Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,619
Mitigations
Mitigation rules
14,787
No official patch
11,271
In triage
1,502
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Instant Popup Builder
<= 1.1.7
Unauthenticated Arbitrary Shortcode Execution via 'token' Parameter vulnerability
5.3
Mar 19, 2026
Popup Builder
<= 4.4.2
Improper Authorization to Unauthenticated Subscriber Removal via Predictable Tokens vulnerability
5.3
Feb 18, 2026
PopupKit
<= 2.2.0
Unauthenticated SQL Injection via Multiple REST API Endpoints vulnerability
7.6
Feb 4, 2026
ConvertForce Popup Builder
<= 0.0.7
Stored Cross-Site Scripting via entrance_animation vulnerability
5.9
Jan 30, 2026
Popup Builder
<= 4.4.1
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
Dec 13, 2025
Popup Builder
<= 1.1.37
Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Settings Reset vulnerability
5.4
Dec 13, 2025
PopupKit
<= 2.1.4
Unauthenticated Server-Side Request Forgery vulnerability
7.2
Oct 24, 2025
WP Popup Builder
<= 1.3.8
Sensitive Data Exposure vulnerability
5.3
Sep 27, 2025
Popup Builder
<= 1.1.35
Local File Inclusion Vulnerability
7.5
Apr 22, 2025
Popup Builder
<= 1.1.33
Cross Site Scripting (XSS) vulnerability
6.5
Feb 22, 2025
Pretty Simple Popup Builder
<= 1.0.9
Stored Cross Site Scripting (XSS) vulnerability
5.9
Jan 3, 2025
Popup Builder
< 4.3.5
Admin+ Stored XSS vulnerability
5.9
Dec 12, 2024
Matix Popup Builder
<= 1.0.0
Arbitrary Option Update to Privilege Escalation vulnerability
9.8
Nov 11, 2024
WP Popup Builder
<= 1.3.5
Unauthenticated Arbitrary Shortcode Execution vulnerability
7.9
Oct 15, 2024
Depicter Slider
<= 3.2.2
Cross Site Scripting (XSS) vulnerability
5.9
Sep 30, 2024
Popup Builder
<= 4.3.6
Sensitive Information Exposure via Imported Subscribers CSV File vulnerability
5.3
Aug 29, 2024
Depicter Slider
<= 3.1.2
Cross Site Scripting (XSS) vulnerability
5.9
Aug 7, 2024
Pretty Simple Popup Builder
<= 1.0.9
Cross Site Scripting (XSS) vulnerability
5.9
Jul 22, 2024
WP Popups
<= 2.2.0.1
Unauthenticated Full Path Disclosure vulnerability
5.3
Jul 12, 2024
Popup Builder
<= 4.3.1
Missing Authorization and Nonce Exposure vulnerability
6.3
Jun 14, 2024
Load more