Recently exploited vulnerabilities

Get more with our API
Affected software | Vulnerability
Priority
Disclosed
Gift Cards For WooCommerce Pro<= 4.2.6
Arbitrary File Upload vulnerability
10
22 hours ago
Burst Statistics3.4.0-3.4.1.1
Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin 3.4.0-3.4.1.1 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover vulnerability
9.8
7 days ago
User Registration Advanced Fields<= 1.6.20
Unauthenticated Arbitrary File Upload vulnerability
10
05/05/2026
JoomSport<= 5.7.7
SQL Injection vulnerability
9.3
29/04/2026
Drag and Drop Multiple File Upload – Contact Form 7<= 1.3.9.6
Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass vulnerability
8.1
20/04/2026

WordPress vulnerability statistics

General WordPress security vulnerability statistics powered by the Patchstack Vulnerability Database.

Vulnerabilities disclosed via Patchstack

4,178By Patchstack Alliance
3,788By other sources

Most common security vulnerabilities

How to patch common vulnerabilities
  • #1Cross-Site Scripting (XSS)
    47.68%
  • #2Other vulnerabilities
    14.52%
  • #3Broken Access Control
    14.19%
  • #4Cross-Site Request Forgery (CSRF)
    11.36%
  • #5SQL Injection
    5.08%
  • #6Sensitive Data Exposure
    4.29%
  • #7Arbitrary File Upload
    2.87%
  • Disclosed by
    Patchstack
    Other sources

Patch status of published vulnerabilities

Not patched
#1,91724%
Patched
#6,04976%

Breakdown by software type

Plugin
#7,63296%
Theme
#3284%
Core
#60%

Breakdown by patch priority

High (Resolve immediately)
#92412%
Medium (Resolve in 14 days)
#1,49319%
Low (Resolve in 30 days)
#5,54970%

Breakdown by CVSS severity

Critical (9.0-10.0)
#6008%
High (7.0-8.9)
#2,17327%
Medium (4.0-6.9)
#5,15565%
Low (0.1-3.9)
#380%

Top security researchers by contributions

See leaderboard
# Researcher
Reports
Country

Plugins with a VDP earn +15% XP and Zeroday payouts up to $33,000!

Read more