Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
40,034
Mitigations
Mitigation rules
14,902
No official patch
11,321
In triage
1,434
Published soon
9
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Optimole
<= 4.2.2
Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter vulnerability
7.1
7 hours ago
Optimole
<= 4.2.3
Reflected Cross-Site Scripting via Page Profiler URL vulnerability
7.1
7 hours ago
YML for Yandex Market
< 5.0.26
Shop Manager+ RCE via Feed Generation vulnerability
7.2
7 hours ago
Gravity SMTP
<= 2.1.4
Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall vulnerability
7.1
7 hours ago
Webling
<= 3.9.0
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'title' Parameter vulnerability
6.5
8 hours ago
Customer Reviews for WooCommerce
<= 5.103.0
Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter vulnerability
5.3
8 hours ago
Royal WordPress Backup, Restore & Migration
<= 1.0.16
Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter vulnerability
7.1
8 hours ago
UsersWP
<= 1.2.60
Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution vulnerability
6.5
8 hours ago
ActivityPub
< 8.0.2
Unauthenticated Drafts/Scheduled/Pending Posts Disclosure vulnerability
7.5
9 hours ago
wpForo Forum
<= 3.0.2
Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter vulnerability
7.1
9 hours ago
WCAPF – WooCommerce Ajax Product Filter
<= 4.2.3
WordPress WCAPF - WooCommerce Ajax Product Filter plugin <= 4.2.3 - Unauthenticated Time-Based SQL Injection vulnerability
9.3
9 hours ago
BuddyPress Groupblog
<= 1.9.3
Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR vulnerability
8.8
9 hours ago
LifterLMS
<= 9.2.1
Authenticated (Custom+) SQL Injection via 'order' Parameter vulnerability
6.5
18 hours ago
UsersWP
<= 1.2.58
Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter vulnerability
5
18 hours ago
BlockArt Blocks
<= 2.2.15
Authenticated (Author+) Stored Cross-Site Scripting via 'clientId' Block Attribute vulnerability
5.9
18 hours ago
Tutor LMS
<= 3.9.7
Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability
4.3
18 hours ago
Greenshift
<= 12.8.9
Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute vulnerability
6.5
18 hours ago
Tutor LMS
<= 3.9.7
Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment vulnerability
5.4
18 hours ago
YITH WooCommerce Wishlist
< 4.13.0
Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability
5.3
19 hours ago
Tutor LMS
<= 3.9.7
Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter vulnerability
7.5
3 days ago
Load more