The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total39,242

MitigationsMitigation rules14,546

No official patch11,205

In triage1,328

Published soon16

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Formidable Forms<= 6.28 Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter vulnerability	5.3	6 hours ago
Formidable Forms<= 6.28 Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse vulnerability	7.5	6 hours ago
Simply Schedule Appointments<= 1.6.9.29 Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability	7.5	6 hours ago
Pix for WooCommerce<= 1.5.0 Unauthenticated Arbitrary File Upload vulnerability	10	7 hours ago
Calculated Fields Form<= 5.4.5.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings vulnerability	6.5	10 hours ago
Social Icons Widget & Block by WPZOOM<= 4.5.8 Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation vulnerability	4.3	10 hours ago
GetGenie<= 4.3.2 Insecure Direct Object Reference to Authenticated (Author+) Stored Cross-Site Scripting via REST API vulnerability	5.9	10 hours ago
GetGenie<= 4.3.2 Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion vulnerability	5.4	10 hours ago
Simply Schedule Appointments<= 1.6.9.29 Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure vulnerability	4.3	10 hours ago
Reading progressbar< 1.3.1 Admin+ Stored XSS vulnerability	5.9	14 hours ago
Timetics< 1.0.52 Unauthenticated Payment/Booking Status Update vulnerability	4.3	14 hours ago
Simple Ajax Chat<= 20260217 Unauthenticated Stored Cross-Site Scripting via 'c' vulnerability	7.1	1 day ago
PixelYourSite PRO<= 12.4.0.2 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
PixelYourSite – Your smart PIXEL (TAG) Manager<= 11.2.0 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
DukaPress<= 3.2.4 Reflected XSS vulnerability	7.1	1 day ago
WP Front User Submit / Front Editor< 5.0.6 Unauthenticated Sensitive Information Exposure vulnerability	5.9	1 day ago
ExactMetrics7.1.0-9.0.2 Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update vulnerability	9.8	1 day ago
Name Directory<= 1.32.1 Unauthenticated Stored Cross-Site Scripting via 'name_directory_name' vulnerability	7.1	1 day ago
Checkout Field Editor (Checkout Manager) for WooCommerce<= 2.1.7 Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field vulnerability	7.1	1 day ago
Contact Form & Lead Form Elementor Builder<= 2.0.1 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago