Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,613
Mitigations
Mitigation rules
14,787
No official patch
11,271
In triage
1,502
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Amelia
<= 9.1.2
Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change vulnerability
8.8
4 hours ago
DSGVO snippet for Leaflet Map and its Extensions
<= 3.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'unset' Attribute vulnerability
6.5
5 hours ago
FormLift for Infusionsoft Web Forms
<= 7.5.21
Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow vulnerability
5.3
5 hours ago
Blog2Social
<= 8.8.2
Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action vulnerability
4.3
5 hours ago
Simple Download Counter
<= 2.3
Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute vulnerability
6.5
5 hours ago
BWL Advanced FAQ Manager Lite
<= 1.1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'sbox_id' Shortcode Attribute vulnerability
6.5
5 hours ago
ShortPixel Image Optimizer
<= 6.4.3
Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title vulnerability
5.9
5 hours ago
PeproDev Ultimate Invoice
< 2.2.6
Unauthenticated Invoice Archive Download vulnerability
5.3
5 hours ago
Smart Slider 3
<= 3.5.1.33
Authenticated (Subscriber+) Arbitrary File Read via actionExportAll vulnerability
6.5
9 hours ago
WP DSGVO Tools (GDPR)
<= 3.1.38
Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users vulnerability
9.1
2 days ago
JetEngine
<= 3.8.6.1
Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter vulnerability
9.3
2 days ago
WPGraphQL
<= 2.9.1
Broken Access Control vulnerability
5.4
2 days ago
Woocommerce Custom Product Addons Pro
<= 5.4.1
Unauthenticated Remote Code Execution via Custom Pricing Formula vulnerability
10
2 days ago
Contest Gallery
<= 28.1.5
Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion vulnerability
8.1
2 days ago
JupiterX Core
<= 4.14.1
Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import vulnerability
8.8
2 days ago
WP Job Portal
<= 2.4.8
Unauthenticated SQL Injection via 'radius' Parameter vulnerability
9.3
2 days ago
Product Filter by WBW
<= 3.1.2
Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE TABLE vulnerability
6.5
2 days ago
LearnDash LMS
<= 5.0.3
Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter vulnerability
8.5
2 days ago
User Registration
<= 5.1.4
Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation vulnerability
5.4
2 days ago
LearnPress
<= 4.3.2.8
Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion vulnerability
4.3
2 days ago
Load more