Lucene search
K
PatchstackRecent

46606 matches found

Patchstack
Patchstack
added 2026/01/16 9:51 a.m.3 views

WordPress The Aisle theme < 2.9.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Aisle versions 2.9.1...

8.1CVSS7AI score0.00504EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 9:51 a.m.3 views

WordPress Powerlift theme < 3.2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Powerlift versions 3.2.1...

8.1CVSS7AI score0.00504EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 9:44 a.m.6 views

WordPress bidorbuy Store Integrator plugin <= 2.12.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin bidorbuy Store Integrator versions = 2.12.0...

7.1CVSS6.1AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 9:43 a.m.5 views

WordPress WP Mail plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin WP Mail versions = 1.3...

7.1CVSS6.1AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 9:40 a.m.4 views

WordPress Dooodl plugin <= 2.3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Dooodl versions = 2.3.0...

7.1CVSS6.1AI score0.00236EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 9:40 a.m.7 views

WordPress Syntax Highlighter Compress plugin <= 3.0.83.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xVenus in WordPress Plugin Syntax Highlighter Compress versions = 3.0.83.3...

7.1CVSS6.1AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 9:38 a.m.8 views

WordPress Quote Master plugin <= 7.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xVenus in WordPress Plugin Quote Master versions = 7.1.1...

7.1CVSS6.1AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 9:37 a.m.5 views

WordPress Antideo Email Validator plugin <= 1.0.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Antideo Email Validator versions = 1.0.10...

7.5CVSS8.1AI score0.00331EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 8:56 a.m.3 views

WordPress Turn Yoast SEO FAQ Block to Accordion plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Turn Yoast SEO FAQ Block to Accordion versions = 1.0.6...

5.4CVSS5.4AI score0.00204EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 8:16 a.m.5 views

WordPress Tickera plugin <= 3.5.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Tickera versions = 3.5.6.2...

6.5CVSS7AI score0.00333EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 8:15 a.m.5 views

WordPress Eli's WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Elis WordCents adSense Widget with Analytics versions = 1.3.03.27...

6.1AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 8:11 a.m.8 views

WordPress onepay Payment Gateway For WooCommerce plugin <= 1.1.2 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by NumeX in WordPress Plugin onepay Payment Gateway For WooCommerce versions = 1.1.2...

6.5CVSS6.9AI score0.00215EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 7:44 a.m.5 views

WordPress Element Invader – Template Kits for Elementor plugin <= 1.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Element Invader Template Kits for Elementor versions = 1.2.4...

4.3CVSS5.4AI score0.00202EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 7:32 a.m.6 views

WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.10 - Reflected Cross-Site Scripting via className vulnerability

WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin = 5.0.10 - Reflected Cross-Site Scripting via className vulnerability discovered by Deadbee - NA in WordPress Plugin WP RSS Aggregator versions = 5.0.10...

6.1CVSS6.4AI score0.00172EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/16 7:14 a.m.4 views

WordPress Client Portal plugin <= 1.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Client Portal versions = 1.2.1...

4.3CVSS5.4AI score0.00185EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/16 7:0 a.m.7 views

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability

WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin = 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability discovered by shark3y in WordPress Plugin Awesome Support versions = 6.3.6...

6.5CVSS7AI score0.00363EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/16 6:41 a.m.10 views

WordPress Supreme Modules Lite plugin <= 2.5.62 - Authenticated (Author+) Arbitrary File Upload via JSON Upload Bypass vulnerability

Authenticated Author+ Arbitrary File Upload via JSON Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin Supreme Modules Lite versions = 2.5.62...

8.8CVSS7.1AI score0.00505EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/16 6:38 a.m.9 views

WordPress AffiliateX plugin 1.0.0-1.3.9.3 - Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting

Authenticated Subscriber+ Missing Authorization to Stored Cross-Site Scripting vulnerability discovered by kr0d in WordPress Plugin AffiliateX versions 1.0.0-1.3.9.3...

