Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
36,842
Mitigations
Mitigation rules
13,608
No official fix
10,544
In triage
1,227
Published soon
36
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
NotificationX
<= 3.2.0
Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview' vulnerability
7.1
55 minutes ago
Nexter Extension
<= 4.4.6
WordPress Nexter Extension - Site Enhancements Toolkit plugin <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace' vulnerability
9.8
1 hour ago
Academy LMS
<= 3.5.0
Privilege Escalation vulnerability
9.8
1 hour ago
Bookingor
<= 1.0.12
Subscriber+ Category Deletion vulnerability
5.4
9 hours ago
FlatPM
<= 3.2.2
WordPress FlatPM - Ad Manager, AdSense and Custom Code plugin <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Post Meta vulnerability
6.5
9 hours ago
Head Meta Data
<= 20251118
Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability
6.5
9 hours ago
NotificationX
<= 3.1.11
Missing Authorization to Authenticated (Contributor+) Analytics Reset vulnerability
5.4
9 hours ago
Creator LMS
<= 1.1.12
WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update vulnerability
8.8
9 hours ago
The Events Calendar
<= 6.15.13
Missing Authorization to Authenticated (Subscriber+) Data Migration Control vulnerability
5.4
9 hours ago
Tutor LMS
<= 3.9.4
WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion vulnerability
5.4
9 hours ago
Advanced Custom Fields: Extended
<= 0.9.2.1
Unauthenticated Privilege Escalation via Insert User Form Action vulnerability
9.8
1 day ago
Koko Analytics
<= 2.1.2
SQL Injection vulnerability
6.9
1 day ago
Custom Fonts – Host Your Fonts Locally
<= 2.1.16
WordPress Custom Fonts - Host Your Fonts Locally plugin <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion vulnerability
6.5
1 day ago
E-xact Hosted Payment
<= 2.0
Unauthenticated Arbitrary File Deletion vulnerability
8.6
1 day ago
Dokan
<= 4.2.4
Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information Disclosure vulnerability
8.1
1 day ago
Viet contact
<= 1.3.2
Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters vulnerability
5.9
1 day ago
WP Hello Bar
<= 1.02
Authenticated (Administrator+) Stored Cross-Site Scripting via 'digit_one' and 'digit_two' Parameters vulnerability
5.9
1 day ago
weMail
<= 2.0.7
Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability
5.3
1 day ago
LearnPress
<= 4.3.2.4
WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability
5.3
1 day ago
Newsletter
<= 9.1.0
WordPress Newsletter - Send awesome emails from WordPress plugin <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription vulnerability
4.3
1 day ago
Load more