Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
40,047
Mitigations
Mitigation rules
14,902
No official patch
11,321
In triage
1,435
Published soon
11
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Eventin
<= 4.1.8
Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure vulnerability
4.3
49 minutes ago
Post Grid, Post Carousel, & List Category Posts – by Smart Post Show
<= 3.0.12
WordPress Smart Post Show - Post Grid, Post Carousel & Slider, and List Category Posts plugin <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection vulnerability
7.2
51 minutes ago
ShopLentor
<= 3.3.5
Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute vulnerability
6.5
52 minutes ago
WholeSale Products Dynamic Pricing Management WooCommerce
<= 1.2
Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
5.9
52 minutes ago
Surbma | Booking.com Shortcode
<= 2.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
53 minutes ago
BackWPup
<= 5.6.6
Authenticated (Administrator+) Local File Inclusion via 'block_name' Parameter vulnerability
7.2
54 minutes ago
User Registration
<= 5.1.4
Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter vulnerability
4.7
1 hour ago
Optimole
<= 4.2.2
Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter vulnerability
7.1
17 hours ago
Optimole
<= 4.2.3
Reflected Cross-Site Scripting via Page Profiler URL vulnerability
7.1
17 hours ago
YML for Yandex Market
< 5.0.26
Shop Manager+ RCE via Feed Generation vulnerability
7.2
17 hours ago
Gravity SMTP
<= 2.1.4
Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall vulnerability
7.1
18 hours ago
Webling
<= 3.9.0
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'title' Parameter vulnerability
6.5
18 hours ago
Customer Reviews for WooCommerce
<= 5.103.0
Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter vulnerability
5.3
18 hours ago
Royal WordPress Backup, Restore & Migration
<= 1.0.16
Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter vulnerability
7.1
18 hours ago
UsersWP
<= 1.2.60
Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution vulnerability
6.5
19 hours ago
ActivityPub
< 8.0.2
Unauthenticated Drafts/Scheduled/Pending Posts Disclosure vulnerability
7.5
19 hours ago
wpForo Forum
<= 3.0.2
Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter vulnerability
7.1
19 hours ago
WCAPF – WooCommerce Ajax Product Filter
<= 4.2.3
WordPress WCAPF - WooCommerce Ajax Product Filter plugin <= 4.2.3 - Unauthenticated Time-Based SQL Injection vulnerability
9.3
19 hours ago
BuddyPress Groupblog
<= 1.9.3
Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR vulnerability
8.8
19 hours ago
LifterLMS
<= 9.2.1
Authenticated (Custom+) SQL Injection via 'order' Parameter vulnerability
6.5
1 day ago
Load more