The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total35,662

MitigationsMitigation rules13,211

No official fix9,999

In triage1,587

Published soon51

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Simple CSV Table<= 1.0.1 Directory Traversal to Authenticated (Contributor+) Arbitrary File Read vulnerability	6.5	1 hour ago
VikRentItems Flexible Rental Management System<= 1.2.0 Reflected Cross-Site Scripting via 'delto' Parameter vulnerability	7.1	2 hours ago
Fancy Product Designer<= 6.4.8 Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability	7.1	2 hours ago
Flow-Flow Social Stream3.0.0-4.7.5 Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting	6.5	2 hours ago
Campay Woocommerce Payment Gateway<= 1.2.2 Unauthenticated Payment Bypass vulnerability	5.4	3 hours ago
Funnel Builder by FunnelKit<= 3.13.1.5 Unauthenticated SQL Injection vulnerability	9.3	3 hours ago
WP User Manager<= 2.9.12 Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter vulnerability	7.7	3 hours ago
Infility Global<= 2.14.23 Authenticated (Subscriber+) Arbitrary File Upload vulnerability	9.9	3 hours ago
Multi Uploader for Gravity Forms<= 1.1.7 Unauthenticated Arbitrary File Deletion vulnerability	8.6	3 hours ago
评论小秘书<= 1.3.2 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	3 hours ago
Category Dropdown List<= 1.0 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	4 hours ago
WPLG Default Mail From<= 1.0.0 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	4 hours ago
Complag<= 1.0.2 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	4 hours ago
Accept Stripe Payments Using Contact Form 7<= 3.1 Reflected Cross-Site Scripting via failure_message vulnerability	7.1	4 hours ago
Like DisLike Voting<= 1.0.1 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	4 hours ago
Blaze Demo Importer1.0.0-1.0.13 Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion vulnerability	8.1	5 hours ago
WPNakama<= 0.6.3 Unauthenticated SQL Injection via 'order_by' Parameter vulnerability	9.3	5 hours ago
Visitor Logic Lite<= 1.0.3 Unauthenticated PHP Object Injection via 'lpblocks' Cookie vulnerability	9.8	5 hours ago
Magical Posts Display<= 1.2.54 Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability	5.9	10 hours ago
Simple Bike Rental<= 1.0.6 Missing Authorization to Authenticated (Subscriber+) Sensitive Booking Data Exposure vulnerability	5.3	10 hours ago