Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
37,071
Mitigations
Mitigation rules
13,666
No official fix
10,681
In triage
1,141
Published soon
19
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
User Submitted Posts
<= 20251210
WordPress User Submitted Posts - Enable Users to Submit Posts from the Front End plugin <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field vulnerability
7.1
1 hour ago
Metform
<= 4.1.0
WordPress MetForm - Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value vulnerability
3.7
1 hour ago
JustClick registration plugin
<= 0.1
Reflected Cross-Site Scripting via PHP_SELF vulnerability
7.1
1 hour ago
Frontis Blocks
<= 1.1.6
Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability
7.2
1 hour ago
Kalrav AI Agent
<= 2.3.3
Unauthenticated Arbitrary File Upload via kalrav_upload_file AJAX Action vulnerability
10
1 hour ago
Moderate Selected Posts
<= 1.4
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
2 days ago
All-in-One Video Gallery
4.1.0-4.6.4
Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update vulnerability
5.4
2 days ago
CM CSS Columns
<= 1.2.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Shortcode Attribute vulnerability
6.5
2 days ago
AdminQuickbar
<= 1.9.3
Cross-Site Request Forgery to Settings Update vulnerability
4.3
2 days ago
Canto Testimonials
<= 1.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'fx' Shortcode Attribute vulnerability
6.5
2 days ago
GZSEO
<= 2.0.11
Authenticated (Contributor+) Authorization Bypass to Stored Cross-Site Scripting vulnerability
6.5
2 days ago
WP-ClanWars
<= 2.0.1
Authenticated (Administrator+) SQL Injection via 'orderby' Parameter vulnerability
7.6
2 days ago
Login Page Editor
<= 1.2
Cross-Site Request Forgery to Settings Update vulnerability
4.3
2 days ago
ThemeRuby Multi Authors
<= 1.0.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' and 'after' Shortcode Attributes vulnerability
6.5
2 days ago
Wizit Gateway for WooCommerce
<= 1.2.9
Missing Authentication to Unauthenticated Arbitrary Order Cancellation vulnerability
5.3
2 days ago
Set Bulk Post Categories
<= 1.1
Cross-Site Request Forgery to Bulk Post Category Update vulnerability
4.3
2 days ago
Alex User Counter
<= 6.0
Cross-Site Request Forgery to Settings Update vulnerability
4.3
2 days ago
Alpha Blocks
<= 1.5.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'alpha_block_css' Post Meta vulnerability
6.5
2 days ago
Star Review Manager
<= 1.2.2
Cross-Site Request Forgery to Settings Update vulnerability
4.3
2 days ago
Administrative Shortcodes
<= 0.3.4
Authenticated (Contributor+) Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes vulnerability
6.5
2 days ago
Load more