The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total46,880

MitigationsMitigation rules15,211

No official patch13,394

In triage1,547

Published soon10

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
ACF Extended<= 0.9.2.3 Unauthenticated Arbitrary Shortcode Execution vulnerability	6.5	10 hours ago
Google Analytics by Monster Insights<= 10.1.2 Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset vulnerability	7.1	10 hours ago
Custom Twitter Feeds (Tweets Widget)<= 2.5.4 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	11 hours ago
ProfileGrid <= 5.9.8.4 Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining vulnerability	7.1	11 hours ago
Fusion Builder<= 3.15.1 Unauthenticated SQL Injection vulnerability	9.3	11 hours ago
Fusion Builder<= 3.15.2 Authenticated (Subscriber+) Arbitrary File Read vulnerability	6.5	11 hours ago
Court Reservation<= 1.10.11 Unauthenticated SQL Injection vulnerability	9.3	12 hours ago
coreActivity: Activity Logging plugin for WordPress<= 3.0 Unauthenticated PHP Object Injection vulnerability	8.1	12 hours ago
ProfileGrid <= 5.9.8.4 Authenticated (Subscriber+) SQL Injection vulnerability	8.5	12 hours ago
Tutor LMS<= 3.9.9 Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion vulnerability	5.3	1 day ago
Woocommerce Support System<= 1.3.0 Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability	5.3	1 day ago
Hustle<= 7.8.10.1 Broken Access Control vulnerability	5.3	1 day ago
Cost of Goods for WooCommerce<= 4.1.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	1 day ago
Charitable<= 1.8.10.4 Authenticated (Custom+) SQL Injection vulnerability	6.5	1 day ago
Broadstreet Ads<= 1.53.1 Missing Authorization to Authenticated (Subscriber+) Advertiser Creation vulnerability	4.3	1 day ago
Broadstreet Ads<= 1.53.1 Authenticated (Subscriber+) Information Disclosure vulnerability	5.3	1 day ago
Broadstreet Ads<= 1.53.1 Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	5.9	1 day ago
Blog2Social<= 8.9.0 Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records vulnerability	5.4	1 day ago
Cost Calculator Builder<= 4.0.1 Unauthenticated Price Manipulation and Insecure Direct Object Reference vulnerability	5.3	1 day ago
LifePress<= 2.2.2 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago