Lucene search
K
PatchstackRecent

46606 matches found

Patchstack
Patchstack
•added 2026/01/15 10:22 a.m.•6 views

WordPress Workreap Core plugin <= 3.4.1 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by NAWardRox in WordPress Plugin Workreap Core versions = 3.4.1...

9.8CVSS5.4AI score0.00547EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/15 10:20 a.m.•7 views

WordPress North theme <= 5.7.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme North versions = 5.7.5...

8.1CVSS7AI score0.00549EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/15 10:19 a.m.•13 views

WordPress North theme <= 5.7.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme North versions = 5.7.5...

8.8CVSS7.3AI score0.0037EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/15 10:18 a.m.•6 views

WordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Woocommerce Book Price versions = 1.3...

7AI score0.00467EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/15 8:32 a.m.•7 views

WordPress WP-Members Membership plugin plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields vulnerability discovered by shark3y in WordPress Plugin WP-Members versions = 3.5.4.3...

5.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/15 7:4 a.m.•8 views

WordPress Simply Schedule Appointments plugin <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters vulnerability

Unauthenticated SQL Injection via order and appendwheresql Parameters vulnerability discovered by shark3y in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.9...

7.5CVSS8.1AI score0.00289EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/15 6:37 a.m.•6 views

WordPress Wheel of Life plugin <= 1.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Wheel of Life versions = 1.2.0...

5.3CVSS5.4AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/15 6:18 a.m.•4 views

WordPress Multilanguage by BestWebSoft plugin <= 1.5.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Multilanguage by BestWebSoft versions = 1.5.2...

4.3CVSS5.4AI score0.00255EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/15 5:48 a.m.•6 views

WordPress WPMasterToolKit plugin <= 2.14.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WPMasterToolKit versions = 2.14.0...

4.3CVSS5.4AI score0.00202EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/15 4:11 a.m.•4 views

WordPress NotificationX plugin <= 3.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin NotificationX versions = 3.2.1...

5.3CVSS5.4AI score0.00176EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/15 3:19 a.m.•9 views

WordPress NextMove Lite plugin <= 2.23.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by PPzzAArr in WordPress Plugin NextMove Lite versions = 2.23.0...

5.3CVSS5.4AI score0.00314EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/15 12:19 a.m.•8 views

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.2 - Missing Authorization to Unauthenticated File Deletion vulnerability

Missing Authorization to Unauthenticated File Deletion vulnerability discovered by shark3y in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.2...

7.4CVSS7AI score0.00196EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/14 6:54 p.m.•7 views

WordPress Penci Review plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Review versions = 3.5...

5.4CVSS5.3AI score0.00198EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/14 6:3 p.m.•5 views

WordPress Penci Pay Writer plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Pay Writer versions = 1.5...

5.4CVSS5.3AI score0.00198EPSS
Exploits1Affected Software1
Patchstack
Patchstack
•added 2026/01/14 4:19 p.m.•6 views

WordPress Alma plugin <= 5.16.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan in WordPress Plugin Alma versions = 5.16.1...

5.3CVSS5.4AI score0.00214EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/14 2:6 p.m.•10 views

WordPress List Site Contributors plugin <= 1.1.8 - Reflected Cross-Site Scripting via alpha vulnerability

Reflected Cross-Site Scripting via alpha vulnerability discovered by 0x34rth in WordPress Plugin List Site Contributors versions = 1.1.8...

6.1CVSS6.3AI score0.00693EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2026/01/14 2:1 p.m.•4 views

WordPress AJS Footnotes plugin <= 1.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by 0x34rth in WordPress Plugin AJS Footnotes versions = 1.0...

7.2CVSS5.8AI score0.00275EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/14 1:53 p.m.•5 views

WordPress Name Directory plugin <= 1.30.3 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability

Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability discovered by zer0gh0st in WordPress Plugin Name Directory versions = 1.30.3...

7.2CVSS5.7AI score0.00325EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/14 1:35 p.m.•4 views

WordPress GeekyBot plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zer0gh0st in WordPress Plugin GeekyBot versions = 1.1.8...

