The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total39,630

MitigationsMitigation rules14,799

No official patch11,259

In triage1,516

Published soon0

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Fluent Booking<= 2.0.01 Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability	7.1	3 hours ago
Ultimate Member<= 2.11.2 Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag vulnerability	8	4 hours ago
Blackhole for Bad Bots<= 3.8 Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header vulnerability	7.1	4 hours ago
LeadConnector< 3.0.22 Unauthenticated Rest Call vulnerability	6.5	4 hours ago
Shared Files< 1.7.58 Contributor+ Arbitrary File Download vulnerability	6.5	4 hours ago
Frontend Admin by DynamiApps<= 3.28.31 Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts vulnerability	7.2	5 hours ago
FloristPress<= 7.8.2 Reflected Cross-Site Scripting via 'noresults' Parameter vulnerability	7.1	7 hours ago
JS Help Desk<= 3.0.4 WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter vulnerability	9.3	8 hours ago
SureForms<= 2.5.2 Unauthenticated Payment Amount Validation Bypass via 'form_id' vulnerability	7.5	8 hours ago
Masteriyo - LMS<= 2.1.6 Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator vulnerability	8.8	8 hours ago
Responsive Plus< 3.4.3 Unauthenticated Arbitrary Shortcode Execution vulnerability	6.5	9 hours ago
WP Job Portal<= 2.4.9 Authenticated (Subscriber+) Arbitrary File Deletion via Resume Custom File Field vulnerability	8.8	9 hours ago
ThemeREX Addons< 2.38.5 Unauthenticated Arbitrary File Upload vulnerability	10	9 hours ago
Download Monitor<= 5.1.7 Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id' vulnerability	5.3	9 hours ago
Twentig Supercharged Block Editor<= 1.9.7 Authenticated (Contributor+) Stored Cross-Site Scripting via 'featuredImageSizeWidth' vulnerability	6.5	9 hours ago
WP Lightbox 2< 3.0.7 Admin+ Stored XSS vulnerability	5.9	9 hours ago
Conditional Menus<= 1.2.6 Cross-Site Request Forgery to Menu Options Update vulnerability	4.3	9 hours ago
Complianz<= 7.4.4.2 WordPress Complianz - GDPR/CCPA Cookie Consent plugin <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter vulnerability	6.5	9 hours ago
Elementor Website Builder<= 3.35.7 Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template vulnerability	4.3	9 hours ago
Ads by WPQuads<= 2.0.98.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Ad Metadata Parameters vulnerability	6.5	2 days ago