Recently exploited vulnerabilities

Get more with our API
Affected software | Vulnerability
Priority
Disclosed
Gravity SMTP<= 2.1.4
Unauthenticated Sensitive Information Exposure via REST API vulnerability
7.5
2 days ago
Woocommerce Custom Product Addons Pro<= 5.4.1
Unauthenticated Remote Code Execution via Custom Pricing Formula vulnerability
10
24/03/2026
Kali Forms<= 2.4.9
Unauthenticated Remote Code Execution via form_process vulnerability
10
23/03/2026
XStore Core<= 5.6.4
Reflected Cross Site Scripting (XSS) vulnerability
7.1
17/03/2026
My Sticky Bar<= 2.8.6
Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action vulnerability
9.3
12/03/2026

WordPress vulnerability statistics

General WordPress security vulnerability statistics powered by the Patchstack Vulnerability Database.

Vulnerabilities disclosed via Patchstack

318By Patchstack Alliance
322By other sources

Most common security vulnerabilities

How to patch common vulnerabilities
  • #1Cross-Site Scripting (XSS)
    33.13%
  • #2Other vulnerabilities
    33.13%
  • #3Broken Access Control
    18.59%
  • #4SQL Injection
    6.25%
  • #5Cross-Site Request Forgery (CSRF)
    3.75%
  • #6Sensitive Data Exposure
    3.13%
  • #7Arbitrary File Upload
    2.03%
  • Disclosed by
    Patchstack
    Other sources

Patch status of published vulnerabilities

Not patched
#21133%
Patched
#42967%

Breakdown by software type

Plugin
#52482%
Theme
#11017%
Core
#61%

Breakdown by patch priority

High (Resolve immediately)
#20232%
Medium (Resolve in 14 days)
#18529%
Low (Resolve in 30 days)
#25340%

Breakdown by CVSS severity

Critical (9.0-10.0)
#8413%
High (7.0-8.9)
#27944%
Medium (4.0-6.9)
#27543%
Low (0.1-3.9)
#20%

Top security researchers by contributions

See leaderboard
# Researcher
Reports
Country

Plugins with a VDP earn +15% XP and Zeroday payouts up to $33,000!

Read more