Pricing
Solutions
WordPress security
Instantly fix and mitigate vulnerabilities
Plugin auditing
Paid auditing for WordPress vendors
Managed VDP
Start a security program for your plugins
Bug Bounty
Join the community and earn bounties
Enterprise API
At scale monitoring and vPatching for hosts
Vulnerability database
The latest WordPress security intelligence
Login
Start trial
Ananda Dhakal (Patchstack)
Say thanks
0
XP
0
Reports
3
Reports, last 90 days
-
17 Nov, 2025
Lvl 0
0
0
0
0
Website
X
GitHub
Sort by
Priority
Severity
Exploited
Search
Affected software | Vulnerability
CVE
AXP
Severity
Reported
RTMKit
<= 1.6.5
Arbitrary File Upload
76.85
9.9
Sep 18, 2025
Link Whisper Free
<= 0.8.8
Broken Access Control
21.2
5.3
No date
Download Manager
<= 3.3.24
Cross Site Request Forgery (CSRF)
8.6
4.3
Aug 22, 2025
Download Manager
<= 3.3.25
Sensitive Data Exposure
42.4
5.3
Aug 22, 2025
WPeMatico RSS Feed Fetcher
<= 2.8.10
Sensitive Data Exposure
4.3
4.3
Jul 17, 2025
Klarna Order Management for WooCommerce
<= 1.9.8
Sensitive Data Exposure
1.65
6.6
Aug 22, 2025
Jobmonster
<= 4.7.8
Cross Site Scripting (XSS)
14.2
7.1
Aug 1, 2025
MultiSite Clone Duplicator
<= 1.5.3
Cross Site Scripting (XSS)
7.1
7.1
Jul 30, 2025
WpEvently
<= 4.4.8
PHP Object Injection
26.4
8.8
Jul 30, 2025
Poll, Survey & Quiz Maker Plugin by Opinion Stage
<= 19.11.0
Local File Inclusion
45
7.5
Apr 24, 2025
Jannah
< 7.5.1
Local File Inclusion
48.6
8.1
Mar 6, 2025
miniOrange's Google Authenticator
<= 6.1.1
Broken Access Control
6.5
6.5
Jul 24, 2025
Jobmonster
<= 4.8.0
Sensitive Data Exposure
10.6
5.3
Aug 1, 2025
Jobmonster
<= 4.8.0
Cross Site Scripting (XSS)
4.88
6.5
Aug 1, 2025
Kalium
<= 3.18.3
Broken Access Control
21.2
5.3
Dec 5, 2024
NEX-Forms
<= 9.1.3
Cross Site Request Forgery (CSRF)
4.4
8.8
Jul 30, 2025
WP Rentals
<= 3.13.1
Cross Site Scripting (XSS)
4.88
6.5
Feb 21, 2025
Awesome Support
<= 6.3.6
Sensitive Data Exposure
10.6
5.3
Oct 2, 2024
App, SaaS & Software Startup Tech Theme - Stratus
<= 4.2.5
Broken Access Control
4.3
4.3
Dec 5, 2024
Modernize
<= 3.4.0
Cross Site Scripting (XSS)
4.88
6.5
Dec 2, 2024
Modernize
<= 3.4.0
Broken Access Control
4.3
4.3
Dec 2, 2024
Thim Core
<= 2.3.3
Cross Site Request Forgery (CSRF)
4.3
4.3
Nov 13, 2024
Thim Core
<= 2.3.3
Broken Access Control
8.6
4.3
Nov 13, 2024
Kalium
<= 3.18.3
Cross Site Request Forgery (CSRF)
4.3
4.3
Dec 5, 2024
Savoy
<= 3.0.8
Sensitive Data Exposure
10.6
5.3
Aug 1, 2025
Post Grid and Gutenberg Blocks
<= 2.3.11
PHP Object Injection
26.4
8.8
May 7, 2025
Integrate Google Drive
<= 1.5.2
Cross Site Request Forgery (CSRF)
2.15
4.3
Jul 17, 2025
HT Contact Form 7
<= 2.0.0
Local File Inclusion
N/A
6.6
May 7, 2025
SMTP2GO
<= 1.12.1
