Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
36,736
Mitigations
Mitigation rules
13,540
No official fix
10,538
In triage
1,066
Published soon
17
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WP-Members
<= 3.5.4.3
Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields vulnerability
6.5
6 hours ago
Simply Schedule Appointments
<= 1.6.9.9
Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters vulnerability
9.3
7 hours ago
Drag and Drop Multiple File Upload – Contact Form 7
<= 1.3.9.2
Missing Authorization to Unauthenticated File Deletion vulnerability
3.7
14 hours ago
List Site Contributors
<= 1.1.8
Reflected Cross-Site Scripting via alpha vulnerability
7.1
1 day ago
AJS Footnotes
<= 1.0
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
Name Directory
<= 1.30.3
Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability
7.1
1 day ago
GeekyBot
<= 1.1.7
WordPress GeekyBot - Generate AI Content Without Prompt, Chatbot and Lead Generation plugin <= 1.1.7 - Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
Gotham Block Extra Light
<= 1.5.0
Authenticated (Contributor+) Arbitrary File Read via 'ghostban' Shortcode vulnerability
6.5
1 day ago
Shipping Rate By Cities
<= 2.0.0
Unauthenticated SQL Injection via 'city' Parameter vulnerability
9.3
1 day ago
News and Blog Designer Bundle
<= 1.1
Unauthenticated Local File Inclusion vulnerability
8.1
1 day ago
Dreamer Blog
<= 1.2
Subscriber+ Arbitrary Plugin Installation vulnerability
8.8
1 day ago
Integration Opvius AI for WooCommerce
<= 1.3.0
Unauthenticated Arbitrary File Deletion/Read via Path Traversal vulnerability
8.6
1 day ago
Modular DS
<= 2.5.1
Privilege Escalation vulnerability
10
1 day ago
DASHBOARD BUILDER
<= 1.5.7
Cross-Site Request Forgery to SQL Injection vulnerability
8.2
1 day ago
WMF Mobile Redirector
<= 1.2
Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability
5.9
1 day ago
Short Link
<= 1.0
Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Page vulnerability
5.9
1 day ago
Aplazo Payment Gateway
<= 1.4.2
Missing Authorization to Unauthenticated Order Status Manipulation vulnerability
5.3
1 day ago
PayHere Payment Gateway Plugin for WooCommerce
<= 2.3.9
Missing Authorization to Unauthenticated Order Status Modification vulnerability
5.3
1 day ago
Float Payment Gateway
<= 1.1.9
Improper Authorization to Unauthenticated Order Status Manipulation vulnerability
5.3
1 day ago
WP Allowed Hosts
<= 1.0.8
Authenticated (Administrator+) Stored Cross-Site Scripting via 'allowed-hosts' Parameter vulnerability
5.9
1 day ago
Load more