Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
46,457
Mitigations
Mitigation rules
15,066
No official patch
13,384
In triage
1,429
Published soon
29
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
ITERAS
<= 1.8.2
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
4 hours ago
HubSpot
<= 11.3.32
Forms, Popups, Live Chat plugin <= 11.3.32 - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure vulnerability
4.3
4 hours ago
Liaison Site Prober
<= 1.2.1
Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint vulnerability
5.3
4 hours ago
Taqnix
<= 1.0.3
Cross-Site Request Forgery to Account Deletion vulnerability
4.3
4 hours ago
Books Gallery
<= 4.8.0
Missing Authorization to Unauthenticated Settings Update vulnerability
5.3
7 hours ago
Royal Elementor Addons
<= 1.7.1056
Authenticated (Author+) Stored Cross-Site Scripting vulnerability
5.9
7 hours ago
Booking Calendar Contact Form
<= 1.2.63
Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover vulnerability
4.3
7 hours ago
ExactMetrics
<= 9.1.2
Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval vulnerability
4.3
9 hours ago
BetterDocs
<= 4.3.11
Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage vulnerability
4.3
9 hours ago
MaxiBlocks
<= 2.1.8
Missing Authorization to Authenticated (Author+) Media File Deletion vulnerability
3.8
9 hours ago
Rescue Shortcodes
<= 3.3
Cross Site Scripting (XSS) vulnerability
6.5
13 hours ago
ACF Galerie 4
<= 1.4.2
Broken Access Control vulnerability
4.3
13 hours ago
Taxi Booking Manager for WooCommerce
<= 2.0.0
Cross Site Scripting (XSS) vulnerability
6.5
13 hours ago
Social Rocket
<= 1.3.4.2
WordPress Social Rocket - Social Sharing Plugin plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id vulnerability
6.5
15 hours ago
Breeze
<= 2.4.4
Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote vulnerability
10
15 hours ago
ExactMetrics
<= 9.1.2
Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process vulnerability
7.2
20 hours ago
WP Store Locator
<= 2.2.261
Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta vulnerability
6.5
20 hours ago
Gutentor
<= 3.5.5
WordPress Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor plugin <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutentor Block HTML vulnerability
6.5
20 hours ago
Avada
< 7.13.2
Cross Site Request Forgery (CSRF) vulnerability
4.3
1 day ago
Order Minimum/Maximum Amount Limits for WooCommerce
<= 4.6.4
Cross Site Scripting (XSS) vulnerability
6.5
1 day ago
Load more