Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,057
Mitigations
Mitigation rules
14,506
No official patch
11,213
In triage
1,532
Published soon
28
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Happy Addons for Elementor
<= 3.21.0
Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter vulnerability
5.4
1 hour ago
Happy Addons for Elementor
<= 3.21.0
Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions vulnerability
6.5
1 hour ago
Modular DS
<= 2.5.1
Cross-Site Request Forgery via postConfirmOauth vulnerability
4.3
1 hour ago
Court Reservation
< 1.10.9
Event Deletion via CSRF vulnerability
4.3
1 hour ago
Astra WordPress Theme
<= 4.12.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability
6.5
1 hour ago
WP ULike
<= 5.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute vulnerability
6.5
1 hour ago
DearFlip
<= 2.4.20
Authenticated (Author+) Stored Cross-Site Scripting via PDF Page Labels vulnerability
5.9
2 hours ago
NextScripts
<= 4.4.6
Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode vulnerability
6.5
2 hours ago
Booktics
<= 1.0.16
Missing Authorization to Get Items via REST API endpoints vulnerability
5.3
3 hours ago
Booktics
<= 1.0.16
Missing Authorization to Addon Plugin Installation vulnerability
5.3
3 hours ago
Primer MyData for Woocommerce
<= 4.2.1
Reflected Cross-Site Scripting vulnerability
7.1
18 hours ago
WooCommerce
< 10.5.3
Arbitrary Admin User Creation via CSRF vulnerability
4.3
1 day ago
Meta Box – WordPress Custom Fields Framework
<= 5.11.1
Authenticated (Contributor+) Arbitrary File Deletion vulnerability
7.2
1 day ago
WP RSS Aggregator
<= 5.0.11
WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage vulnerability
7.1
1 day ago
WP App Bar
<= 1.5
Unauthenticated Stored Cross-Site Scripting via 'app-bar-features' Parameter vulnerability
7.1
1 day ago
Paid Videochat Turnkey Site
<= 7.3.20
WordPress Paid Videochat Turnkey Site - HTML5 PPV Live Webcams plugin <= 7.3.20 - Authenticated (Author+) Privilege Escalation vulnerability
7.2
1 day ago
JS Archive List
<= 6.1.7
Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute vulnerability
7.5
1 day ago
CM Custom WordPress Reports and Analytics
<= 1.2.7
Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters vulnerability
7.1
1 day ago
ZIP Code Based Content Protection
<= 1.0.2
Unauthenticated SQL Injection via 'zipcode' Parameter vulnerability
9.3
1 day ago
LotekMedia Popup Form
<= 1.0.6
Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
5.9
3 days ago
Load more