The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total40,161

MitigationsMitigation rules14,973

No official patch11,320

In triage1,389

Published soon22

StatsWordPress stats

CVSS0

10

Mitigation available

Exploited

Affected software \| Vulnerability	Risk					Disclosed
Betheme<= 28.1.6 Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_title' vulnerability	6.5					08/10/2025
Betheme<= 28.2 Cross Site Scripting (XSS) vulnerability	6.5					06/10/2025
Betheme<= 28.1.3 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5					05/08/2025
Betheme<= 28.0.3 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5					15/04/2025
Betheme<= 27.6.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability	6.5					21/01/2025
Betheme<= 27.5.5 Authenticated (Author+) Stored Cross-Site Scripting via SVG File vulnerability	6.5					13/09/2024
Betheme<= 27.5.6 Authenticated (Contributor+) PHP Object Injection vulnerability	8.5					30/08/2024
Betheme<= 27.5.6 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5					30/08/2024
Betheme<= 27.1.1 Contributor+ Broken Access Control vulnerability	7.6					14/11/2023
Betheme<= 27.1.1 Author+ Broken Access Control vulnerability	8.2					10/08/2023
Betheme<= 26.7.5 Reflected Cross Site Scripting (XSS) vulnerability	7.1					13/04/2023
Betheme<= 26.6.1 Broken Access Control vulnerability	6.3					21/11/2022
Betheme<= 26.6.1 Broken Access Control vulnerability	4.3					21/11/2022
Betheme<= 26.6.1 Broken Access Control vulnerability	5.4					21/11/2022
Betheme<= 26.6.1 Broken Access Control vulnerability	5.4					21/11/2022
Betheme<= 26.6.1 Broken Access Control vulnerability	4.3					21/11/2022
Betheme<= 26.6.1 Auth. Stored Cross-Site Scripting (XSS) vulnerability	5.4					21/11/2022
Betheme<= 26.5.1.4 Auth. PHP Object Injection vulnerability	6.3					17/11/2022