Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
36,928
Mitigations
Mitigation rules
13,653
No official fix
10,564
In triage
1,214
Published soon
47
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
LA-Studio Element Kit for Elementor
<= 1.5.6.3
Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter vulnerability
9.8
1 day ago
Photo Gallery by 10Web
<= 1.8.36
Missing Authorization to Unauthenticated Arbitrary Comment Deletion vulnerability
5.3
1 day ago
NotificationX
<= 3.2.0
Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview' vulnerability
7.1
1 day ago
Nexter Extension
<= 4.4.6
WordPress Nexter Extension - Site Enhancements Toolkit plugin <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace' vulnerability
9.8
1 day ago
Academy LMS
<= 3.5.0
Privilege Escalation vulnerability
9.8
1 day ago
Bookingor
<= 1.0.12
Subscriber+ Category Deletion vulnerability
5.4
1 day ago
FlatPM
<= 3.2.2
WordPress FlatPM - Ad Manager, AdSense and Custom Code plugin <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Post Meta vulnerability
6.5
1 day ago
Head Meta Data
<= 20251118
Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability
6.5
1 day ago
NotificationX
<= 3.1.11
Missing Authorization to Authenticated (Contributor+) Analytics Reset vulnerability
5.4
1 day ago
Creator LMS
<= 1.1.12
WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update vulnerability
8.8
1 day ago
The Events Calendar
<= 6.15.13
Missing Authorization to Authenticated (Subscriber+) Data Migration Control vulnerability
5.4
1 day ago
Tutor LMS
<= 3.9.4
WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion vulnerability
5.4
1 day ago
Booking Activities
<= 1.16.44
Privilege Escalation vulnerability
8.1
2 days ago
Frontis Blocks
<= 1.1.5
Server Side Request Forgery (SSRF) vulnerability
7.2
2 days ago
Craft
<= 2.3.6
Reflected Cross Site Scripting (XSS) vulnerability
7.1
2 days ago
Grand Tour
< 5.6.2
Cross Site Scripting (XSS) vulnerability
7.1
2 days ago
DotLife
< 4.9.5
Reflected Cross Site Scripting (XSS) vulnerability
7.1
2 days ago
Hoteller
< 6.8.9
Reflected Cross Site Scripting (XSS) vulnerability
7.1
2 days ago
Hostiko
< 94.3.6
Cross Site Scripting (XSS) vulnerability
7.1
2 days ago
CarSpot
< 2.4.6
Reflected Cross Site Scripting (XSS) vulnerability
7.1
2 days ago
Load more