Recently exploited vulnerabilities

Get more with our API
Affected software | Vulnerability
Priority
Disclosed
Modular DS2.5.2
Privilege Escalation vulnerability
10
3 days ago
Modular DS<= 2.5.1
Privilege Escalation vulnerability
10
5 days ago
Sendinblue for WooCommerce<= 4.0.49
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
Jan 9, 2026
Branda<= 3.4.24
WordPress Branda - White Label & Branding, Free Login Page Customizer plugin <= 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover vulnerability
9.8
Jan 2, 2026
Print Invoice & Delivery Notes for WooCommerce<= 5.8.0
Unauthenticated Remote Code Execution vulnerability
10
Dec 24, 2025

WordPress vulnerability statistics

General WordPress security vulnerability statistics powered by the Patchstack Vulnerability Database.

Vulnerabilities disclosed via Patchstack

235By Patchstack Alliance
245By other sources

Most common security vulnerabilities

How to fix common vulnerabilities
  • #1Cross-Site Scripting (XSS)
    33.75%
  • #2Other vulnerabilities
    27.29%
  • #3Broken Access Control
    23.54%
  • #4SQL Injection
    4.79%
  • #5Cross-Site Request Forgery (CSRF)
    4.58%
  • #6Sensitive Data Exposure
    3.75%
  • #7Arbitrary File Upload
    2.29%
  • Disclosed by
    Patchstack
    Other sources

Fixed status of published vulnerabilities

Not fixed
#29060%
Fixed
#19040%

Breakdown by software type

Plugin
#37879%
Theme
#10221%
Core
#00%

Breakdown by patch priority

High (Resolve immediately)
#11624%
Medium (Resolve in 14 days)
#12025%
Low (Resolve in 30 days)
#24451%

Breakdown by CVSS severity

Critical (9.0-10.0)
#347%
High (7.0-8.9)
#17637%
Medium (4.0-6.9)
#26856%
Low (0.1-3.9)
#20%

Top security researchers by contributions

See leaderboard
# Researcher
Reports
Country

Plugins with a VDP earn +15% XP and Zeroday payouts up to $9,600!

Read more