Lucene search
K
PatchstackRecent

46677 matches found

Patchstack
Patchstack
added 3 hours ago5 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Copy/Upload vulnerability

Unauthenticated Arbitrary File Copy/Upload vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin Contact Form Entries versions = 1.5.1...

6.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 3 hours ago4 views

WordPress Request a Quote – Quote Forms for Any WordPress Site plugin <= 2.5.5 - Unauthenticated Code Injection vulnerability

Unauthenticated Code Injection vulnerability discovered by Mitchell in WordPress Plugin Request a Quote versions = 2.5.5...

7.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 4 hours ago7 views

WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.6...

8.8CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 4 hours ago6 views

WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by HaiND in WordPress Plugin WP EasyCart versions = 5.9.0...

8.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 4 hours ago5 views

WordPress Worth The Read plugin <= 1.14.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Worth The Read versions = 1.14.3...

6.5CVSS5.8AI score0.00151EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 4 hours ago6 views

WordPress Upking - Hiking Club WordPress theme theme <= 1.4 - Broken Access Control vulnerability

WordPress Upking - Hiking Club WordPress theme theme = 1.4 - Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Upking - Hiking Club WordPress Theme versions = 1.4...

5.3CVSS6.7AI score0.00265EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 4 hours ago6 views

WordPress The Restaurant theme <= 1.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Restaurant versions = 1.4.1...

5.3CVSS6.7AI score0.00265EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 4 hours ago5 views

WordPress Swiss Toolkit For WP plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Swiss Toolkit For WP versions = 1.4.6...

6.5CVSS5.8AI score0.00151EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 4 hours ago6 views

WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Surbma | Yoast SEO Breadcrumb Shortcode versions = 1.2...

6.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 4 hours ago5 views

WordPress Simple URLs plugin <= 151 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin Simple URLs versions = 151...

5.9CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 4 hours ago5 views

WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Structured Content versions = 1.7.0...

6.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 4 hours ago6 views

WordPress SEOWP theme <= 3.12.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by adhikara13 in WordPress Theme SEOWP versions = 3.12.2...

7.1CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 4 hours ago6 views

WordPress Sendcloud Shipping plugin <= 1.0.29 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Sendcloud Shipping versions = 1.0.29...

5.3CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 4 hours ago4 views

WordPress ProfileGrid plugin <= 5.9.9.7 - CSRF to Account Takeover vulnerability

CSRF to Account Takeover vulnerability discovered by dodoh4t in WordPress Plugin ProfileGrid versions = 5.9.9.7...

8.8CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 5 hours ago5 views

WordPress PressGrid - Frontend Publish Reaction & Multimedia theme theme <= 1.3.1 - Broken Access Control vulnerability

WordPress PressGrid - Frontend Publish Reaction & Multimedia theme theme = 1.3.1 - Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PressGrid - Frontend Publish Reaction & Multimedia Theme versions = 1.3.1...

5.3CVSS6.7AI score0.00265EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 hours ago6 views

WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by dodoh4t in WordPress Plugin Permalink Manager for WooCommerce versions = 1.0.8.2...

7.1CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 5 hours ago5 views

WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by R2D2 in WordPress Plugin pCloud WP Backup versions = 2.0.2...

7.1CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 5 hours ago5 views

WordPress Mosaic Gallery &#8211; Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Mosaic Gallery Advanced Gallery versions = 1.2.0...

6.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 5 hours ago6 views

WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...

6.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 5 hours ago6 views

WordPress Kit (formerly ConvertKit) for WooCommerce plugin <= 2.1.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Kit formerly ConvertKit for WooCommerce versions = 2.1.5...

5.3CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 5 hours ago7 views

WordPress iNET Webkit plugin 1.2.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Evan NR in WordPress Plugin iNET Webkit versions 1.2.4...

8.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 5 hours ago4 views

WordPress Fuse Social Floating Sidebar plugin <= 5.4.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Fuse Social Floating Sidebar versions = 5.4.13...

6.5CVSS5.8AI score0.00151EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 hours ago4 views

WordPress ez Form Calculator Premium plugin <= 2.14.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin ez Form Calculator Premium versions = 2.14.1.2...

5.3CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 6 hours ago4 views

WordPress Admin Tweaks plugin <= 3.3.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Admin Tweaks versions = 3.3.3...

