Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
35,860
Mitigations
Mitigation rules
13,236
No official fix
10,068
In triage
1,567
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Html5 Audio Player
2.4.0-2.5.1
Unauthenticated Server-Side Request Forgery vulnerability
7.2
Invalid date
BA Book Everything
<= 1.8.14
Authenticated (Contributor+) Stored Cross-Site Scripting via babe-search-form Shortcode vulnerability
6.5
Just now
Simply Schedule Appointments
<= 1.6.9.16
Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability
5.3
6 minutes ago
Sweet Energy Efficiency
<= 1.0.6
Missing Authorization to Authenticated (Subscriber+) Arbitrary Graph Deletion vulnerability
4.3
19 minutes ago
Prime Slider – Addons For Elementor
<= 4.0.9
Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
4.3
32 minutes ago
HUSKY
<= 1.3.7.3
Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr' vulnerability
4.3
1 hour ago
Ultimate Member
<= 2.11.0
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value' vulnerability
6.5
14 hours ago
Demo Importer Plus
<= 2.0.8
Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation vulnerability
8.8
14 hours ago
OpenID Connect Generic Client
<= 3.10.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
23 hours ago
NextGEN Gallery
<= 3.59.12
Authenticated (Contributor+) Local File Inclusion via 'template' vulnerability
8.8
23 hours ago
Events Manager
<= 7.2.2.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode vulnerability
6.5
23 hours ago
Embed Any Document
<= 2.7.10
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
23 hours ago
Page Builder: Live Composer
<= 2.0.2
Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability
6.5
23 hours ago
Ultimate Member
<= 2.11.0
Authenticated (Subscriber+) Profile Privacy Setting Bypass vulnerability
4.3
1 day ago
HTML Forms
<= 1.6.0
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
Zephyr Project Manager
<= 3.3.203
Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery vulnerability
4.9
1 day ago
BP Better Messages
<= 2.10.2
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
WP Social Ninja
<= 4.0.1
Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification vulnerability
6.5
1 day ago
Ninja Forms
<= 3.13.2
Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token vulnerability
7.5
1 day ago
Download Plugins and Themes from Dashboard
<= 1.9.6
Cross-Site Request Forgery to Bulk Plugin/Theme Archival vulnerability
4.3
1 day ago
Load more