The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total48,688

MitigationsMitigation rules15,693

No official patch12,993

In triage1,409

Published soon46

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
PPWP<= 1.9.19 Insecure Direct Object References (IDOR) vulnerability	4.3	23 minutes ago
Email Marketing for WooCommerce by Omnisend<= 1.19.0 Broken Access Control vulnerability	5.4	23 minutes ago
FunnelKit Payment Gateway for Stripe WooCommerce<= 1.14.0.3 Cross Site Request Forgery (CSRF) vulnerability	6.5	23 minutes ago
WCBoost – Products Compare<= 1.1.0 Sensitive Data Exposure vulnerability	5.3	23 minutes ago
wpForo Forum<= 3.0.9 SQL Injection vulnerability	8.5	24 minutes ago
Real Estate 7<= 3.5.9 Cross Site Request Forgery (CSRF) vulnerability	6.5	25 minutes ago
Gallery <= 4.7.8 SQL Injection vulnerability	8.5	25 minutes ago
Abandoned Cart Lite for WooCommerce<= 6.8.0 Cross Site Request Forgery (CSRF) vulnerability	4.3	25 minutes ago
MasterStudy LMS<= 3.7.30 Broken Access Control vulnerability	4.3	25 minutes ago
WP Post Author<= 3.9.1 SQL Injection vulnerability	8.5	25 minutes ago
Fluent Booking<= 2.1.0 Cross Site Scripting (XSS) vulnerability	6.5	25 minutes ago
Popup box<= 6.0.1 SQL Injection vulnerability	7.6	35 minutes ago
Blocksy Companion Pro<= 2.1.46 Insecure Direct Object References (IDOR) vulnerability	5.3	35 minutes ago
StatCounter<= 2.1.1 Cross Site Scripting (XSS) vulnerability	6.5	36 minutes ago
WP All Import<= 4.0.1 SQL Injection vulnerability	7.6	37 minutes ago
Kirki<= 6.0.11 Server Side Request Forgery (SSRF) vulnerability	4.9	37 minutes ago
Exclusive Addons Elementor<= 2.7.9.8 Cross Site Scripting (XSS) vulnerability	6.5	1 hour ago
User Registration<= 5.2.0 Missing Authorization to Unauthenticated Payment Bypass vulnerability	6.5	4 hours ago
neotoma>= 0.13.0, < 0.14.0 NPM: neotoma has tenant isolation gap in relationship query endpoints	0.6	19 hours ago
i18next-fs-backend< 2.6.6 NPM: i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string	9.1	19 hours ago