Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,219
Mitigations
Mitigation rules
14,022
No official fix
10,894
In triage
1,335
Published soon
44
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WP Server Log Viewer
<= 1.0
Stored Cross Site Scripting vulnerability
5.9
2 hours ago
Duplicate Post
<= 3.2.3
Stored Cross-Site Scripting vulnerability
5.9
2 hours ago
OpenPix
<= 2.13.3
Subscriber+ Payment Gateway Settings Reset vulnerability
5.4
3 hours ago
LatePoint
<= 5.2.6
WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.6 - Missing Authorization to Booking Details Exposure vulnerability
5.3
3 hours ago
Gutenberg Blocks by Kadence Blocks
<= 3.5.32
Incorrect Authorization to Authenticated (Contributor+) Post Publication vulnerability
4.3
3 hours ago
Master Addons for Elementor
<= 2.0.6.1
Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget vulnerability
7.2
17 hours ago
Lazy Blocks
<= 4.2.0
WordPress Custom Block Builder - Lazy Blocks plugin <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution vulnerability
8.8
17 hours ago
Twitter posts to Blog
<= 1.11.25
Missing Authorization to Unauthenticated Plugin Settings Update vulnerability
6.5
18 hours ago
Slimstat Analytics
<= 5.3.1
Authenticated (Subscriber+) SQL Injection via `args` Parameter vulnerability
8.5
18 hours ago
Videospirecore Theme
<= 1.0.6
Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover vulnerability
8.8
19 hours ago
WPvivid Backup and Migration
<= 0.9.123
Unauthenticated Arbitrary File Upload vulnerability
10
19 hours ago
WPZOOM Addons for Elementor
<= 1.3.2
WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more vulnerability
5.3
1 day ago
IDE Micro code-editor
<= 1.0.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability
6.5
1 day ago
BuddyHolis ListSearch
<= 1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute vulnerability
6.5
1 day ago
WDES Responsive Popup
<= 1.3.6
Authenticated (Contributor+) Stored Cross-Site Scripting via 'attr' Shortcode Attribute vulnerability
6.5
1 day ago
Invoct – PDF Invoices & Billing for WooCommerce
<= 1.6
WordPress Invoct - PDF Invoices & Billing for WooCommerce plugin <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability
4.3
1 day ago
MMA Call Tracking
<= 2.3.15
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
1 day ago
WPlyr Media Block
<= 1.3.0
Authenticated (Administrator+) Stored Cross-Site Scripting via '_wplyr_accent_color' Parameter vulnerability
5.9
1 day ago
Slideshow Wp
<= 1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute vulnerability
6.5
1 day ago
Sudoku Shortcode
<= 1.0.0
Authenticated (Contributor+) Cross-Site Scripting via 'background' Shortcode Attribute vulnerability
6.5
1 day ago
Load more