The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total46,487

MitigationsMitigation rules15,083

No official patch13,378

In triage1,470

Published soon7

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Check & Log Email< 2.0.13 Unauthenticated Stored XSS vulnerability	7.1	5 hours ago
Woostify<= 2.5.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	21 hours ago
Timeline Blocks for Gutenberg<= 1.1.10 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	1 day ago
Social Post Embed<= 2.0.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	1 day ago
LatePoint<= 5.4.1 Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability vulnerability	8.8	1 day ago
TheGem Theme Elements (for Elementor)< 5.12.1.1 Cross Site Scripting (XSS) vulnerability	6.5	1 day ago
Highland Software Custom Role Manager<= 1.0.0 Authenticated (Subscriber+) Privilege Escalation vulnerability	8.8	1 day ago
Templately<= 3.6.1 Sensitive Data Exposure vulnerability	7.7	1 day ago
myCred<= 3.0.3 Broken Access Control vulnerability	6.5	3 days ago
Groundhogg< 4.4.1 Broken Access Control vulnerability	6.5	3 days ago
HT Mega< 3.0.7 Unauthenticated PII Disclosure vulnerability	7.5	4 days ago
Drag and Drop File Upload for Contact Form 7<= 1.1.3 Unauthenticated Arbitrary File Upload vulnerability	8.1	4 days ago
reCaptcha by WebDesignBy< 2.0 Admin+ Stored XSS vulnerability	5.9	4 days ago
KiviCare<= 4.2.1 Insecure Direct Object References (IDOR) vulnerability	6.3	4 days ago
ITERAS<= 1.8.2 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	4 days ago
HubSpot<= 11.3.32 Forms, Popups, Live Chat plugin <= 11.3.32 - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure vulnerability	4.3	4 days ago
Liaison Site Prober<= 1.2.1 Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint vulnerability	5.3	4 days ago
Taqnix<= 1.0.3 Cross-Site Request Forgery to Account Deletion vulnerability	4.3	4 days ago
Books Gallery<= 4.8.0 Missing Authorization to Unauthenticated Settings Update vulnerability	5.3	4 days ago
Royal Elementor Addons<= 1.7.1056 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	4 days ago