Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,483
Mitigations
Mitigation rules
14,089
No official fix
10,956
In triage
1,240
Published soon
31
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
PopupKit
<= 2.2.0
Unauthenticated SQL Injection via Multiple REST API Endpoints vulnerability
7.6
Feb 4, 2026
ConvertForce Popup Builder
<= 0.0.7
Stored Cross-Site Scripting via entrance_animation vulnerability
5.9
Jan 30, 2026
Popup Builder
<= 4.4.1
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
Dec 13, 2025
Popup Builder
<= 1.1.37
Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Settings Reset vulnerability
5.4
Dec 13, 2025
PopupKit
<= 2.1.4
Unauthenticated Server-Side Request Forgery vulnerability
7.2
Oct 24, 2025
WP Popup Builder
<= 1.3.6
Sensitive Data Exposure vulnerability
5.3
Sep 27, 2025
Popup Builder
<= 1.1.35
Local File Inclusion Vulnerability
7.5
Apr 22, 2025
Popup Builder
<= 1.1.33
Cross Site Scripting (XSS) vulnerability
6.5
Feb 22, 2025
Pretty Simple Popup Builder
<= 1.0.9
Stored Cross Site Scripting (XSS) vulnerability
5.9
Jan 3, 2025
Popup Builder
< 4.3.5
Admin+ Stored XSS vulnerability
5.9
Dec 12, 2024
Matix Popup Builder
<= 1.0.0
Arbitrary Option Update to Privilege Escalation vulnerability
9.8
Nov 11, 2024
WP Popup Builder
<= 1.3.5
Unauthenticated Arbitrary Shortcode Execution vulnerability
7.9
Oct 15, 2024
Depicter Slider
<= 3.2.2
Cross Site Scripting (XSS) vulnerability
5.9
Sep 30, 2024
Popup Builder
<= 4.3.6
Sensitive Information Exposure via Imported Subscribers CSV File vulnerability
5.3
Aug 29, 2024
Depicter Slider
<= 3.1.2
Cross Site Scripting (XSS) vulnerability
5.9
Aug 7, 2024
Pretty Simple Popup Builder
<= 1.0.9
Cross Site Scripting (XSS) vulnerability
5.9
Jul 22, 2024
WP Popups
<= 2.2.0.1
Unauthenticated Full Path Disclosure vulnerability
5.3
Jul 12, 2024
Popup Builder
<= 4.3.1
Missing Authorization and Nonce Exposure vulnerability
6.3
Jun 14, 2024
Popup Builder
<= 4.3.0
Missing Authorization in Multiple AJAX Actions vulnerability
6.3
Jun 14, 2024
Popup Builder
<= 4.2.7
Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability
6.5
Jun 3, 2024
Load more