6.5CVSS5.8AI score0.00151EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 hours ago5 views

WordPress SportsPress Pro plugin <= 2.7.29 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by w41bu1 in WordPress Plugin SportsPress Pro versions = 2.7.29...

7.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 6 hours ago5 views

WordPress Shopify plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad in WordPress Plugin Shopify versions = 1.0.0...

7.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 6 hours ago5 views

WordPress Booked plugin <= 3.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin Booked versions = 3.0.0...

7.1CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 7 hours ago7 views

WordPress Ninja Forms - File Uploads plugin <= 3.3.29 - Unauthenticated Arbitrary File Read vulnerability

WordPress Ninja Forms - File Uploads plugin = 3.3.29 - Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.29...

7.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 7 hours ago6 views

WordPress Perfmatters plugin <= 2.6.4 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin perfmatters versions = 2.6.4...

7.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 7 hours ago6 views

WordPress WP Review Slider Pro plugin <= 12.7.2 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.7.2...

7.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 7 hours ago6 views

WordPress Blocksy Companion plugin <= 2.1.46 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion versions = 2.1.46...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 7 hours ago10 views

WordPress Divi Form Builder plugin <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution vulnerability

Unauthenticated Arbitrary File Upload Leading to Remote Code Execution vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Divi Form Builder versions = 5.1.8...

9.8CVSS5.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin <= 2.7.6 - Unauthenticated Insecure Direct Object Reference vulnerability

Unauthenticated Insecure Direct Object Reference vulnerability discovered by davidfdzmorilla in WordPress Plugin Wappointment versions = 2.7.6...

5.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin Feedzy versions = 5.2.1...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Product Video Gallery for Woocommerce plugin <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting vulnerability discovered by Ravindu Lakmina Munaweera in WordPress Plugin Product Video Gallery for Woocommerce versions = 1.5.1.8...

4.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.8 - Authenticated (Custom+) SQL Injection vulnerability

Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Groundhogg versions = 4.5.8...

6.5CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress My Calendar – Accessible Event Manager plugin <= 3.7.14 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by ? in WordPress Plugin My Calendar versions = 3.7.14...

5.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress LatePoint – Calendar Booking Plugin for Appointments and Events plugin <= 5.6.2 - Unauthenticated Insecure Direct Object Reference to Arbitrary Creation vulnerability

Unauthenticated Insecure Direct Object Reference to Arbitrary Creation vulnerability discovered by gidget smith in WordPress Plugin LatePoint versions = 5.6.2...

5.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Jagadesh Achanta - Independent in WordPress Plugin Kirki versions = 6.0.11...

5.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) vulnerability

Missing Authorization to Unauthenticated Arbitrary Email Content Injection Mail Relay / Phishing vulnerability discovered by ? in WordPress Plugin Kirki versions = 6.0.11...

5.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress JoomSport – for Sports: Team & League, Football, Hockey & more plugin <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification vulnerability

Authenticated Subscriber+ Missing Authorization to Arbitrary Group Creation/Modification vulnerability discovered by ? in WordPress Plugin JoomSport versions = 5.7.8...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.6.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Niv Kochan in WordPress Plugin JetFormBuilder versions = 3.6.3...

5.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday7 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.16...

6.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday7 views

WordPress HubSpot plugin <= 11.3.51 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin HubSpot versions = 11.3.51...

7.4CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Image Optimizer – Optimize Images and Convert to WebP or AVIF plugin <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion vulnerability

Authenticated Author+ Arbitrary File Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Image Optimizer by Elementor versions = 1.7.4...

8.1CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Insert Pages plugin <= 3.11.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Insert Pages versions = 3.11.4...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification vulnerability

Missing Authorization to Authenticated Contributor+ Settings Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.27...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.16.1 - Authenticated (Give Worker+) Stored Cross-Site Scripting vulnerability

Authenticated Give Worker+ Stored Cross-Site Scripting vulnerability discovered by Chirita Catalin-Andrei CC99IE - aisafe.io in WordPress Plugin GiveWP versions = 4.16.1...

6.4CVSS5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.12 - CSRF to Arbitrary File Deletion vulnerability

CSRF to Arbitrary File Deletion vulnerability discovered by VDsec in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.12...

7.4CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Enable Media Replace versions = 4.2.1...

5.9CVSS5.8AI score
Exploits0Affected Software1
Total number of security vulnerabilities46677