Broken Access Control
4.3
4.3
May 15, 2025
FluentSnippets
<= 10.50
Cross Site Request Forgery (CSRF)
4.8
9.6
May 6, 2025
QuickCab
<= 1.3.3
Broken Access Control
10.6
5.3
Jul 3, 2024
Bimber - Viral Magazine WordPress Theme
<= 9.2.5
Local File Inclusion
19.8
8.8
Sep 17, 2024
Kleo
< 5.4.4
Broken Access Control
10.6
5.3
Sep 17, 2024
JNews
<= 11.6.16
Broken Access Control
21.2
5.3
Sep 17, 2024
Car Park Booking System for WordPress
<= 2.6
Broken Access Control
N/A
4.3
May 13, 2024
Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue WordPress theme
<= 4.2.2
Broken Access Control
4.3
4.3
Sep 17, 2024
Grand Restaurant WordPress
<= 7.0
PHP Object Injection
39.2
9.8
Nov 12, 2024
Grand Restaurant WordPress
<= 7.0
Arbitrary Content Deletion
16.4
8.2
Nov 12, 2024
Grand Restaurant WordPress
<= 7.0
Path Traversal
19.6
9.8
Nov 12, 2024
Grand Restaurant WordPress
<= 7.0
Cross Site Request Forgery (CSRF)
2.15
4.3
Nov 12, 2024
Grand Restaurant WordPress
<= 7.0
Broken Access Control
10.6
5.3
Nov 12, 2024
Master Slider
<= 3.11.0
Broken Access Control
12.9
4.3
Oct 2, 2024
Simple Sitemap – Create a Responsive HTML Sitemap
<= 3.6.0
Broken Access Control
12.9
4.3
Oct 2, 2024
Real Estate 7
<= 3.5.2
Privilege Escalation
21.9
7.3
Feb 21, 2025
Eduma
<= 5.6.4
Broken Access Control
21.2
5.3
Feb 21, 2025
WooCommerce Social Login
< 2.8.3
Cross Site Request Forgery (CSRF)
2.15
4.3
May 10, 2024
WPJobBoard
< 5.11.1
Path Traversal
5.4
5.4
Mar 27, 2024
WPJobBoard
< 5.11.1
Cross Site Request Forgery (CSRF)
57.6
9.6
Mar 28, 2024
WPJobBoard
< 5.11.1
Cross Site Request Forgery (CSRF)
2.15
4.3
Mar 27, 2024
News & Blog Designer Pack
<= 4.0
Local File Inclusion
97.2
8.1
Mar 7, 2025
Bridge Core
< 3.3.1
Cross Site Scripting (XSS)
24.38
6.5
Sep 24, 2024
Conversios.io
<= 7.2.3
Broken Access Control
4.3
4.3
Jan 17, 2025
TranslatePress
<= 2.9.6
PHP Object Injection
N/A
7.2
Mar 12, 2025
WP Rentals
<= 3.13.1
Cross Site Request Forgery (CSRF)
0.67
4.3
No date
Pie Register Premium
<= 3.8.3.2
Path Traversal
N/A
6.3
Jun 6, 2024
Pie Register Premium
<= 3.8.3.2
Broken Access Control
N/A
4.3
Jun 6, 2024
Booknetic
<= 4.0.9
Cross Site Request Forgery (CSRF)
2.15
4.3
Jun 4, 2024
MediCenter - Health Medical Clinic
< 14.7
Sensitive Data Exposure
10.6
5.3
Aug 13, 2024
WPJobBoard
<= 5.10.1
Cross Site Scripting (XSS)
14.2
7.1
Mar 27, 2024
Better Find and Replace
<= 1.6.7
Privilege Escalation
89.1
8.8
Jan 27, 2025
Product Size Charts Plugin for WooCommerce
<= 2.4.5
Broken Access Control
4.3
4.3
Oct 2, 2024
Really Simple SSL
<= 9.1.4
Cross Site Request Forgery (CSRF)
19.35
4.3
Dec 2, 2024
Bridge Core
<= 3.3
Broken Access Control
21.5
4.3
Sep 24, 2024
Avada
<= 7.11.10
Broken Access Control
74.2
5.3
Oct 2, 2024
uDesign
<= 4.11.2
Broken Access Control
31.8
5.3
Oct 2, 2024
Houzez
<= 3.4.0
Broken Access Control
8.6
4.3
Oct 2, 2024
Houzez
<= 3.4.0
Broken Access Control
21.2
5.3
Oct 2, 2024
SendGrid for WordPress
<= 1.4
Broken Access Control
4.3
4.3
Jul 25, 2024
Link Whisper Free
<= 0.7.7
Sensitive Data Exposure
21.2
5.3
Aug 8, 2024
Kalium
<= 3.18.3
Cross Site Scripting (XSS)
28.4
7.1
Dec 5, 2024
Thim Core
<= 2.3.3
Arbitrary Code Execution
13
6.5
Nov 13, 2024
Avada
<= 7.11.10
Cross Site Request Forgery (CSRF)
15.05
4.3
Oct 2, 2024
Pie Register Premium
< 3.8.3.3
Arbitrary File Upload
N/A
10
Jun 6, 2024
Pie Register Premium
< 3.8.3.3
Cross Site Scripting (XSS)
N/A
7.1
Jun 5, 2024
Tutor LMS Elementor Addons
<= 2.1.5
Broken Access Control
8.6
4.3
Oct 2, 2024
Jobify
< 4.3.0
Arbitrary File Download
22.5
7.5
Aug 13, 2024
Jobify
< 4.3.0
Broken Access Control
10.6
5.3
Aug 13, 2024
Jobify
< 4.3.0
Cross Site Request Forgery (CSRF)
2.15
4.3
Aug 13, 2024
Jobify
< 4.3.0
Cross Site Scripting (XSS)
4.88
6.5
Aug 13, 2024
Disable Admin Notices individually
<= 1.4.0
Cross Site Request Forgery (CSRF)
8.6
4.3
Jul 23, 2024
Pie Register Premium
< 3.8.3.3
Broken Access Control
N/A
5.3
Jun 5, 2024
Dynamic Widgets
<= 1.6.4
Cross Site Request Forgery (CSRF)
2.15
4.3
Oct 2, 2024
Smart Manager
<= 8.45.0
Broken Access Control
4.3
4.3
Aug 7, 2024
Social Auto Poster
<= 5.3.15
Cross Site Request Forgery (CSRF)
2.15
4.3
Aug 7, 2024
LatePoint
<= 4.9.91
Cross Site Scripting (XSS)
6.5
6.5
Mar 27, 2024
Login As Users
<= 1.4.3
Broken Access Control
N/A
8.8
Aug 5, 2024
SendGrid for WordPress
<= 1.4
SQL Injection
24.6
8.2
Jul 25, 2024
MemberPress
<= 1.11.34
Broken Access Control
13
6.5
May 15, 2024
LatePoint
<= 4.9.91
Cross Site Request Forgery (CSRF)
3.25
6.5
Mar 25, 2024
JobSearch
<= 2.5.3
PHP Object Injection
39.2
9.8
Jul 17, 2024
JobSearch
<= 2.5.3
Cross Site Request Forgery (CSRF)
4.3
4.3
Jul 17, 2024
JobSearch
<= 2.5.4
Broken Access Control
13
6.5
Jul 17, 2024
JobSearch
<= 2.5.4
Broken Access Control
5.4
5.4
Jul 17, 2024
Advanced Form Integration
<= 1.89.4
Cross Site Request Forgery (CSRF)
2.15
4.3
Jul 25, 2024
Brave Popup Builder
<= 0.7.0
Cross Site Request Forgery (CSRF)
2.15
4.3
Aug 8, 2024
WP User Manager
<= 2.9.10
Cross Site Request Forgery (CSRF)
2.47
4.3
May 20, 2024
Flash & HTML5 Video
<= 2.5.31
Sensitive Data Exposure
8.6
4.3
Jul 24, 2024
Asset CleanUp: Page Speed Booster
<= 1.3.9.3
Broken Access Control
17.2
4.3
Jul 23, 2024
Clone
<= 2.4.5
Broken Access Control
12.9
4.3
Jul 24, 2024
WOOCS – WooCommerce Currency Switcher
<= 1.4.2
Broken Access Control
12.9
4.3
Jul 24, 2024
1
2
Report vulnerabilities to earn bounties and rewards!
Read more
Include pending
Back to top