Recently exploited vulnerabilities

Get more with our API
Affected software | Vulnerability
Priority
Disclosed
Print Invoice & Delivery Notes for WooCommerce<= 5.8.0
Unauthenticated Remote Code Execution vulnerability
10
7 days ago
Advanced Custom Fields: Extended0.9.0.5-0.9.1.1
Unauthenticated Remote Code Execution vulnerability
10
Dec 3, 2025
WavePlayer<= 3.7.0
Unauthenticated Arbitrary File Upload vulnerability
10
Nov 25, 2025
Gravity Forms <= 2.9.21.1
Unauthenticated Arbitrary File Upload via Legacy Chunked Upload vulnerability
9
Nov 17, 2025
WP Social Ninja<= 3.20.1
Broken Access Control vulnerability
6.5
Nov 14, 2025

WordPress vulnerability statistics

General WordPress security vulnerability statistics powered by the Patchstack Vulnerability Database.

Vulnerabilities disclosed via Patchstack

0By Patchstack Alliance
0By other sources

Most common security vulnerabilities

How to fix common vulnerabilities
  • #1Cross-Site Request Forgery (CSRF)
    NaN%
  • #2Cross-Site Scripting (XSS)
    NaN%
  • #3Sensitive Data Exposure
    NaN%
  • #4Other vulnerabilities
    NaN%
  • #5Broken Access Control
    NaN%
  • #6SQL Injection
    NaN%
  • #7Arbitrary File Upload
    NaN%
  • Disclosed by
    Patchstack
    Other sources

Fixed status of published vulnerabilities

Not fixed
#00%
Fixed
#00%

Breakdown by software type

Plugin
#00%
Theme
#00%
Core
#00%

Breakdown by patch priority

High (Resolve immediately)
#00%
Medium (Resolve in 14 days)
#00%
Low (Resolve in 30 days)
#00%

Breakdown by CVSS severity

Critical (9.0-10.0)
#00%
High (7.0-8.9)
#00%
Medium (4.0-6.9)
#00%
Low (0.1-3.9)
#00%

Top security researchers by contributions

See leaderboard
# Researcher
Reports
Country

Plugins with a VDP earn +15% XP and Zeroday payouts up to $9,600!

Read more