Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,688
Mitigations
Mitigation rules
14,814
No official patch
11,219
In triage
1,619
Published soon
2
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Ninja Forms File Uploads Extension
<= 3.3.26
WordPress Ninja Forms - File Upload plugin <= 3.3.26 - Unauthenticated Arbitrary File Upload vulnerability
10
9 minutes ago
Ocean Extra
<= 2.5.3
Broken Access Control vulnerability
5.4
1 hour ago
LTL Freight Quotes – Worldwide Express Edition
<= 5.2.1
Broken Access Control vulnerability
5.3
2 hours ago
Simple Social Media Share Buttons
<= 6.2.0
Cross Site Request Forgery (CSRF) vulnerability
7.5
2 hours ago
Under Construction, Coming Soon & Maintenance Mode
<= 2.1.1
Cross Site Request Forgery (CSRF) vulnerability
7.5
2 hours ago
wpForo Forum
<= 2.4.16
Authenticated (Subscriber+) Arbitrary File Deletion via Post Body vulnerability
8.8
3 hours ago
Text to Speech – TTSWP
<= 1.9.8
Use of Hardcoded Password to Unauthenticated Remote Database Access vulnerability
7.5
4 hours ago
Amelia
<= 2.1.3
Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter vulnerability
8.8
6 hours ago
WPFunnels
<= 3.7.9
Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode vulnerability
6.5
7 hours ago
Gutenberg Blocks by Kadence Blocks
<= 3.6.3
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload vulnerability
7.1
12 hours ago
Gutenberg Blocks by Kadence Blocks
<= 3.6.3
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload vulnerability
4.3
12 hours ago
Media LIbrary Assistant
<= 3.34
Cross Site Scripting (XSS) vulnerability
6.5
19 hours ago
Media LIbrary Assistant
<= 3.34
SQL Injection vulnerability
8.5
19 hours ago
Ultimate Member
<= 2.11.1
Authenticated (Subscriber+) Stored Cross-Site Scripting via DOM Gadgets vulnerability
6.5
1 day ago
WP Travel Engine
<= 6.7.5
WordPress WP Travel Engine - Travel and Tour Booking Plugin plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode vulnerability
6.5
3 days ago
ElementsKit Elementor addons Lite
<= 3.7.9
Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget vulnerability
6.5
3 days ago
WCFM – Frontend Manager for WooCommerce
<= 6.7.25
WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.25 - Insecure Direct Object References to Authenticated (Vendor+) Arbitrary Post/Product Manipulation vulnerability
8.1
3 days ago
Shortcodes Ultimate
<= 7.4.7
Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode vulnerability
6.5
3 days ago
Shortcodes Ultimate
<= 7.4.8
authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode vulnerability
5.9
3 days ago
Royal Elementor Addons
<= 1.7.1049
Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass vulnerability
6.5
3 days ago
Load more