Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
36,572
Mitigations
Mitigation rules
13,440
No official fix
10,461
In triage
823
Published soon
47
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Tutor LMS
<= 3.9.3
Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details vulnerability
6.5
6 hours ago
Gutenverse Form
<= 2.3.2
Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
5.9
14 hours ago
Folders
<= 3.1.5
Missing Authorization to Authenticated (Author+) Media Replacement vulnerability
4.3
14 hours ago
Jeg Elementor Kit
<= 3.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
6.5
21 hours ago
Awesome Hotel Booking
<= 1.0
Incorrect Authorization to Unauthenticated Arbitrary Booking Modification vulnerability
6.5
1 day ago
Testimonial Master
<= 0.2.1
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
1 day ago
Starred Review
<= 1.4.2
Reflected Cross-Site Scripting via PHP_SELF Variable vulnerability
7.1
1 day ago
Post Like Dislike
<= 1.0
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
1 day ago
Stumble! for WordPress
<= 1.1.1
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
1 day ago
WP Widget Changer
<= 1.2.5
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
1 day ago
AA Block country
<= 1.0.1
Unauthenticated IP Address Spoofing via X-Forwarded-For Header vulnerability
5.3
1 day ago
Piraeus Bank WooCommerce Payment Gateway
<= 3.1.4
Missing Authorization to Unauthenticated Arbitrary Order Status Change vulnerability
6.5
1 day ago
Stylish Order Form Builder
<= 1.0
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter vulnerability
6.5
1 day ago
Unify
<= 3.4.9
Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter vulnerability
6.5
1 day ago
WP Enable WebP
<= 1.0
Authenticated (Author+) Arbitrary File Upload vulnerability
9.1
1 day ago
SVG Map Plugin
<= 1.0.0
Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting vulnerability
7.1
1 day ago
Premmerce WooCommerce Customers Manager
<= 1.1.14
Reflected Cross-Site Scripting vulnerability
7.1
1 day ago
WP Photo Album Plus
<= 9.1.05.008
Reflected Cross-Site Scripting vulnerability
7.1
1 day ago
HBLPAY Payment Gateway for WooCommerce
<= 5.0.0
Reflected Cross-Site Scripting via 'cusdata' Parameter vulnerability
7.1
1 day ago
Bit Form – Contact Form Plugin
<= 2.21.6
WordPress Bit Form - Contact Form Plugin plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay vulnerability
6.5
1 day ago
Load more