The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,266

Mitigation rules13,139

No official fix9,832

In triage1,515

Published soon10

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Modula Image Gallery2.13.1-2.13.2 Authenticated (Author+) Arbitrary File Upload via Race Condition vulnerability	6.6	1 hour ago
Modula Image Gallery2.13.1-2.13.2 Authenticated (Author+) Arbitrary File Deletion vulnerability	6.8	1 hour ago
DB Access<= 0.8.7 Subscriber+ SQLi vulnerability	8.5	2 hours ago
WP Directory Kit1.4.0-1.4.4 Authentication Bypass to Privilege Escalation via Account Takeover vulnerability	9.8	5 hours ago
Frontend Admin by DynamiApps<= 3.28.20 Unauthenticated Arbitrary Options Update vulnerability	9.8	5 hours ago
DesignThemes LMS<= 1.0.4 Unauthenticated Privilege Escalation vulnerability	9.8	5 hours ago
Advanced Custom Fields: Extended0.9.0.5-0.9.1.1 Unauthenticated Remote Code Execution vulnerability	10	5 hours ago
SureMail<= 1.9.0 Unauthenticated Arbitrary File Upload vulnerability	10	6 hours ago
FindAll Listing<= 1.0.5 Unauthenticated Privilege Escalation vulnerability	9.8	6 hours ago
Autoptimize<= 3.1.13 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	10 hours ago
TaxoPress<= 3.40.1 Authenticated (Contributor+) SQL Injection vulnerability	8.5	10 hours ago
TaxoPress<= 3.40.1 Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term Manipulation vulnerability	4.3	10 hours ago
HUSKY<= 1.3.7.2 Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query' vulnerability	4.3	10 hours ago
ShopEngine<= 4.8.5 Cross-Site Request Forgery to Wishlist Manipulation vulnerability	4.3	10 hours ago
Upload.am< 1.0.1 Contributor+ Arbitrary Option Disclosure vulnerability	6.5	12 hours ago
FluentCart<= 1.3.1 Authenticated (Administrator+) SQL Injection via 'groupKey' Parameter vulnerability	7.6	14 hours ago
CSSIgniter Shortcodes<= 2.4.1 Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute vulnerability	6.5	14 hours ago
MxChat<= 2.5.5 Unauthenticated Information Exposure vulnerability	5.3	14 hours ago
Nexter Extension<= 4.4.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	15 hours ago
Kadence WooCommerce Email Designer<= 1.5.17 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago