Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
37,979
Mitigations
Mitigation rules
13,879
No official fix
10,820
In triage
1,221
Published soon
28
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
ELEX WordPress HelpDesk & Customer Ticketing System
<= 3.3.5
Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability
5.3
5 hours ago
ProfileGrid
<= 5.9.7.2
Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification vulnerability
5.3
5 hours ago
ProfileGrid
<= 5.9.7.2
WordPress ProfileGrid - User Profiles, Groups and Communities plugin <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension vulnerability
4.3
5 hours ago
Robin image optimizer
<= 2.0.2
Authenticated (Author+) Stored Cross-Site Scripting via Image Alternative Text Field vulnerability
5.9
5 hours ago
Dynamic Widget Content
<= 1.3.6
Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Content Field vulnerability
6.5
5 hours ago
Essential Widgets
<= 3.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes vulnerability
6.5
6 hours ago
PopupKit
<= 2.2.0
Unauthenticated SQL Injection via Multiple REST API Endpoints vulnerability
7.6
6 hours ago
UserPlus
<= 2.0
Missing Authorization via Multiple Functions vulnerability
6.3
15 hours ago
Sell BTC – Cryptocurrency Selling Calculator
<= 1.5
WordPress Sell BTC - Cryptocurrency Selling Calculator plugin <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'orderform_data' AJAX Action vulnerability
7.1
16 hours ago
School Management
<= 91.5.0
Authenticated (Student+) Arbitrary File Upload vulnerability
9.9
16 hours ago
Booking Calendar and Notification
<= 4.0.3
Missing Authorization via wpcb_all_bookings, wpcb_update_booking_post, and wpcb_delete_posts Functions vulnerability
6.5
16 hours ago
MyRewards
<= 5.6.0
WordPress MyRewards - Loyalty Points and Rewards for WooCommerce plugin <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Loyalty Rule Modification vulnerability
6.5
16 hours ago
Smart Appointment & Booking
<= 1.0.7
Authenticated (Subscriber+) Stored Cross-Site Scripting via saab_save_form_data AJAX Action vulnerability
6.5
17 hours ago
WebPurify Profanity Filter
<= 4.0.2
Missing Authorization to Unauthenticated Plugin Settings Change via webpurify_save_options vulnerability
6.5
17 hours ago
WP FOFT Loader
<= 2.1.39
Authenticated (Author+) Arbitrary File Upload vulnerability
8.8
17 hours ago
Persian Woocommerce SMS
<= 7.0.5
Reflected Cross-Site Scripting vulnerability
7.1
17 hours ago
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto
<= 8.0.11
Unauthentiated Stored Cross-Site Scripting via Form File Upload vulnerability
7.2
17 hours ago
ForumWP
<= 2.1.2
WordPress ForumWP - Forum & Discussion Board plugin <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter vulnerability
7.1
19 hours ago
WooCommerce PDF Invoice Builder
<= 1.2.136
Reflected Cross-Site Scripting vulnerability
7.1
19 hours ago
Schema App Structured Data
<= 2.2.4
Reflected Cross-Site Scripting vulnerability
7.1
19 hours ago
Load more