Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,708
Mitigations
Mitigation rules
14,242
No official patch
11,040
In triage
1,222
Published soon
73
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Planaday API
<= 11.4
Reflected Cross-Site Scripting vulnerability
7.1
5 minutes ago
Cost Calculator Pro
<= 2.3.1
Unauthenticated Stored Cross-Site Scripting via 'customer_name' vulnerability
7.1
2 hours ago
Responsive Lightbox
< 2.6.1
Unauthenticated Stored XSS vulnerability
7.1
2 hours ago
Worry Proof Backup
<= 0.2.4
Authenticated (Subscriber+) Path Traversal via Backup Upload vulnerability
8.8
2 hours ago
User Registration
<= 5.1.2
Authentication Bypass vulnerability
8.1
3 hours ago
WP Responsive Images
<= 1.0
Unauthenticated Path Traversal to Arbitrary File Read via src vulnerability
7.5
3 hours ago
Advanced Woo Labels
<= 2.36
Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter vulnerability
8.8
8 hours ago
User Registration
<= 5.1.2
Insecure Direct Object Reference to Unauthenticated Limited User Deletion vulnerability
5.3
11 hours ago
TP2WP Importer
<= 1.1
Authenticated (Administrator+) Stored Cross-Site Scripting via 'Watched domains' Textarea vulnerability
5.9
11 hours ago
WP Social Meta
<= 1.0.1
Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability
5.9
11 hours ago
Custom Logo
<= 2.2
Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting vulnerability
5.9
11 hours ago
The Events Calendar
<= 6.15.16
Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API vulnerability
5.4
11 hours ago
Geo Mashup
<= 1.13.17
Unauthenticated SQL Injection via 'sort' Parameter vulnerability
9.3
1 day ago
Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins.
<= 3.8.3
Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 Token vulnerability
7.5
1 day ago
Post Duplicator
<= 3.0.8
Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' Parameter vulnerability
4.3
1 day ago
WP Recipe Maker
<= 10.2.3
Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
4.3
1 day ago
Disable Admin Notices individually
<= 1.4.2
WordPress Disable Admin Notices - Hide Dashboard Notifications plugin <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
1 day ago
Secure Copy Content Protection and Content Locking
<= 5.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute vulnerability
6.5
1 day ago
Responsive Lightbox
<= 2.7.1
Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload vulnerability
5
1 day ago
Rise Blocks
<= 3.7
WordPress Rise Blocks - A Complete Gutenberg Page Builder plugin <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes vulnerability
6.5
1 day ago
Load more