The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total38,013

MitigationsMitigation rules13,899

No official fix10,833

In triage1,239

Published soon37

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Product Enquiry for WooCommerce< 3.1 Admin+ Stored XSS vulnerability	5.9	1 hour ago
Ultimate Maps by Supsystic< 1.2.16 Admin+ Stored XSS vulnerability	5.9	1 hour ago
WP Customer Area< 8.2.1 Subscriber+ Account Address Update vulnerability	5.4	1 hour ago
Post SMTP< 2.8.7 Admin+ SQL Injection vulnerability	7.6	2 hours ago
EasyJobs< 2.4.7 Subscriber+ Arbitrary Settings Update vulnerability	5.4	2 hours ago
CommentTweets<= 0.6 Settings Update via CSRF vulnerability	4.3	2 hours ago
Keap Official Opt-in Forms< 1.0.12 Admin+ Stored XSS vulnerability	5.9	2 hours ago
JSM file_get_contents() Shortcode< 2.7.1 Contributor+ SSRF vulnerability	4.9	3 hours ago
WP All Import< 3.7.3 Admin+ Arbitrary File Upload to RCE vulnerability	9.1	3 hours ago
Community by PeepSo< 6.3.1.2 User Post Creation via CSRF vulnerability	4.3	3 hours ago
Hubbub Lite< 1.32.0 Admin+ Stored XSS vulnerability	5.9	3 hours ago
Relevanssi Premium< 2.25.0 Unauthenticated Private/Draft Post Disclosure vulnerability	5.3	3 hours ago
Relevanssi < 4.22.0 Unauthenticated Private/Draft Post Disclosure vulnerability	5.3	3 hours ago
Greenshift<= 12.5.7 WordPress GreenShift - Animation and Page Builder Blocks plugin <= 12.5.7 - Authenticated (Subscriber+) Information Disclosure of AI API Keys vulnerability	4.3	15 hours ago
Image Map Block – Gutenberg block to create image map with hyperlink<= 1.0.2 Unauthenticated Server-Side Request Forgery via image-proxy Endpoint vulnerability	7.2	17 hours ago
Peter’s Date Countdown<= 2.0.0 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	17 hours ago
ShortPixel Image Optimizer<= 6.4.2 Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter vulnerability	4.9	17 hours ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.3.5 Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability	5.3	1 day ago
ProfileGrid <= 5.9.7.2 Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification vulnerability	5.3	1 day ago
ProfileGrid <= 5.9.7.2 WordPress ProfileGrid - User Profiles, Groups and Communities plugin <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension vulnerability	4.3	1 day ago