Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
36,406
Mitigations
Mitigation rules
13,389
No official fix
10,331
In triage
1,165
Published soon
32
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Quote Comments
<= 3.0.0
Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update vulnerability
5.4
2 minutes ago
Newsletter Email Subscribe
<= 2.4
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
4 minutes ago
Simple User Meta Editor
<= 1.0.0
Authenticated (Administrator+) Stored Cross-Site Scripting via User Meta Value Field vulnerability
5.9
16 minutes ago
twinklesmtp
<= 1.03
WordPress twinklesmtp - Email Service Provider For WordPress plugin <= 1.03 - Authenticated (Administrator+) Stored Cross-Site Scripting via Sender Settings vulnerability
5.9
24 minutes ago
HelpDesk contact form
<= 1.1.5
Cross-Site Request Forgery to Settings Update via handle_query_args vulnerability
4.3
27 minutes ago
NS Ie Compatibility Fixer
<= 2.1.5
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
28 minutes ago
AMP for WP
<= 1.1.9
WordPress AMP for WP - Accelerated Mobile Pages plugin <= 1.1.9 - Cross-Site Request Forgery to Comment Submission vulnerability
4.3
39 minutes ago
WP-Members
<= 3.5.4.4
Unauthenticated Information Exposure via Unprotected Files vulnerability
5.3
47 minutes ago
Quiz And Survey Master
<= 10.3.1
Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads vulnerability
6.5
12 hours ago
Xagio SEO
<= 7.1.0.30
Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
6.4
12 hours ago
Timetics
<= 1.0.36
Missing Authorization to Unauthenticated Booking Details View And Modification vulnerability
6.5
14 hours ago
Simply Schedule Appointments
<= 1.6.9.5
Unauthenticated Sensitive Information Exposure vulnerability
6.5
14 hours ago
CBX Bookmark & Favorite
<= 2.0.4
Authenticated (Subscriber+) SQL Injection via `orderby` Parameter vulnerability
8.5
14 hours ago
ForumWP
<= 2.1.6
Authenticated (Subscriber+) Stored Cross-Site Scripting via Display Name vulnerability
6.5
14 hours ago
FS Registration Password
<= 1.0.1
Unauthenticated Privilege Escalation via Account Takeover vulnerability
9.8
15 hours ago
BuddyPress Xprofile Custom Field Types
<= 1.2.8
Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
7.7
15 hours ago
FastDup
<= 2.7
Authenticated (Contributor+) Path Traversal via 'dir_path' REST Parameter vulnerability
6.5
15 hours ago
AS Password Field In Default Registration Form
<= 2.0.0
Unauthenticated Privilege Escalation via Account Takeover vulnerability
9.8
16 hours ago
Download Manager
<= 3.3.40
Unauthenticated Limited Privilege Escalation via updatePassword vulnerability
7.3
16 hours ago
Quiz And Survey Master
<= 10.3.1
Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion vulnerability
5.4
23 hours ago
Load more