The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total38,282

MitigationsMitigation rules14,040

No official fix10,914

In triage1,448

Published soon3

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
WP System Log<= 1.2.8 Missing Authorization to Sensitive Information Exposure via Log File vulnerability	6.5	14 minutes ago
Converter for Media<= 6.5.1 WordPress Converter for Media - Optimize images \| Convert WebP & AVIF plugin <= 6.5.1 - Unauthenticated Server-Side Request Forgery via src vulnerability	7.2	55 minutes ago
Uni CPO (Premium)<= 4.9.60 WordPress Product Options and Price Calculation Formulas for WooCommerce - Uni CPO (Premium) plugin <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion vulnerability	5.8	3 hours ago
BlueSnap Payment Gateway for WooCommerce<= 3.3.0 Missing Authorization to Unauthenticated Arbitrary Order Status Manipulation vulnerability	7.5	3 hours ago
Truelysell Core<= 1.8.7 Unauthenticated Privilege Escalation via Registration vulnerability	9.8	3 hours ago
wpForo Forum<= 2.4.13 Authenticated (Subscriber+) PHP Object Injection vulnerability	8.8	3 hours ago
Magic Login Mail or QR Code<= 2.05 Unauthenticated Privilege Escalation via Insecure QR Code File Storage vulnerability	8.1	12 hours ago
midi-Synth<= 1.1.0 Unauthenticated Arbitrary File Upload via 'export' AJAX Action vulnerability	10	12 hours ago
PhotoStack Gallery<= 0.4.1 Unauthenticated SQL Injection via 'postid' Parameter vulnerability	9.3	13 hours ago
SureForms<= 2.2.1 WordPress SureForms - Drag and Drop Form Builder for WordPress plugin <= 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation vulnerability	7.5	13 hours ago
Prime Listing Manager<= 1.1 Unauthenticated Privilege Escalation vulnerability	9.8	16 hours ago
WP eCommerce<= 3.15.1 Unauthenticated PHP Object Injection vulnerability	9.8	16 hours ago
AdForest<= 6.0.12 Authentication Bypass vulnerability	9.8	17 hours ago
Media Library Folders<= 8.3.6 Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename vulnerability	4.3	2 days ago
Essential Addons for Elementor<= 6.5.9 Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget vulnerability	6.5	2 days ago
MP3 Audio Player for Music, Radio & Podcast by Sonaar5.3-5.10 Authenticated (Author+) Server-Side Request Forgery vulnerability	5	2 days ago
Mail Mint<= 1.19.2 Authenticated (Administrator+) SQL Injection via Multiple API Endpoints vulnerability	7.6	2 days ago
Modula Image Gallery<= 2.13.6 WordPress Modula Image Gallery - Photo Grid & Video Gallery plugin <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing vulnerability	4.3	2 days ago
myCred<= 2.9.7.3 Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode vulnerability	6.5	2 days ago
Link Hopper<= 2.5 Authenticated (Administrator+) Stored Cross-Site Scripting via 'hop_name' Parameter vulnerability	5.9	2 days ago