The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total38,896

MitigationsMitigation rules14,417

No official patch11,184

In triage1,373

Published soon85

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms<= 1.1.5 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	6 hours ago
Contest Gallery<= 28.1.4 Unauthenticated SQL Injection vulnerability	9.3	6 hours ago
User Registration<= 5.1.2 Unauthenticated Privilege Escalation via Membership Registration vulnerability	9.8	6 hours ago
All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login<= 2.2.5 Authentication Bypass vulnerability	9.8	7 hours ago
Master Addons for Elementor Premium<= 2.1.3 Authenticated (Subscriber+) Remote Code Execution via render_preview vulnerability	8.8	7 hours ago
Page Builder by SiteOrigin<= 2.33.5 Authenticated (Contributor+) Local File Inclusion vulnerability	8.8	15 hours ago
Uncanny Automator<= 7.0.0.3 WordPress Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload vulnerability	7.2	15 hours ago
LatePoint<= 5.2.7 Authenticated (Administrator+) SQL Injection via JSON Import vulnerability	7.6	15 hours ago
AI ChatBot with ChatGPT and Content Generator by AYS<= 2.7.5 Missing Authorization to Unauthenticated API Key Modification vulnerability	5.3	15 hours ago
Blocksy<= 2.1.30 Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields vulnerability	6.5	15 hours ago
Super Stage WP<= 1.0.1 Unauthenticated PHP Object Injection vulnerability	9.8	1 day ago
WPZOOM Addons for Elementor<= 1.3.4 WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.4 - Unauthenticated Reflected Cross-Site Scripting via 'title_tag' Parameter vulnerability	7.1	1 day ago
Tutor LMS<= 3.9.6 Unauthenticated SQL Injection via coupon_code vulnerability	9.3	1 day ago
WP Mail Logging<= 1.15.0 Unauthenticated PHP Object Injection via Email Log Message Field vulnerability	9.8	1 day ago
Porto<= 7.6.2 Reflected Cross Site Scripting (XSS) vulnerability	7.1	4 days ago
Pizza House<= 1.4.0 PHP Object Injection vulnerability	9.8	4 days ago
Guff<= 1.0.1 Broken Access Control vulnerability	7.5	4 days ago
Police Department<= 2.17 Local File Inclusion vulnerability	8.1	4 days ago
Beacon<= 2.24 Local File Inclusion vulnerability	8.1	4 days ago
Yacht Rental<= 2.6 Local File Inclusion vulnerability	8.1	4 days ago