7.2CVSS5.3AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/14 1:23 p.m.•5 views

WordPress Gotham Block Extra Light plugin <= 1.5.0 - Authenticated (Contributor+) Arbitrary File Read via 'ghostban' Shortcode vulnerability

Authenticated Contributor+ Arbitrary File Read via 'ghostban' Shortcode vulnerability discovered by 0x34rth in WordPress Plugin Gotham Block Extra Light versions = 1.5.0...

6.5CVSS7AI score0.00307EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/14 1:18 p.m.•9 views

WordPress Shipping Rate By Cities plugin <= 2.0.0 - Unauthenticated SQL Injection via 'city' Parameter vulnerability

Unauthenticated SQL Injection via 'city' Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Shipping Rate By Cities versions = 2.0.0...

7.5CVSS8.1AI score0.00278EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/14 12:42 p.m.•4 views

WordPress News and Blog Designer Bundle plugin <= 1.1 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin News and Blog Designer Bundle versions = 1.1...

9.8CVSS7AI score0.01336EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
•added 2026/01/14 12:30 p.m.•5 views

WordPress Dreamer Blog theme <= 1.2 - Subscriber+ Arbitrary Plugin Installation vulnerability

Subscriber+ Arbitrary Plugin Installation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Dreamer Blog versions = 1.2...

9.8CVSS7AI score0.00274EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/14 12:16 p.m.•8 views

WordPress Integration Opvius AI for WooCommerce plugin <= 1.3.0 - Unauthenticated Arbitrary File Deletion/Read via Path Traversal vulnerability

Unauthenticated Arbitrary File Deletion/Read via Path Traversal vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Integration Opvius AI for WooCommerce versions = 1.3.0...

9.8CVSS7.1AI score0.00615EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/14 9:36 a.m.•5 views

WordPress Raptive Ads plugin <= 3.10.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Raptive Ads versions = 3.10.0...

5.3CVSS5.4AI score0.00012EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/14 8:24 a.m.•4 views

WordPress Universal Google Adsense and Ads manager plugin <= 1.1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Universal Google Adsense and Ads manager versions = 1.1.8...

5.3CVSS5.4AI score0.00272EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/14 8:22 a.m.•10 views

WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Teemu Saarentaus in WordPress Plugin Modular DS versions = 2.5.1...

10CVSS7AI score0.20631EPSS
Exploits7References1Affected Software1
Patchstack
Patchstack
•added 2026/01/14 8:16 a.m.•6 views

WordPress Simple GDPR Cookie Compliance plugin <= 2.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Simple GDPR Cookie Compliance versions = 2.0.0...

5.3CVSS5.4AI score0.00272EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/14 6:4 a.m.•4 views

WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin X Addons for Elementor versions = 1.0.23...

4.3CVSS5.4AI score0.0025EPSS
Exploits0Affected Software1
Patchstack
Patchstack
•added 2026/01/14 4:31 a.m.•8 views

WordPress DASHBOARD BUILDER plugin <= 1.5.7 - Cross-Site Request Forgery to SQL Injection vulnerability

Cross-Site Request Forgery to SQL Injection vulnerability discovered by omer yeshayahu in WordPress Plugin DASHBOARD BUILDER versions = 1.5.7...

7.1CVSS8AI score0.00132EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 11:27 p.m.•6 views

WordPress WMF Mobile Redirector plugin <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings Parameters vulnerability discovered by 0x34rth in WordPress Plugin WMF Mobile Redirector versions = 1.2...

4.4CVSS5.8AI score0.00249EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 11:26 p.m.•6 views

WordPress Short Link plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Page vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Administration Settings Page vulnerability discovered by 0x34rth in WordPress Plugin Short Link versions = 1.0...

4.4CVSS5.5AI score0.002EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 11:25 p.m.•6 views

WordPress Aplazo Payment Gateway plugin <= 1.4.2 - Missing Authorization to Unauthenticated Order Status Manipulation vulnerability

Missing Authorization to Unauthenticated Order Status Manipulation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Aplazo Payment Gateway versions = 1.4.2...

5.3CVSS7AI score0.00232EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 11:22 p.m.•5 views

WordPress PayHere Payment Gateway plugin for WooCommerce plugin <= 2.3.9 - Missing Authorization to Unauthenticated Order Status Modification vulnerability

Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin PayHere Payment Gateway Plugin for WooCommerce versions = 2.3.9...

