Recently exploited vulnerabilities

Get more with our API

Affected software \| Vulnerability	Priority	Disclosed
LA-Studio Element Kit for Elementor<= 1.5.6.3 Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter vulnerability	9.8	Jan 21, 2026
Academy LMS<= 3.5.0 Privilege Escalation vulnerability	9.8	Jan 21, 2026
Booking Activities<= 1.16.44 Privilege Escalation vulnerability	8.1	Jan 20, 2026
Modular DS2.5.2 Privilege Escalation vulnerability	10	Jan 16, 2026
Modular DS<= 2.5.1 Privilege Escalation vulnerability	10	Jan 14, 2026

WordPress vulnerability statistics

General WordPress security vulnerability statistics powered by the Patchstack Vulnerability Database.

Vulnerabilities disclosed via Patchstack

4,178By Patchstack Alliance

3,788By other sources

Most common security vulnerabilities

How to fix common vulnerabilities

#1Cross-Site Scripting (XSS)
47.69%
#2Other vulnerabilities
14.52%
#3Broken Access Control
14.17%
#4Cross-Site Request Forgery (CSRF)
11.36%
#5SQL Injection
5.08%
#6Sensitive Data Exposure
4.29%
#7Arbitrary File Upload
2.87%
Disclosed by
Patchstack
Other sources

Fixed status of published vulnerabilities

Not fixed

#1,94424%

Fixed

#6,02276%

Breakdown by software type

Plugin

#7,63396%

Theme

#3274%

Core

#60%

Breakdown by patch priority

High (Resolve immediately)

#92412%

Medium (Resolve in 14 days)

#1,49319%

Low (Resolve in 30 days)

#5,54970%

Breakdown by CVSS severity

Critical (9.0-10.0)

#6008%

High (7.0-8.9)

#2,17327%

Medium (4.0-6.9)

#5,15565%

Low (0.1-3.9)

#380%

Top security researchers by contributions

See leaderboard

# Researcher

Reports

Country

Plugins with a VDP earn +15%
XP and
Zeroday payouts up to $33,000!
Plugins with a VDP earn +15% XP and Zeroday payouts up to $33,000!