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.15.3 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by javitoia in WordPress Plugin GiveWP versions = 4.15.3...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Appointment Booking Calendar plugin <= 1.4.02 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by PRISM in WordPress Plugin Appointment Booking Calendar versions = 1.4.02...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress WPForms – AI Form Builder for WordPress – Contact Forms, Payment Forms, Survey Form, Quiz & More plugin <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection vulnerability

Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Contact Form by WPForms versions = 1.10.2...

5.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress JetWidgets For Elementor plugin <= 1.0.21 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin JetWidgets For Elementor versions = 1.0.21...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Event Organiser plugin <= 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Event Organiser versions = 3.12.9...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress FV Flowplayer Video Player plugin <= 7.5.51.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin FV Flowplayer Video Player versions = 7.5.51.7212...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Kali Forms — Contact Form & Drag-and-Drop Builder plugin <= 2.4.13 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Kali Forms versions = 2.4.13...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Tutor LMS – eLearning and online course solution plugin <= 3.9.13 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by skyv3il - aisafe.io in WordPress Plugin Tutor LMS versions = 3.9.13...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin <= 3.7.7 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Optimizer Data Deletion/Read/Modification vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Optimizer Data Deletion/Read/Modification vulnerability discovered by se1en in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.7.7...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.16.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by AmonRa in WordPress Plugin GiveWP versions = 4.16.0...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress JoomSport – for Sports: Team & League, Football, Hockey & more plugin <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Deletion vulnerability

Authenticated Subscriber+ Missing Authorization to Arbitrary Group Deletion vulnerability discovered by ? in WordPress Plugin JoomSport versions = 5.7.8...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday9 views

WordPress Ajax Load More - Filters plugin <= 3.4.1 - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability

WordPress Ajax Load More - Filters plugin = 3.4.1 - Filters = 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by jonathan dunn in WordPress Plugin Ajax Load More - Filters versions = 3.4.1...

7.2CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday26 views

WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting vulnerability

Authenticated Custom+ Stored Cross-Site Scripting vulnerability discovered by hackthesoul - TossBank in WordPress Plugin Dokan versions = 5.0.4...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday67 views

WordPress Frisbii Pay plugin <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Payment Token Modification vulnerability discovered by momopon1415 in WordPress Plugin Frisbii Pay versions = 1.8.9...

6.5CVSS5.8AI score0.00276EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress MaxButtons – Create buttons plugin <= 9.8.5 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin MaxButtons versions = 9.8.5...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress EventON (Pro) - WordPress Virtual Event Calendar Plugin plugin <= 5.0.11 - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection vulnerability

WordPress EventON Pro - WordPress Virtual Event Calendar Plugin plugin = 5.0.11 - WordPress Virtual Event Calendar Plugin = 5.0.11 - Unauthenticated Blind SQL Injection vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin EventON versions = 5.0.11...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday9 views

WordPress Export User Data plugin <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion vulnerability

Authenticated Subscriber+ PHP Object Injection to Arbitrary File Deletion vulnerability discovered by Webbernaut in WordPress Plugin Export User Data versions = 2.2.6...

8CVSS5.8AI score0.00341EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday7 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.9.5 - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability

User Profiles, Groups and Communities plugin = 5.9.9.5 - User Profiles, Groups and Communities = 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability discovered by Ivan Kuzymchak - Wordfence in WordPress Plugin ProfileGrid versions = 5.9.9.5...

9.8CVSS5.8AI score0.0031EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46606