The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total49,158
Mitigations15,846
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
better-auth< 1.6.11
NPM: Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins
9.1
14 minutes ago
@aborruso/ckan-mcp-server< 0.4.106
NPM: @aborruso/ckan-mcp-server: SSRF via base_url allows access to internal networks (Potential fix bypass of CVE-2026-33060)
5.7
50 minutes ago
9router<= 0.4.71
NPM: 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
7.3
22 hours ago
9router<= 0.4.71
NPM: 9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover
9.9
22 hours ago
9router<= 0.4.41
NPM: 9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats
10
23 hours ago
decompress<= 4.2.1
NPM: Decompress: Archive extraction can create files and links outside of the target directory
9.1
23 hours ago
@xhmikosr/decompress< 10.2.1
NPM: Decompress: Archive extraction can create files and links outside of the target directory
9.1
23 hours ago
wpDiscuz<= 7.6.56
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
Ultimate Member<= 2.11.4
Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
JSON API User<= 4.1.0
Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
NEX-Forms<= 9.2.2
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
CURCY<= 2.2.14
Unauthenticated Arbitrary Shortcode Execution vulnerability
5.4
1 day ago
Printcart Web to Print Product Designer for WooCommerce<= 2.5.2
Unauthenticated Arbitrary File Deletion vulnerability
8.6
1 day ago
AR For Woocommerce<= 8.40
Unauthenticated Path Traversal to Arbitrary File Read vulnerability
7.5
1 day ago
AR For WordPress<= 8.40
Unauthenticated Arbitrary File Read vulnerability
7.5
1 day ago
Index Now<= 3.0.16
Cross Site Request Forgery (CSRF) vulnerability
4.3
1 day ago
FormLayer<= 1.0.6
Sensitive Data Exposure vulnerability
5.3
1 day ago
Exclusive Addons Elementor<= 2.7.9.9
Sensitive Data Exposure vulnerability
5.3
1 day ago
9router<= 0.4.55
NPM: 9router has an Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofING
7.5
4 days ago
9router>= 0.2.21, <= 0.4.41
NPM: 9router's Hardcoded Default fallback JWT Secret Allows Authentication Bypass
9.8
4 days ago