Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,057
Mitigations
Mitigation rules
14,511
No official patch
11,213
In triage
1,532
Published soon
28
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
The Events Calendar
<= 6.15.17
Authenticated (Author+) Arbitrary File Read via ajax_create_import vulnerability
7.5
5 minutes ago
Simply Schedule Appointments
<= 1.6.9.27
Unauthenticated SQL Injection via 'append_where_sql' Parameter vulnerability
9.3
23 minutes ago
JetBooking
<= 4.0.3
Unauthenticated SQL Injection via 'check_in_date' Parameter vulnerability
9.3
36 minutes ago
WP Maps
<= 4.9.1
Unauthenticated SQL Injection via 'location_id' Parameter vulnerability
9.3
49 minutes ago
Ally
<= 4.0.3
WordPress Ally - Web Accessibility & Usability plugin <= 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability
9.3
1 hour ago
ProfilePress
<= 4.16.11
Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration vulnerability
8.1
1 hour ago
Tutor LMS Pro
<= 3.9.5
Authentication Bypass via Social Login vulnerability
9.8
1 hour ago
Happy Addons for Elementor
<= 3.21.0
Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter vulnerability
5.4
9 hours ago
Happy Addons for Elementor
<= 3.21.0
Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions vulnerability
6.5
9 hours ago
Modular DS
<= 2.5.1
Cross-Site Request Forgery via postConfirmOauth vulnerability
4.3
9 hours ago
Court Reservation
< 1.10.9
Event Deletion via CSRF vulnerability
4.3
9 hours ago
Astra WordPress Theme
<= 4.12.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability
6.5
9 hours ago
WP ULike
<= 5.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute vulnerability
6.5
9 hours ago
DearFlip
<= 2.4.20
Authenticated (Author+) Stored Cross-Site Scripting via PDF Page Labels vulnerability
5.9
10 hours ago
NextScripts
<= 4.4.6
Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode vulnerability
6.5
10 hours ago
Booktics
<= 1.0.16
Missing Authorization to Get Items via REST API endpoints vulnerability
5.3
10 hours ago
Booktics
<= 1.0.16
Missing Authorization to Addon Plugin Installation vulnerability
5.3
10 hours ago
Primer MyData for Woocommerce
<= 4.2.1
Reflected Cross-Site Scripting vulnerability
7.1
1 day ago
WooCommerce
< 10.5.3
Arbitrary Admin User Creation via CSRF vulnerability
4.3
1 day ago
Meta Box – WordPress Custom Fields Framework
<= 5.11.1
Authenticated (Contributor+) Arbitrary File Deletion vulnerability
7.2
2 days ago
Load more