6.4CVSS5.8AI score0.00166EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/16 6:36 a.m.8 views

WordPress Membership Plugin - Restrict Content plugin <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure vulnerability

WordPress Membership Plugin - Restrict Content plugin = 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure vulnerability discovered by andrea bocchetti in WordPress Plugin Restrict Content versions = 3.2.16...

8.2CVSS7AI score0.00419EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/16 5:43 a.m.4 views

WordPress AWP Classifieds plugin <= 4.4.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Phat RiO in WordPress Plugin AWP Classifieds versions = 4.4.3...

5.3CVSS5.5AI score0.00305EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 11:38 p.m.7 views

WordPress Cost Calculator Builder plugin <= 3.6.9 - Missing Authorization to Unauthenticated Payment Status Bypass vulnerability

Missing Authorization to Unauthenticated Payment Status Bypass vulnerability discovered by andrea bocchetti in WordPress Plugin Cost Calculator Builder versions = 3.6.9...

5.3CVSS7AI score0.00327EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/15 11:37 p.m.6 views

WordPress User Submitted Posts plugin <= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'uspaccess' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin User Submitted Posts versions = 20260110...

6.4CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/15 11:30 p.m.5 views

WordPress LEAV Last Email Address Validator plugin <= 1.7.1 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin LEAV Last Email Address Validator versions = 1.7.1...

4.3CVSS7AI score0.00131EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/15 11:21 p.m.8 views

WordPress Related Posts by Taxonomy plugin <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'related_posts_by_tax' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'relatedpostsbytax' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Related Posts by Taxonomy versions = 2.7.6...

6.4CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/15 11:17 p.m.6 views

WordPress DK PDF - WordPress PDF Generator plugin <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery vulnerability

WordPress DK PDF - WordPress PDF Generator plugin = 2.3.0 - Authenticated Author+ Server-Side Request Forgery vulnerability discovered by WordFence in WordPress Plugin DK PDF – WordPress PDF Generator versions = 2.3.0...

5CVSS7.1AI score0.00242EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/15 11:14 p.m.6 views

WordPress Rede Itaú for WooCommerce - Payment PIX, Credit Card and Debit plugin <= 5.1.2 - Unauthenticated Order Status Manipulation vulnerability

WordPress Rede Itaú for WooCommerce - Payment PIX, Credit Card and Debit plugin = 5.1.2 - Unauthenticated Order Status Manipulation vulnerability discovered by Os in WordPress Plugin Rede Itaú for WooCommerce versions = 5.1.2...

5.3CVSS7AI score0.00148EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/15 11:14 p.m.8 views

WordPress Rede Itaú for WooCommerce plugin <= 5.1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Os in WordPress Plugin Rede Itaú for WooCommerce versions = 5.1.5...

5.3CVSS5.2AI score0.0029EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/15 11:11 p.m.5 views

WordPress All in One SEO - Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosure vulnerability

WordPress All in One SEO - Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin = 4.9.2 - Missing Authorization to Authenticated Contributor+ AI Access Token and Credit Disclosure vulnerability discovered by NosleeP++ in WordPress Plugin All In One SEO Pack versions = 4.9.2...

4.3CVSS7AI score0.00226EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/15 11:10 p.m.5 views

WordPress Booking Calendar plugin <= 10.14.11 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by shark3y in WordPress Plugin Booking Calendar versions = 10.14.11...

4.3CVSS6.9AI score0.00342EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/15 11:9 p.m.9 views

WordPress Shield Security plugin <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Disable Google Authenticator vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.9...

4.3CVSS7AI score0.00242EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/15 11:5 p.m.7 views

WordPress Kalium plugin <= 3.29 - Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_request vulnerability

Missing Authorization to Unauthenticated Mail Relay via kaliumvccontactformrequest vulnerability discovered by Ahmed Rayen Ayari in WordPress Theme Kalium versions = 3.29...

