The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,563

Mitigation rules13,183

No official fix9,949

In triage1,548

Published soon59

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Simple Download Counter<= 2.2.2 Authenticated (Administrator+) Arbitrary File Read via Path Traversal vulnerability	4.9	7 minutes ago
Custom Admin Menu<= 1.0.0 Reflected XSS vulnerability	7.1	1 hour ago
Hippoo Mobile App for WooCommerce<= 1.7.1 Unauthenticated Arbitrary File Read vulnerability	7.5	1 hour ago
CSV to SortTable<= 4.2 Contributor+ LFI vulnerability	8.8	5 hours ago
WPeMatico RSS Feed Fetcher< 2.8.13 Contributor+ Stored XSS vulnerability	6.5	5 hours ago
Video Merchant<= 5.0.4 Cross-Site Request Forgery to Arbitrary File Upload vulnerability	9.6	5 hours ago
SurveyFunnel<= 1.1.5 Unauthenticated Information Exposure vulnerability	5.3	21 hours ago
SurveyFunnel<= 1.1.5 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	21 hours ago
Trust.Reviews<= 2.5 Unauthenticated Stored Cross-Site Scripting via Social Media Reviews vulnerability	7.1	1 day ago
Advanced Product Fields (Product Addons) for WooCommerce<= 1.6.17 Cross-Site Request Forgery to Product Field Group Duplication and Publication vulnerability	4.3	1 day ago
ProfilePress<= 4.16.7 Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability	4.3	1 day ago
Beaver Builder<= 2.9.4 Authenticated (Contributor+) Sensitive Information Exposure vulnerability	4.3	1 day ago
Security & Malware scan by CleanTalk<= 2.168 Unauthenticated Stored Cross-Site Scripting via Page URL vulnerability	7.1	1 day ago
Listar – Directory Listing & Classifieds<= 3.0.0 Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability	4.3	1 day ago
All-in-One Video Gallery4.5.4-4.5.7 Authenticated (Author+) Arbitrary File Upload vulnerability	9.1	1 day ago
myLCO<= 0.8.1 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	1 day ago
Starter Templates<= 4.4.41 Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass vulnerability	9.1	2 days ago
Widgets for Google Reviews<= 13.2.4 Unauthenticated Stored Cross-Site Scripting via Google Reviews vulnerability	7.1	2 days ago
Plugin for Google Reviews<= 6.8 Unauthenticated Stored Cross-Site Scripting via Google Review vulnerability	7.1	2 days ago
FluentForm<= 6.1.7 Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id vulnerability	6.5	2 days ago