Lucene search
K
PatchstackRecent

46702 matches found

Patchstack
Patchstack
added yesterday5 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Copy/Upload vulnerability

Unauthenticated Arbitrary File Copy/Upload vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin Contact Form Entries versions = 1.5.1...

6.5CVSS5.8AI score0.00372EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Request a Quote – Quote Forms for Any WordPress Site plugin <= 2.5.5 - Unauthenticated Code Injection vulnerability

Unauthenticated Code Injection vulnerability discovered by Mitchell in WordPress Plugin Request a Quote versions = 2.5.5...

7.5CVSS5.8AI score0.00333EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday7 views

WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.6...

8.8CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by HaiND in WordPress Plugin WP EasyCart versions = 5.9.0...

8.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress Worth The Read plugin <= 1.14.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Worth The Read versions = 1.14.3...

6.5CVSS5.8AI score0.00151EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday7 views

WordPress Upking - Hiking Club WordPress theme theme <= 1.4 - Broken Access Control vulnerability

WordPress Upking - Hiking Club WordPress theme theme = 1.4 - Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Upking - Hiking Club WordPress Theme versions = 1.4...

5.3CVSS6.7AI score0.00265EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday7 views

WordPress The Restaurant theme <= 1.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Restaurant versions = 1.4.1...

5.3CVSS6.7AI score0.00265EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday9 views

WordPress Swiss Toolkit For WP plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Swiss Toolkit For WP versions = 1.4.6...

6.5CVSS5.8AI score0.00151EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Surbma | Yoast SEO Breadcrumb Shortcode versions = 1.2...

6.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Structured Content versions = 1.7.0...

6.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday7 views

WordPress Simple URLs plugin <= 151 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin Simple URLs versions = 151...

5.9CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress SEOWP theme <= 3.12.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by adhikara13 in WordPress Theme SEOWP versions = 3.12.2...

7.1CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress Sendcloud Shipping plugin <= 1.0.30 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Sendcloud Shipping versions = 1.0.30...

5.3CVSS5.9AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress ProfileGrid plugin <= 5.9.9.7 - CSRF to Account Takeover vulnerability

CSRF to Account Takeover vulnerability discovered by dodoh4t in WordPress Plugin ProfileGrid versions = 5.9.9.7...

8.8CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday7 views

WordPress PressGrid - Frontend Publish Reaction & Multimedia theme theme <= 1.3.1 - Broken Access Control vulnerability

WordPress PressGrid - Frontend Publish Reaction & Multimedia theme theme = 1.3.1 - Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PressGrid - Frontend Publish Reaction & Multimedia Theme versions = 1.3.1...

5.3CVSS6.7AI score0.00265EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday8 views

WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by dodoh4t in WordPress Plugin Permalink Manager for WooCommerce versions = 1.0.8.2...

7.1CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by R2D2 in WordPress Plugin pCloud WP Backup versions = 2.0.2...

7.1CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Mosaic Gallery &#8211; Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Mosaic Gallery Advanced Gallery versions = 1.2.0...

6.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...

6.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress Kit (formerly ConvertKit) for WooCommerce plugin <= 2.1.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Kit formerly ConvertKit for WooCommerce versions = 2.1.5...

5.3CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday7 views

WordPress iNET Webkit plugin 1.2.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Evan NR in WordPress Plugin iNET Webkit versions 1.2.4...

8.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress ez Form Calculator Premium plugin <= 2.14.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin ez Form Calculator Premium versions = 2.14.1.2...

5.3CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Fuse Social Floating Sidebar plugin <= 5.4.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Fuse Social Floating Sidebar versions = 5.4.13...

6.5CVSS5.8AI score0.00151EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Admin Tweaks plugin <= 3.3.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Admin Tweaks versions = 3.3.3...

6.5CVSS5.8AI score0.00151EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress SportsPress Pro plugin <= 2.7.29 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by w41bu1 in WordPress Plugin SportsPress Pro versions = 2.7.29...

7.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Shopify plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad in WordPress Plugin Shopify versions = 1.0.0...

7.5CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday5 views

WordPress Booked plugin <= 3.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin Booked versions = 3.0.0...

7.1CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added yesterday7 views

WordPress Ninja Forms - File Uploads plugin <= 3.3.29 - Unauthenticated Arbitrary File Read vulnerability

WordPress Ninja Forms - File Uploads plugin = 3.3.29 - Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.29...

7.5CVSS5.8AI score0.00522EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday6 views

WordPress Perfmatters plugin <= 2.6.4 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin perfmatters versions = 2.6.4...

7.5CVSS5.8AI score0.0082EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday7 views

WordPress WP Review Slider Pro plugin <= 12.7.2 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.7.2...

7.5CVSS5.8AI score0.00374EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday8 views

WordPress Blocksy Companion plugin <= 2.1.46 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion versions = 2.1.46...

5.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday10 views

WordPress Divi Form Builder plugin <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution vulnerability

Unauthenticated Arbitrary File Upload Leading to Remote Code Execution vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Divi Form Builder versions = 5.1.8...

9.8CVSS5.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago4 views

WordPress Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin <= 2.7.6 - Unauthenticated Insecure Direct Object Reference vulnerability

Unauthenticated Insecure Direct Object Reference vulnerability discovered by davidfdzmorilla in WordPress Plugin Wappointment versions = 2.7.6...

5.3CVSS5.8AI score0.00516EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago4 views

WordPress RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin Feedzy versions = 5.2.1...

6.4CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago4 views

WordPress Product Video Gallery for Woocommerce plugin <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting vulnerability discovered by Ravindu Lakmina Munaweera in WordPress Plugin Product Video Gallery for Woocommerce versions = 1.5.1.8...

4.4CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.8 - Authenticated (Custom+) SQL Injection vulnerability

Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Groundhogg versions = 4.5.8...

6.5CVSS5.8AI score0.00441EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress My Calendar – Accessible Event Manager plugin <= 3.7.14 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by ? in WordPress Plugin My Calendar versions = 3.7.14...

5.3CVSS5.8AI score0.00544EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress LatePoint – Calendar Booking Plugin for Appointments and Events plugin <= 5.6.2 - Unauthenticated Insecure Direct Object Reference to Arbitrary Creation vulnerability

Unauthenticated Insecure Direct Object Reference to Arbitrary Creation vulnerability discovered by gidget smith in WordPress Plugin LatePoint versions = 5.6.2...

5.3CVSS5.8AI score0.00671EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Jagadesh Achanta - Independent in WordPress Plugin Kirki versions = 6.0.11...

5.3CVSS5.8AI score0.00495EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago4 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) vulnerability

Missing Authorization to Unauthenticated Arbitrary Email Content Injection Mail Relay / Phishing vulnerability discovered by ? in WordPress Plugin Kirki versions = 6.0.11...

5.3CVSS5.8AI score0.00492EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress JoomSport – for Sports: Team & League, Football, Hockey & more plugin <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification vulnerability

Authenticated Subscriber+ Missing Authorization to Arbitrary Group Creation/Modification vulnerability discovered by ? in WordPress Plugin JoomSport versions = 5.7.8...

4.3CVSS5.8AI score0.00403EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago4 views

WordPress JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.6.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Niv Kochan in WordPress Plugin JetFormBuilder versions = 3.6.3...

5.3CVSS5.8AI score0.00579EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago9 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.16...

6.5CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2 days ago8 views

WordPress HubSpot plugin <= 11.3.51 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin HubSpot versions = 11.3.51...

7.4CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2 days ago4 views

WordPress Image Optimizer – Optimize Images and Convert to WebP or AVIF plugin <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion vulnerability

Authenticated Author+ Arbitrary File Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Image Optimizer by Elementor versions = 1.7.4...

8.1CVSS5.8AI score0.00354EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress Insert Pages plugin <= 3.11.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Insert Pages versions = 3.11.4...

6.4CVSS5.8AI score0.00217EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago4 views

WordPress Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification vulnerability

Missing Authorization to Authenticated Contributor+ Settings Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.27...

4.3CVSS5.8AI score0.00272EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.16.1 - Authenticated (Give Worker+) Stored Cross-Site Scripting vulnerability

Authenticated Give Worker+ Stored Cross-Site Scripting vulnerability discovered by Chirita Catalin-Andrei CC99IE - aisafe.io in WordPress Plugin GiveWP versions = 4.16.1...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago6 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.12 - CSRF to Arbitrary File Deletion vulnerability

CSRF to Arbitrary File Deletion vulnerability discovered by VDsec in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.12...

7.4CVSS5.8AI score0.00124EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Enable Media Replace versions = 4.2.1...

5.9CVSS5.8AI score0.00148EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46702