Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,619
Mitigations
Mitigation rules
14,787
No official patch
11,271
In triage
1,502
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WordPress
<= 6.9.3
XML External Entity (XXE) vulnerability
6.5
Mar 10, 2026
WordPress
6.9-6.9.3
Broken Access Control in Notes vulnerability
4.3
Mar 10, 2026
WordPress
<= 6.9.1
Missing Authorization to Authenticated (Author+) Sensitive Information Disclosure vulnerability
4.3
Mar 10, 2026
WordPress
6.9-6.9.1
Server-Side Request Forgery (SSRF) vulnerability
5.4
Mar 10, 2026
WordPress
6.9-6.9.1
Cross-Site Scripting vulnerability
5.5
Mar 10, 2026
WordPress
6.9-6.9.1
Stored Cross-Site Scripting
5.9
Mar 10, 2026
WordPress
<= 6.8.2
(Author+) Cross Site Scripting (XSS) Vulnerability
5.9
Sep 22, 2025
WordPress
<= 6.8.2
(Contributor+) Sensitive Data Exposure Vulnerability
4.3
Sep 22, 2025
WordPress
< 6.5.5
Contributor+ Path Traversal (Windows Only) vulnerability
5
Jun 25, 2024
WordPress
< 6.5.5
Cross Site Scripting (XSS) via template-part vulnerability
6.5
Jun 25, 2024
WordPress
< 6.5.5
Contributor+ Stored Cross-Site Scripting via HTML API
6.5
Jun 25, 2024
WordPress
<= 6.5.0
Authenticated (Contributor+) Stored Cross-Site Scripting Via Avatar Block vulnerability
6.5
Apr 9, 2024
WordPress
<= 6.4.3
Sensitive Information Exposure via redirect_guess_404_permalink vulnerability
5.3
Apr 5, 2024
WordPress
< 6.4.3
Auth. (Admin+) PHP File Upload vulnerability
6.6
Jan 31, 2024
WordPress
< 6.3.2
Cache Poisoning Denial of Service vulnerability
5.3
Oct 13, 2023
WordPress
< 6.3.2
Contributor+ Stored XSS in Navigation Links Block vulnerability
6.5
Oct 13, 2023
WordPress
< 6.3.2
Contributor+ Comment Read on Private and Password Protected Post vulnerability
4.3
Oct 13, 2023
WordPress
< 6.3.2
Reflected Cross-Site Scripting via Application Password Requests
6.1
Oct 13, 2023
WordPress
< 6.3.2
Sensitive Information Exposure via User Search REST Endpoint
5.3
Oct 13, 2023
WordPress
6.3-6.3.1
Auth. (Contributor+) Cross-Site Scripting via Footnotes Block
6.4
Oct 13, 2023
Load more