Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,484
Mitigations
Mitigation rules
14,095
No official fix
10,956
In triage
1,255
Published soon
32
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
IMGspider
<= 2.3.10
Authenticated (Contributor+) Arbitrary File Upload via 'upload_img_file' vulnerability
9.9
2 hours ago
Import Eventbrite Events
<= 1.7.4
Reflected Cross-Site Scripting vulnerability
7.1
2 hours ago
WP RSS Aggregator
<= 5.0.10
Reflected Cross-Site Scripting via 'template' Parameter vulnerability
7.1
3 hours ago
FluentForm
<= 5.1.19
Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields vulnerability
6.5
3 hours ago
LiquidPoll
<= 3.3.78
Unauthenticated Stored Cross-Site Scripting via form_data Parameter vulnerability
7.1
3 hours ago
ARForms Form Builder
<= 1.5.8
Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url vulnerability
7.1
3 hours ago
Formidable Forms
<= 6.7
HTML Injection vulnerability
6.5
3 hours ago
tagDiv Composer
<= 5.0
Reflected Cross-Site Scripting via envato_code[] vulnerability
7.1
3 hours ago
Premmerce
<= 1.3.20
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint vulnerability
6.5
3 hours ago
Subitem AL Slider
<= 1.0.0
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
3 hours ago
Product Addons for Woocommerce
<= 3.1.0
WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter vulnerability
7.2
3 hours ago
Download Manager
<= 3.3.46
Reflected Cross-Site Scripting via 'redirect_to' Parameter vulnerability
7.1
3 hours ago
ShopLentor
<= 3.3.2
Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action vulnerability
8.6
4 hours ago
Rent Fetch
<= 0.32.6
Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter vulnerability
7.1
4 hours ago
WPNakama
<= 0.6.5
Unauthenticated SQL Injection via 'order' REST API Parameter vulnerability
9.3
4 hours ago
Taskbuilder
<= 5.0.2
Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters vulnerability
8.5
4 hours ago
Business Directory
<= 6.4.21
Unauthenticated SQL Injection via payment Parameter vulnerability
9.3
5 hours ago
RegistrationMagic
<= 6.0.6.9
WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment vulnerability
5.3
11 hours ago
Complianz
<= 7.4.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
11 hours ago
User Submitted Posts
<= 20260113
Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter vulnerability
5.3
11 hours ago
Load more