The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total36,841

MitigationsMitigation rules13,604

No official fix10,545

In triage1,218

Published soon35

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Bookingor<= 1.0.12 Subscriber+ Category Deletion vulnerability	5.4	6 hours ago
FlatPM<= 3.2.2 WordPress FlatPM - Ad Manager, AdSense and Custom Code plugin <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Post Meta vulnerability	6.5	6 hours ago
Head Meta Data<= 20251118 Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability	6.5	6 hours ago
NotificationX<= 3.1.11 Missing Authorization to Authenticated (Contributor+) Analytics Reset vulnerability	5.4	6 hours ago
Creator LMS<= 1.1.12 WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update vulnerability	8.8	6 hours ago
The Events Calendar<= 6.15.13 Missing Authorization to Authenticated (Subscriber+) Data Migration Control vulnerability	5.4	6 hours ago
Tutor LMS<= 3.9.4 WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion vulnerability	5.4	6 hours ago
Advanced Custom Fields: Extended<= 0.9.2.1 Unauthenticated Privilege Escalation via Insert User Form Action vulnerability	9.8	22 hours ago
Koko Analytics<= 2.1.2 SQL Injection vulnerability	6.9	22 hours ago
Custom Fonts – Host Your Fonts Locally<= 2.1.16 WordPress Custom Fonts - Host Your Fonts Locally plugin <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion vulnerability	6.5	23 hours ago
E-xact Hosted Payment<= 2.0 Unauthenticated Arbitrary File Deletion vulnerability	8.6	23 hours ago
Dokan<= 4.2.4 Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information Disclosure vulnerability	8.1	23 hours ago
Viet contact<= 1.3.2 Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters vulnerability	5.9	1 day ago
WP Hello Bar<= 1.02 Authenticated (Administrator+) Stored Cross-Site Scripting via 'digit_one' and 'digit_two' Parameters vulnerability	5.9	1 day ago
weMail<= 2.0.7 Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability	5.3	1 day ago
LearnPress<= 4.3.2.4 WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability	5.3	1 day ago
Newsletter<= 9.1.0 WordPress Newsletter - Send awesome emails from WordPress plugin <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription vulnerability	4.3	1 day ago
PeachPay Payments<= 1.119.8 WordPress PeachPay - Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification vulnerability	5.3	1 day ago
Image Photo Gallery Final Tiles Grid<= 3.6.9 Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management vulnerability	5.4	1 day ago
Poll, Survey & Quiz Maker Plugin by Opinion Stage< 19.6.25 Unauthenticated Cross-Site Scripting (XSS) vulnerability	7.1	1 day ago