The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total37,414

MitigationsMitigation rules13,770

No official fix10,756

In triage1,259

Published soon0

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
SupportCandy<= 3.4.4 WordPress SupportCandy - Helpdesk & Customer Support Ticket System plugin <= 3.4.4 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability	5.4	14 hours ago
Ajax Load More<= 7.8.1 WordPress Ajax Load More - Infinite Scroll, Lazy Load & Load More plugin <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure vulnerability	5.3	15 hours ago
Booking Calendar<= 10.14.13 Missing Authorization to Unauthenticated Booking Details Exposure vulnerability	5.3	16 hours ago
NEX-Forms<= 9.1.8 WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability	5.3	16 hours ago
WoWPth<= 2.0 Reflected XSS vulnerability	7.1	1 day ago
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes<= 1.4.9 Authenticated (Subscriber+) SQL Injection vulnerability	8.5	1 day ago
Ads Pro<= 4.89 Unauthenticated SQL Injection vulnerability	9.3	1 day ago
Ads Pro<= 4.89 Unauthenticated Time-Based SQL Injection via ‘bsa_pro_id' vulnerability	9.3	1 day ago
Likes and Dislikes<= 1.0.0 Unauthenticated SQL Injection vulnerability	9.3	1 day ago
ArielBrailovsky-ViralAd<= 1.0.8 Unauthenticated SQL Injection vulnerability	9.3	1 day ago
WPBookit<= 1.0.2 Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update vulnerability	9.8	1 day ago
Advanced Google reCAPTCHA<= 1.29 Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter vulnerability	8.5	1 day ago
Himer< 2.1.3 CSRF While Sending the Invites	4.3	1 day ago
EventON< 2.2.8 Reflected XSS vulnerability	7.1	1 day ago
EventON< 4.5.5 Reflected XSS vulnerability	7.1	1 day ago
Frontend Dashboard1.5.10-2.2.7 WordPress Frontend Dashboard plugin 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function vulnerability	8.8	1 day ago
Custom Login Page Customizer< 2.5.4 Unauthenticated Arbitrary Password Reset vulnerability	9.8	1 day ago
Himer< 2.1.1 Bypass Poll Voting Restrictions via CSRF vulnerability	4.3	1 day ago
Presto Player< 2.2.3 Contributor+ Stored XSS vulnerability	6.5	1 day ago
GoZen Forms<= 1.1.5 Unauthenticated SQL Injection via emdedSc() vulnerability	9.3	1 day ago