Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,005
Mitigations
Mitigation rules
14,482
No official patch
11,198
In triage
1,536
Published soon
3
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Meta Box – WordPress Custom Fields Framework
<= 5.11.1
Authenticated (Contributor+) Arbitrary File Deletion vulnerability
7.2
8 hours ago
WP RSS Aggregator
<= 5.0.11
WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage vulnerability
7.1
8 hours ago
WP App Bar
<= 1.5
Unauthenticated Stored Cross-Site Scripting via 'app-bar-features' Parameter vulnerability
7.1
8 hours ago
Paid Videochat Turnkey Site
<= 7.3.20
WordPress Paid Videochat Turnkey Site - HTML5 PPV Live Webcams plugin <= 7.3.20 - Authenticated (Author+) Privilege Escalation vulnerability
7.2
8 hours ago
JS Archive List
<= 6.1.7
Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute vulnerability
7.5
9 hours ago
CM Custom WordPress Reports and Analytics
<= 1.2.7
Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters vulnerability
7.1
9 hours ago
ZIP Code Based Content Protection
<= 1.0.2
Unauthenticated SQL Injection via 'zipcode' Parameter vulnerability
9.3
9 hours ago
LotekMedia Popup Form
<= 1.0.6
Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
5.9
2 days ago
True Ranker
<= 2.2.9
Cross-Site Request Forgery to Unauthorized True Ranker Disconnection vulnerability
4.3
2 days ago
Carta Online
<= 2.13.0
Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
5.9
2 days ago
Infomaniak Connect for OpenID
<= 1.0.2
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
2 days ago
Font Pairing Preview For Landing Pages
<= 1.3
Cross-Site Request Forgery to Settings Update vulnerability
4.3
2 days ago
Show YouTube video
<= 1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability
6.5
2 days ago
Purchase Button For Affiliate Link
<= 1.0.2
Cross-Site Request Forgery to Settings Update vulnerability
4.3
2 days ago
DA Media GigList
<= 1.9.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'list_title' Shortcode Attribute vulnerability
6.5
2 days ago
Consensus Embed
<= 1.6
Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability
6.5
2 days ago
Media Library Alt Text Editor
<= 1.0.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute vulnerability
6.5
2 days ago
The Guardian News Feed
<= 1.2
Cross-Site Request Forgery to Settings Update vulnerability
4.3
2 days ago
MyQtip – easy qTip2
<= 2.0.5
WordPress MyQtip - easy qTip2 plugin <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
2 days ago
Wueen
<= 0.2.0
Authenticated (Contributor+) Stored Cross-Site Scripting via plugin's Shortcode vulnerability
6.5
2 days ago
Load more