The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,129

Mitigation rules13,050

No official fix9,820

In triage1,307

Published soon33

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Booking Calendar Contact Form<= 1.2.60 Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter vulnerability	5.3	1 hour ago
Ninja Forms Google Sheet Connector<= 2.0.1 Missing Authorization to Authenticated (Subscriber+) System Information Exposure vulnerability	4.3	2 hours ago
Appointment Booking Calendar<= 1.3.96 Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter vulnerability	5.3	2 hours ago
BigBuy Dropshipping Connector for WooCommerce<= 2.0.5 Unauthenticated IP Spoofing to phpinfo() Exposure vulnerability	5.3	2 hours ago
Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO<= 2.4.6 Missing Authentication to Unauthenticated Presale Update vulnerability	5.3	3 hours ago
AudioTube<= 0.0.3 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	3 hours ago
Stock Tools<= 1.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	3 hours ago
Padlet Shortcode<= 1.3 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	3 hours ago
Tips Shortcode<= 0.2.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	3 hours ago
UiPress lite<= 3.5.08 Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update vulnerability	5.4	3 hours ago
Islamic Phrases<= 2.12.2015 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	3 hours ago
Return Refund and Exchange For WooCommerce<= 4.5.5 Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Order Message Read vulnerability	5.4	3 hours ago
Import WP<= 2.14.17 Unauthenticated Information Exposure vulnerability	5.3	3 hours ago
Checkbox<= 2.8.10 Missing Authorization to Unauthenticated Log Clearing vulnerability	5.3	4 hours ago
WP Directory Kit<= 1.4.3 Unauthenticated SQL Injection via select_2_ajax() Function vulnerability	9.3	4 hours ago
Zegen Core<= 2.0.1 Cross-Site Request Forgery to Arbitrary File Upload vulnerability	9.6	17 hours ago
LearnPress<= 4.2.9.4 Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure vulnerability	5.3	17 hours ago
Fluent CRM<= 2.9.84 Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluentcrm_content' Shortcode vulnerability	6.5	17 hours ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.2.9 Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client' vulnerability	4.3	17 hours ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.3.1 Missing Authorization to Authenticated (Subscriber+) Role Removal vulnerability	5.4	17 hours ago