5.3CVSS7AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/15 9:58 p.m.6 views

WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ZadWon in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...

4.8CVSS5.3AI score0.00218EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 7:41 p.m.5 views

WordPress Fusion Builder plugin <= 3.14.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Fusion Builder versions = 3.14.1...

6.5CVSS5.2AI score0.0013EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 6:7 p.m.7 views

WordPress Zoho CRM Lead Magnet plugin <= 1.8.1.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Zoho CRM Lead Magnet versions = 1.8.1.9...

5.4CVSS5.9AI score0.00265EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 4:40 p.m.5 views

WordPress Related Posts Thumbnails Plugin for WordPress plugin <= 4.3.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Carlos Ferreira in WordPress Plugin Related Posts Thumbnails Plugin for WordPress versions = 4.3.2...

4.7CVSS5.5AI score0.00133EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 3:53 p.m.5 views

WordPress WZone plugin <= 14.0.31 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WZone versions = 14.0.31...

5.4CVSS5.4AI score0.0017EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 1:45 p.m.8 views

WordPress Event Tickets with Ticket Scanner plugin <= 2.8.5 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin Event Tickets with Ticket Scanner versions = 2.8.5...

9CVSS5.9AI score0.00319EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 1:25 p.m.7 views

WordPress LearnPress – Course Review plugin <= 4.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Arif Shaikh in WordPress Plugin LearnPress Course Review versions = 4.1.9...

6.5CVSS5.3AI score0.00133EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 1:24 p.m.7 views

WordPress Event Espresso 4 Decaf plugin <= 5.0.37.decaf - Settings Change vulnerability

Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin Event Espresso 4 Decaf versions = 5.0.37.decaf...

6.5CVSS7AI score0.00344EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 12:34 p.m.4 views

WordPress Biagiotti theme < 3.5.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Biagiotti versions 3.5.2...

8.1CVSS7AI score0.00561EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 12:9 p.m.5 views

WordPress WDV One Page Docs plugin <= 1.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin WDV One Page Docs versions = 1.2.4...

6.5CVSS6.8AI score0.00242EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 12:6 p.m.4 views

WordPress Shown Connector plugin <= 1.2.10 - Settings Change vulnerability

Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin Shown Connector versions = 1.2.10...

6.5CVSS7AI score0.00318EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 12:5 p.m.8 views

WordPress WP Simple Redirect plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin WP Simple Redirect versions = 1.1...

7.1CVSS6.1AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 12:3 p.m.7 views

WordPress Synergy Project Manager plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by mcdruid in WordPress Plugin Synergy Project Manager versions = 1.5...

5.8CVSS6.1AI score0.00148EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 12:1 p.m.3 views

WordPress Infility Global plugin <= 2.14.51 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by mcdruid in WordPress Plugin Infility Global versions = 2.14.51...

7.1CVSS5.9AI score0.00236EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 11:59 a.m.5 views

WordPress Omnichannel for WooCommerce plugin <= 1.3.65 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by guardimo in WordPress Plugin Omnichannel for WooCommerce versions = 1.3.65...

7.1CVSS6.1AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 11:57 a.m.4 views

WordPress WP Test Email plugin <= 1.1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ryan Novotny in WordPress Plugin WP Test Email versions = 1.1.7...

7.1CVSS6.1AI score0.00222EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 11:25 a.m.5 views

WordPress CleverReach® WP plugin <= 1.5.21 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin CleverReach® WP versions = 1.5.21...

9.3CVSS5.9AI score0.00389EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/15 10:49 a.m.8 views

WordPress g-FFL Checkout plugin <= 2.1.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Plugin g-FFL Checkout versions = 2.1.0...

9.8CVSS7AI score0.00564EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2026/01/15 10:31 a.m.3 views

WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WooCommerce Frontend Manager – Ultimate versions 6.7.7...

5.9AI score0.00347EPSS
Exploits0Affected Software1
Total number of security vulnerabilities46606