Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
48,849
Mitigations
Mitigation rules
15,763
No official patch
13,022
In triage
1,364
Published soon
67
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
GiveWP
<= 4.15.3
Cross-Site Request Forgery vulnerability
4.3
11 hours ago
Appointment Booking Calendar
<= 1.4.02
Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability
4.3
11 hours ago
Contact Form by WPForms
<= 1.10.2
Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection vulnerability
5.3
12 hours ago
JetWidgets For Elementor
<= 1.0.21
Authenticated (Author+) Stored Cross-Site Scripting vulnerability
5.9
12 hours ago
Event Organiser
<= 3.12.9
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
12 hours ago
FV Flowplayer Video Player
<= 7.5.51.7212
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
13 hours ago
Kali Forms
<= 2.4.13
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
13 hours ago
Tutor LMS
<= 3.9.13
Authenticated (Author+) Stored Cross-Site Scripting vulnerability
5.9
13 hours ago
Gutenberg Blocks by Kadence Blocks
<= 3.7.7
Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Optimizer Data Deletion/Read/Modification vulnerability
4.3
13 hours ago
GiveWP
<= 4.16.0
Authenticated (Author+) Stored Cross-Site Scripting vulnerability
5.9
13 hours ago
JoomSport
<= 5.7.8
Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Deletion vulnerability
4.3
13 hours ago
Ajax Load More - Filters
<= 3.4.1
WordPress Ajax Load More - Filters plugin <= 3.4.1 - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
18 hours ago
Dokan
<= 5.0.4
Authenticated (Custom+) Stored Cross-Site Scripting vulnerability
7.1
18 hours ago
Frisbii Pay
<= 1.8.9
Missing Authorization to Authenticated (Subscriber+) Payment Token Modification vulnerability
6.5
18 hours ago
MaxButtons
<= 9.8.5
Reflected Cross-Site Scripting vulnerability
7.1
18 hours ago
EventON
<= 5.0.11
WordPress EventON (Pro) - WordPress Virtual Event Calendar Plugin plugin <= 5.0.11 - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection vulnerability
9.3
19 hours ago
Export User Data
<= 2.2.6
Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion vulnerability
8
19 hours ago
ProfileGrid
<= 5.9.9.5
User Profiles, Groups and Communities plugin <= 5.9.9.5 - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability
9.8
19 hours ago
Frontend File Manager
<= 23.6
Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
7.7
19 hours ago
Gutenberg Blocks by Kadence Blocks
<= 3.7.7
Missing Authorization to Authenticated (Contributor+) Arbitrary Media Attachment Creation vulnerability
4.3
1 day ago
Load more