Recently exploited vulnerabilities

Get more with our API

Affected software \| Vulnerability	Priority	Disclosed
Advanced Custom Fields: Extended0.9.0.5-0.9.1.1 Unauthenticated Remote Code Execution vulnerability	10	Dec 3, 2025
WavePlayer<= 3.7.0 Unauthenticated Arbitrary File Upload vulnerability	10	Nov 25, 2025
Gravity Forms <= 2.9.21.1 Unauthenticated Arbitrary File Upload via Legacy Chunked Upload vulnerability	9	Nov 17, 2025
AI Engine<= 3.1.3 Unauthenticated Sensitive Information Exposure to Privilege Escalation vulnerability	9.8	Nov 5, 2025
Post SMTP<= 3.6.0 Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability	9.8	Nov 3, 2025

WordPress vulnerability statistics

General WordPress security vulnerability statistics powered by the Patchstack Vulnerability Database.

Vulnerabilities disclosed via Patchstack

4,354By Patchstack Alliance

1,592By other sources

Most common security vulnerabilities

How to fix common vulnerabilities

#1Cross-Site Scripting (XSS)
53.35%
#2Cross-Site Request Forgery (CSRF)
16.85%
#3Broken Access Control
12.95%
#4Other vulnerabilities
8.86%
#5SQL Injection
4.46%
#6Sensitive Data Exposure
2.00%
#7Arbitrary File Upload
1.53%
Disclosed by
Patchstack
Other sources

Fixed status of published vulnerabilities

Not fixed

#1,51826%

Fixed

#4,42874%

Breakdown by software type

Plugin

#5,75497%

Theme

#1793%

Core

#130%

Breakdown by patch priority

High (Resolve immediately)

#83014%

Medium (Resolve in 14 days)

#83035%

Low (Resolve in 30 days)

#83051%

Breakdown by CVSS severity

Critical (9.0-10.0)

#1893%

High (7.0-8.9)

#2,36440%

Medium (4.0-6.9)

#3,35956%

Low (0.1-3.9)

#341%

Top security researchers by contributions

See leaderboard

# Researcher

Reports

Country

Plugins with a VDP earn +15%
XP and
Zeroday payouts up to $14,400!
Plugins with a VDP earn +15% XP and Zeroday payouts up to $9,600!