The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total48,862
Mitigations15,769
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
BookingPress Appointment Booking Pro<= 5.7.1
Unauthenticated SQL Injection vulnerability
9.3
6 minutes ago
WP-BusinessDirectory<= 4.0.1
Unauthenticated Arbitrary File Deletion vulnerability
8.6
14 minutes ago
Taskbuilder<= 5.0.8
Authenticated (Subscriber+) SQL Injection vulnerability
8.5
24 minutes ago
Taskbuilder<= 5.0.8
Authenticated (Subscriber+) SQL Injection vulnerability
8.5
37 minutes ago
Visualizer<= 4.0.3
Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability
7.5
49 minutes ago
SMS Alert Order Notifications<= 3.9.5
Unauthenticated Privilege Escalation vulnerability
9.8
50 minutes ago
YouTube Showcase<= 4.0.3
Authenticated (Subscriber+) Arbitrary Function Call vulnerability
7.5
1 hour ago
WP Photo Album Plus<= 9.1.13.005
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
12 hours ago
MotoPress Appointment Booking<= 2.4.5
Authenticated (Staff+) SQL Injection vulnerability
8.5
13 hours ago
RegistrationMagic<= 6.0.9.1
Cross-Site Request Forgery to Privilege Escalation vulnerability
8.8
14 hours ago
Slim SEO<= 4.9.8
Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure vulnerability
4.3
14 hours ago
Qi Blocks<= 1.4.9
Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification vulnerability
4.3
14 hours ago
Motors<= 1.4.111
Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification vulnerability
4.3
14 hours ago
LearnPress<= 4.4.0
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
14 hours ago
Download Manager<= 3.3.60
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
15 hours ago
GiveWP<= 4.15.3
Cross-Site Request Forgery vulnerability
4.3
17 hours ago
Appointment Booking Calendar<= 1.4.02
Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability
4.3
17 hours ago
Contact Form by WPForms<= 1.10.2
Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection vulnerability
5.3
17 hours ago
JetWidgets For Elementor<= 1.0.21
Authenticated (Author+) Stored Cross-Site Scripting vulnerability
5.9
17 hours ago
Event Organiser<= 3.12.9
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
18 hours ago