Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,570
Mitigations
Mitigation rules
14,099
No official fix
10,979
In triage
1,255
Published soon
33
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Dealia
<= 1.0.6
Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes vulnerability
6.5
1 hour ago
Client Testimonial Slider
<= 2.0
Authenticated (Administrator+) Stored Cross-Site Scripting via 'Testimonial Heading' Setting vulnerability
5.9
1 hour ago
MP3 Audio Player for Music, Radio & Podcast by Sonaar
4.0-5.10
Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability
5.3
1 hour ago
XO Event Calendar
<= 3.2.10
Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode vulnerability
6.5
1 hour ago
Groups
<= 3.10.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode vulnerability
6.5
2 hours ago
YaMaps for WordPress
<= 0.6.40
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters vulnerability
6.5
2 hours ago
BackWPup
<= 5.6.2
Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update vulnerability
7.2
2 hours ago
Advanced Custom Fields: Font Awesome Field
<= 5.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
2 hours ago
Virusdie
<= 1.1.7
Missing Authorization to Authenticated (Subscriber+) API Key Disclosure vulnerability
4.3
2 hours ago
Image Hotspot by DevVN
<= 1.2.9
Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Meta vulnerability
5.9
2 hours ago
Shield Security
<= 21.0.9
Missing Authorization to Authenticated (Subscriber+) Email MFA Update vulnerability
4.3
2 hours ago
SEO Plugin by Squirrly SEO
<= 12.4.14
Missing Authorization to Authenticated (Subscriber+) Cloud Service Disconnection vulnerability
4.3
2 hours ago
OneClick Chat to Order
<= 1.0.9
Missing Authorization to Authenticated (Editor+) Plugin Settings Update vulnerability
2.7
2 hours ago
Tennis Court Bookings
<= 1.2.7
Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings and Calendar Parameters vulnerability
5.9
2 hours ago
salavat counter
<= 0.9.5
Authenticated (Administrator+) Stored Cross-Site Scripting via 'image_url' Parameter vulnerability
5.9
2 hours ago
Remove Post Type Slug
<= 1.0.2
Cross-Site Request Forgery to Settings Update vulnerability
4.3
2 hours ago
TalkJS
<= 0.1.15
Authenticated (Administrator+) Stored Cross-Site Scripting via 'welcomeMessage' Parameter vulnerability
5.9
2 hours ago
Dealia
<= 1.0.6
WordPress Dealia - Request a quote plugin <= 1.0.6 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset vulnerability
4.3
2 hours ago
Slidorion
<= 1.0.2
Authenticated (Administrator+) Stored Cross-Site Scripting via Slidorion Settings vulnerability
5.9
2 hours ago
News Element Elementor Blog Magazine
<= 1.0.8
Missing Authorization to Authenticated (Subscriber+) Data Loss vulnerability
5.4
2 hours ago
Load more