5.3CVSS5.4AI score0.00225EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 11:17 p.m.•8 views

WordPress Float Payment Gateway plugin <= 1.1.9 - Improper Authorization to Unauthenticated Order Status Manipulation vulnerability

Improper Authorization to Unauthenticated Order Status Manipulation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Float Payment Gateway versions = 1.1.9...

5.3CVSS7AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 11:15 p.m.•8 views

WordPress WP Allowed Hosts plugin <= 1.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'allowed-hosts' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'allowed-hosts' Parameter vulnerability discovered by 0x34rth in WordPress Plugin WP Allowed Hosts versions = 1.0.8...

4.4CVSS5.8AI score0.002EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 11:14 p.m.•7 views

WordPress LinkedIn SC plugin <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Page vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings Page vulnerability discovered by 0x34rth in WordPress Plugin LinkedIn SC versions = 1.1.9...

4.4CVSS5.5AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 11:10 p.m.•4 views

WordPress Stopwords for comments plugin <= 1.1 - Missing Authorization to Cross-Site Request Forgery vulnerability

Missing Authorization to Cross-Site Request Forgery vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Stopwords for comments versions = 1.1...

4.3CVSS7AI score0.00102EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 11:8 p.m.•6 views

WordPress SocialChamp with WordPress plugin <= 1.3.3 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin SocialChamp with WordPress versions = 1.3.3...

4.3CVSS7AI score0.00124EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 11:6 p.m.•9 views

WordPress Electric Studio Download Counter plugin <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings Parameters vulnerability discovered by 0x34rth in WordPress Plugin Electric Studio Download Counter versions = 2.4...

4.4CVSS5.8AI score0.00207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 11:5 p.m.•6 views

WordPress Perfit WooCommerce plugin <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Perfit WooCommerce versions = 1.0.1...

5.3CVSS7AI score0.00232EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 11:2 p.m.•7 views

WordPress Sosh Share Buttons plugin <= 1.1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Sosh Share Buttons versions = 1.1.0...

4.3CVSS7AI score0.0014EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 10:50 p.m.•5 views

WordPress GetContentFromURL plugin <= 1.0 - Authenticated (Contributor+) Server-Side Request Forgery via 'url' Shortcode Attribute vulnerability

Authenticated Contributor+ Server-Side Request Forgery via 'url' Shortcode Attribute vulnerability discovered by Ivan Cese in WordPress Plugin GetContentFromURL versions = 1.0...

7.2CVSS7.1AI score0.00302EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 10:47 p.m.•9 views

WordPress Gotham Block Extra Light plugin <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via plugin Settings vulnerability discovered by 0x34rth in WordPress Plugin Gotham Block Extra Light versions = 1.5.0...

4.4CVSS5.7AI score0.00189EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 10:46 p.m.•4 views

WordPress Netcash WooCommerce Payment Gateway plugin <= 4.1.3 - Missing Authorization to Unauthenticated Order Status Modification vulnerability

Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Netcash WooCommerce Payment Gateway versions = 4.1.3...

5.3CVSS7AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 10:40 p.m.•7 views

WordPress WPBlogSyn plugin <= 1.0 - Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update vulnerability

Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin WPBlogSyn versions = 1.0...

4.3CVSS7.1AI score0.00102EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 10:39 p.m.•5 views

WordPress Shipping Rates by City for WooCommerce plugin <= 1.0.3 - Authenticated (Shop Manager+) SQL Injection via 'cities' Parameter vulnerability

Authenticated Shop Manager+ SQL Injection via 'cities' Parameter vulnerability discovered by Nguyen Truong Roll - FPT IS in WordPress Plugin Shipping Rates by City for WooCommerce versions = 1.0.3...

4.9CVSS8.1AI score0.00263EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 10:38 p.m.•6 views

WordPress SpiceForms Form Builder plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin SpiceForms Form Builder versions = 1.0...

6.4CVSS5.8AI score0.0019EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 10:34 p.m.•8 views

WordPress Crush.pics Image Optimizer plugin <= 1.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Settings Update vulnerability discovered by ChamlaVic in WordPress Plugin Crush.pics Image Optimizer versions = 1.8.7...

4.3CVSS7AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2026/01/13 10:32 p.m.•5 views

WordPress Real Post Slider Lite plugin <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings vulnerability discovered by 0x34rth in WordPress Plugin Real Post Slider Lite versions = 2.4...

4.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46606