The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,040

Mitigation rules13,049

No official fix9,805

In triage1,347

Published soon5

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Display Pages Shortcode<= 1.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	4 minutes ago
HotelRunner Booking Widget<= 5.2.4 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	6 minutes ago
Custom Post Type<= 1.0 Cross-Site Request Forgery to Custom Post Type Deletion vulnerability	4.3	16 minutes ago
BrightTALK WordPress Shortcode<= 2.4.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	24 minutes ago
Surbma \| MiniCRM Shortcode<= 2.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	26 minutes ago
Bulma Shortcodes<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	34 minutes ago
Shortcodes Bootstrap<= 1.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	36 minutes ago
Pollcaster Shortcode Plugin<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	37 minutes ago
AuthorSure<= 2.3 Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability	7.1	40 minutes ago
Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO<= 2.4.6 Missing Authorization to Authenticated (Subscriber+) Contract Address Update vulnerability	5.4	43 minutes ago
Affiliate AI Lite<= 1.0.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	55 minutes ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.3.0 Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion vulnerability	4.3	1 hour ago
W3 Total Cache< 2.8.13 Unauthenticated Command Injection vulnerability	9	13 hours ago
TP WooCommerce Product Gallery<= 1.1.9 Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	6.5	20 hours ago
Royal Elementor Addons<= 1.7.1031 Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting	6.5	20 hours ago
Grid KIT Portfolio<= 2.2.1 Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	6.5	20 hours ago
OnePress<= 2.3.15 Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	6.5	20 hours ago
LightGallery WP<= 1.0.5 Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	6.5	20 hours ago
Image Hover Effects Ultimate<= 9.10.5 Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	6.5	20 hours ago
Giveaways and Contests by RafflePress<= 1.12.19 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago