Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
40,002
Mitigations
Mitigation rules
14,892
No official patch
11,330
In triage
1,411
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Optimole
<= 4.2.2
Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter vulnerability
7.1
22 minutes ago
Optimole
<= 4.2.3
Reflected Cross-Site Scripting via Page Profiler URL vulnerability
7.1
25 minutes ago
YML for Yandex Market
< 5.0.26
Shop Manager+ RCE via Feed Generation vulnerability
7.2
43 minutes ago
Gravity SMTP
<= 2.1.4
Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall vulnerability
7.1
53 minutes ago
Webling
<= 3.9.0
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'title' Parameter vulnerability
6.5
1 hour ago
Customer Reviews for WooCommerce
<= 5.103.0
Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter vulnerability
5.3
1 hour ago
Royal WordPress Backup, Restore & Migration
<= 1.0.16
Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter vulnerability
7.1
1 hour ago
UsersWP
<= 1.2.60
Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution vulnerability
6.5
1 hour ago
ActivityPub
< 8.0.2
Unauthenticated Drafts/Scheduled/Pending Posts Disclosure vulnerability
7.5
2 hours ago
wpForo Forum
<= 3.0.2
Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter vulnerability
7.1
2 hours ago
WCAPF – WooCommerce Ajax Product Filter
<= 4.2.3
WordPress WCAPF - WooCommerce Ajax Product Filter plugin <= 4.2.3 - Unauthenticated Time-Based SQL Injection vulnerability
9.3
2 hours ago
BuddyPress Groupblog
<= 1.9.3
Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR vulnerability
8.8
2 hours ago
LifterLMS
<= 9.2.1
Authenticated (Custom+) SQL Injection via 'order' Parameter vulnerability
6.5
11 hours ago
UsersWP
<= 1.2.58
Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter vulnerability
5
11 hours ago
BlockArt Blocks
<= 2.2.15
Authenticated (Author+) Stored Cross-Site Scripting via 'clientId' Block Attribute vulnerability
5.9
11 hours ago
Tutor LMS
<= 3.9.7
Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability
4.3
12 hours ago
Greenshift
<= 12.8.9
Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute vulnerability
6.5
12 hours ago
Tutor LMS
<= 3.9.7
Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment vulnerability
5.4
12 hours ago
YITH WooCommerce Wishlist
< 4.13.0
Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability
5.3
12 hours ago
Tutor LMS
<= 3.9.7
Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter vulnerability
7.5
2 days ago
Load more