The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total38,937

MitigationsMitigation rules14,441

No official patch11,183

In triage1,442

Published soon44

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Fluent Forms Pro Add On Pack<= 6.1.17 Unauthenticated Stored Cross-Site Scripting via Draft Form Submission vulnerability	7.1	16 minutes ago
WPBookit<= 1.0.8 Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters vulnerability	7.1	46 minutes ago
Fluent Forms Pro Add On Pack<= 6.1.17 Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability	7.5	1 hour ago
Mail Mint< 1.19.5 Unauthenticated Emails Disclosure vulnerability	7.5	2 hours ago
Restrict Content<= 3.2.20 WordPress Membership plugin - Restrict Content plugin <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level' vulnerability	8.1	2 hours ago
Page and Post Clone<= 6.3 Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter vulnerability	8.5	10 hours ago
Media LIbrary Assistant<= 3.33 Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification vulnerability	4.3	10 hours ago
Apocalypse Meow<= 22.1.0 Authenticated (Administrator+) SQL Injection via 'type' Parameter vulnerability	7.6	10 hours ago
OoohBoi Steroids for Elementor<= 2.1.24 Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls vulnerability	6.5	10 hours ago
My Calendar<= 3.7.3 WordPress My Calendar - Accessible Event Manager plugin <= 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	10 hours ago
Seraphinite Accelerator<= 2.28.14 Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor vulnerability	4.3	10 hours ago
Seraphinite Accelerator<= 2.28.14 Missing Authorization to Authenticated (Subscriber+) Log Clearing vulnerability	4.3	11 hours ago
JS Help Desk<= 2.8.2 WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie vulnerability	9.3	1 day ago
All-in-One Video Gallery<= 4.7.1 Reflected Cross-Site Scripting via 'vi' Parameter vulnerability	7.1	1 day ago
Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder<= 1.6.0 WordPress Gutena Forms - Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema() vulnerability	6.5	1 day ago
Envira Photo Gallery<= 1.12.3 Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API vulnerability	5.9	1 day ago
Enable Media Replace<= 4.1.7 Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace vulnerability	5.4	1 day ago
WP-Members<= 3.5.5.1 Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute vulnerability	8.5	1 day ago
Morkva UA Shipping<= 1.7.9 Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field vulnerability	5.9	1 day ago
Taskbuilder<= 5.0.3 Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field vulnerability	5.9	1 day ago