Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,100
Mitigations
Mitigation rules
14,543
No official patch
11,210
In triage
1,531
Published soon
12
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Calculated Fields Form
<= 5.4.5.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings vulnerability
6.5
2 hours ago
Social Icons Widget & Block by WPZOOM
<= 4.5.8
Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation vulnerability
4.3
2 hours ago
GetGenie
<= 4.3.2
Insecure Direct Object Reference to Authenticated (Author+) Stored Cross-Site Scripting via REST API vulnerability
5.9
2 hours ago
GetGenie
<= 4.3.2
Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion vulnerability
5.4
2 hours ago
Simply Schedule Appointments
<= 1.6.9.29
Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure vulnerability
4.3
2 hours ago
Reading progressbar
< 1.3.1
Admin+ Stored XSS vulnerability
5.9
6 hours ago
Timetics
< 1.0.52
Unauthenticated Payment/Booking Status Update vulnerability
4.3
6 hours ago
Simple Ajax Chat
<= 20260217
Unauthenticated Stored Cross-Site Scripting via 'c' vulnerability
7.1
21 hours ago
PixelYourSite PRO
<= 12.4.0.2
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
21 hours ago
PixelYourSite – Your smart PIXEL (TAG) Manager
<= 11.2.0
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
21 hours ago
DukaPress
<= 3.2.4
Reflected XSS vulnerability
7.1
21 hours ago
WP Front User Submit / Front Editor
< 5.0.6
Unauthenticated Sensitive Information Exposure vulnerability
5.9
22 hours ago
ExactMetrics
7.1.0-9.0.2
Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update vulnerability
9.8
22 hours ago
Name Directory
<= 1.32.1
Unauthenticated Stored Cross-Site Scripting via 'name_directory_name' vulnerability
7.1
22 hours ago
Checkout Field Editor (Checkout Manager) for WooCommerce
<= 2.1.7
Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field vulnerability
7.1
22 hours ago
Contact Form & Lead Form Elementor Builder
<= 2.0.1
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
22 hours ago
Gravity Forms
<= 2.9.28
Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title vulnerability
6.5
22 hours ago
My Sticky Bar
<= 2.8.6
Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action vulnerability
9.3
22 hours ago
Datalogics Ecommerce Delivery
< 2.6.60
Unauthenticated Privilege Escalation vulnerability
9.8
23 hours ago
Divi Booster
< 5.0.2
Unauthenticated PHP Object Injection vulnerability
9.8
23 hours ago
Load more