Patreon Wordpress Security Vulnerabilities and Issues — Patreon Wordpress CVE List

Lucene search

PatreonPatreon Wordpress

10 matches found

CVE•added 2023/11/18 11:15 p.m.•108 views

CVE-2023-41129

Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6.

8.8CVSS6.3AI score0.00137EPSS

CVE•added 2022/03/14 3:15 p.m.•75 views

CVE-2021-25026

The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

5.5CVSS5AI score0.00185EPSS

CVE•added 2024/07/09 11:15 a.m.•47 views

CVE-2024-37430

Authentication Bypass by Spoofing vulnerability in Patreon Patreon WordPress allows Functionality Misuse.This issue affects Patreon WordPress: from n/a through 1.9.0.

5.3CVSS5.8AI score0.00119EPSS

CVE•added 2021/04/12 2:15 p.m.•45 views

CVE-2021-24227

The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and...

7.5CVSS7.4AI score0.33001EPSS

CVE•added 2025/01/24 6:15 p.m.•37 views

CVE-2025-24588

Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1.

6.5CVSS6.5AI score0.00114EPSS

CVE•added 2019/08/22 2:15 p.m.•36 views

CVE-2018-20984

The patreon-connect plugin before 1.2.2 for WordPress has Object Injection.

9.8CVSS9.4AI score0.00795EPSS

CVE•added 2021/04/12 2:15 p.m.•32 views

CVE-2021-24229

The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is ac...

9.6CVSS8.7AI score0.00635EPSS

CVE•added 2021/04/12 2:15 p.m.•32 views

CVE-2021-24231

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.

6.5CVSS6.4AI score0.00089EPSS

CVE•added 2021/04/12 2:15 p.m.•28 views

CVE-2021-24228

The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form (wp-login.php) is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of...

9.6CVSS8.7AI score0.00861EPSS

CVE•added 2021/04/12 2:15 p.m.•28 views

CVE-2021-24230

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite the...

8.1CVSS8.1AI score0.0012EPSS