The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total37,507

MitigationsMitigation rules13,778

No official fix10,779

In triage1,257

Published soon1

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Widget4Call<= 1.0.7 Reflected XSS vulnerability	7.1	3 minutes ago
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 1.5.112 Authenticated (Contributor+) Stored Cross-Site Scripting via 'email' vulnerability	6.5	5 minutes ago
Binary MLM Plan<= 3.0 Unauthenticated Limited Privilege Escalation vulnerability	6.5	11 minutes ago
SupportCandy<= 3.4.4 WordPress SupportCandy - Helpdesk & Customer Support Ticket System plugin <= 3.4.4 - Authenticated (Subscriber+) SQL Injection via Number Field Filter vulnerability	8.5	14 minutes ago
PDF Generator Addon for Elementor Page Builder<= 2.0.0 Unauthenticated Arbitrary File Download vulnerability	7.5	27 minutes ago
Blockspare<= 3.2.4 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	29 minutes ago
Community Events<= 1.5.1 Unauthenticated SQL Injection vulnerability	9.3	34 minutes ago
Essential Addons for Elementor<= 6.0.3 Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Widget vulnerability	6.5	39 minutes ago
Simple Popup<= 4.5 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	39 minutes ago
ProfileGrid <= 5.9.4.5 Authenticated (Subscriber+) PHP Object Injection vulnerability	8.8	39 minutes ago
Confetti Fall Animation<= 1.3.1 Authenticated (Contributor+) Stored Cross-Site Scripting via confetti-fall-animation Shortcode vulnerability	6.5	42 minutes ago
Outdoor<= 1.3.2 Unauthenticated SQL Injection vulnerability	9.3	42 minutes ago
Royal Elementor Addons<= 1.7.1001 Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget vulnerability	6.5	44 minutes ago
WP-WebAuthn<= 1.3.3 Authenticated (Contributor+) Stored Cross-Site Scripting via wwa_login_form Shortcode vulnerability	6.5	44 minutes ago
GiveWP<= 4.6.0 WordPress GiveWP - Donation plugin and Fundraising Platform plugin <= 4.6.0 - Unauthenticated Donor Data Exposure vulnerability	7.5	46 minutes ago
Bridge Core<= 3.2.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	47 minutes ago
Qubely<= 1.8.12 Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID' vulnerability	6.5	51 minutes ago
Shortcodes and extra features for Phlox theme<= 2.17.0 Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes vulnerability	6.5	51 minutes ago
Royal Elementor Addons<= 1.7.1001 Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability	6.5	55 minutes ago
Ultimate Coming Soon & Maintenance<= 1.0.9 Missing Authorization to Unauthenticated Template Activation vulnerability	5.3	57 minutes ago