Report details

On the report details page, you can see all the details regarding this particular vulnerability.

General information

At the top section, you can see the current status of this vulnerability, the Patchstack patch priority rating, and which versions of your software are affected by this vulnerability. Patchstack uses different icons throughout the platform, you can read more about the icons definitions here.

Under that, you can see the CVSS score for this entry, with an explanatory message of what makes this finding a vulnerability.

On the right side, it shows the date when this vulnerability was published.

How to reproduce

To see how this vulnerability can be exploited, scroll down to the section called How to reproduce. The researchers post the details there, sometimes with screenshots or videos attached.

How to disclose

You can upload the fixed version of your software straight from this page. Scroll to How to disclose section of the page, to upload the .zip file of your software/code. Alternatively, you can send us a link to your code, by clicking Link to fix at the top of this page.

To read more about uploading the security fix, and how the process works in general, check this article.

Disclosure details

The last section shows all the following details:

• Software name
• Vulnerable versions
• OWASP Top 10 - vulnerability type by OWASP Top 10 classification
• Type - whether the software type is a plugin or a theme
• Classification - vulnerability class
• Patch priority - level of priority regarding patching (low / medium / high)
• CVE ID - unique ID number for identifying this vulnerability in the Common Vulnerabilities and Exposures database
• CVSS severity - the Common Vulnerability Scoring System rating
• Required privilege - which is the minimum user role necessary to perform the attack
• Developer - name of the vendor
• Credits - name of the researcher who reported this vulnerability