The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total36,716

MitigationsMitigation rules13,515

No official fix10,538

In triage1,028

Published soon49

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Dreamer Blog<= 1.2 Subscriber+ Arbitrary Plugin Installation vulnerability	8.8	11 minutes ago
Integration Opvius AI for WooCommerce<= 1.3.0 Unauthenticated Arbitrary File Deletion/Read via Path Traversal vulnerability	8.6	24 minutes ago
Modular DS<= 2.5.1 Privilege Escalation vulnerability	10	4 hours ago
DASHBOARD BUILDER<= 1.5.7 Cross-Site Request Forgery to SQL Injection vulnerability	8.2	8 hours ago
WMF Mobile Redirector<= 1.2 Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability	5.9	13 hours ago
Short Link<= 1.0 Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Page vulnerability	5.9	13 hours ago
Aplazo Payment Gateway<= 1.4.2 Missing Authorization to Unauthenticated Order Status Manipulation vulnerability	5.3	13 hours ago
PayHere Payment Gateway Plugin for WooCommerce<= 2.3.9 Missing Authorization to Unauthenticated Order Status Modification vulnerability	5.3	13 hours ago
Float Payment Gateway<= 1.1.9 Improper Authorization to Unauthenticated Order Status Manipulation vulnerability	5.3	13 hours ago
WP Allowed Hosts<= 1.0.8 Authenticated (Administrator+) Stored Cross-Site Scripting via 'allowed-hosts' Parameter vulnerability	5.9	13 hours ago
LinkedIn SC<= 1.1.9 Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Page vulnerability	5.9	13 hours ago
Stopwords for comments<= 1.1 Missing Authorization to Cross-Site Request Forgery vulnerability	4.3	13 hours ago
SocialChamp with WordPress<= 1.3.3 Cross-Site Request Forgery to Plugin Settings Update vulnerability	4.3	13 hours ago
Electric Studio Download Counter<= 2.4 Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability	5.9	13 hours ago
Perfit WooCommerce<= 1.0.1 Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability	5.3	13 hours ago
Sosh Share Buttons<= 1.1.0 Cross-Site Request Forgery vulnerability	4.3	13 hours ago
GetContentFromURL<= 1.0 Authenticated (Contributor+) Server-Side Request Forgery via 'url' Shortcode Attribute vulnerability	6.4	13 hours ago
Gotham Block Extra Light<= 1.5.0 Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability	5.9	13 hours ago
Netcash WooCommerce Payment Gateway<= 4.1.3 Missing Authorization to Unauthenticated Order Status Modification vulnerability	5.3	13 hours ago
WPBlogSyn<= 1.0 Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update vulnerability	4.3	14 hours ago