Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,964
Mitigations
Mitigation rules
14,463
No official patch
11,189
In triage
1,487
Published soon
39
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Greenshift
<= 12.8.3
WordPress Greenshift - animation and page builder blocks plugin <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup vulnerability
5.3
5 hours ago
Greenshift
<= 12.8.5
WordPress Greenshift - animation and page builder blocks plugin <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
5 hours ago
LatePoint
<= 5.2.7
Authenticated (Agent+) Privilege Escalation vulnerability
8.8
17 hours ago
Fluent Forms Pro Add On Pack
<= 6.1.17
Unauthenticated Stored Cross-Site Scripting via Draft Form Submission vulnerability
7.1
18 hours ago
WPBookit
<= 1.0.8
Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters vulnerability
7.1
19 hours ago
Fluent Forms Pro Add On Pack
<= 6.1.17
Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability
7.5
20 hours ago
Mail Mint
< 1.19.5
Unauthenticated Emails Disclosure vulnerability
7.5
20 hours ago
Restrict Content
<= 3.2.20
WordPress Membership plugin - Restrict Content plugin <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level' vulnerability
8.1
20 hours ago
Page and Post Clone
<= 6.3
Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter vulnerability
8.5
1 day ago
Media LIbrary Assistant
<= 3.33
Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification vulnerability
4.3
1 day ago
Apocalypse Meow
<= 22.1.0
Authenticated (Administrator+) SQL Injection via 'type' Parameter vulnerability
7.6
1 day ago
OoohBoi Steroids for Elementor
<= 2.1.24
Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls vulnerability
6.5
1 day ago
My Calendar
<= 3.7.3
WordPress My Calendar - Accessible Event Manager plugin <= 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
1 day ago
Seraphinite Accelerator
<= 2.28.14
Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor vulnerability
4.3
1 day ago
Seraphinite Accelerator
<= 2.28.14
Missing Authorization to Authenticated (Subscriber+) Log Clearing vulnerability
4.3
1 day ago
JS Help Desk
<= 2.8.2
WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie vulnerability
9.3
1 day ago
All-in-One Video Gallery
<= 4.7.1
Reflected Cross-Site Scripting via 'vi' Parameter vulnerability
7.1
1 day ago
Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder
<= 1.6.0
WordPress Gutena Forms - Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema() vulnerability
6.5
2 days ago
Envira Photo Gallery
<= 1.12.3
Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API vulnerability
5.9
2 days ago
Enable Media Replace
<= 4.1.7
Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace vulnerability
5.4
2 days ago
Load more