The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,967

MitigationsMitigation rules15,508

No official patch12,972

In triage1,571

Published soon8

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Decent Comments< 3.0.2 Unauthenticated Email Address Disclosure vulnerability	5.3	29 minutes ago
Restaurant Cafeteria<= 0.4.6 Subscriber+ Arbitrary Plugin Installation/Activation vulnerability	8.8	46 minutes ago
Fortis for WooCommerce< 1.3.1 Sensitive API Key Disclosure vulnerability	7.5	58 minutes ago
PowerPack for LearnDash< 1.3.0 Unauthenticated Arbitrary Option Update vulnerability	9.8	1 hour ago
Magic Export & Import< 1.2.0 Unauthenticated PII Disclosure vulnerability	7.5	1 hour ago
WP Photo Album Plus< 9.1.11.001 Unauthenticated SQL Injection via 'wppa-supersearch' Parameter vulnerability	9.3	1 hour ago
Login with Salesforce<= 1.0.2 Unauthenticated Authentication Bypass vulnerability	8.1	1 hour ago
WP eCommerce<= 3.15.1 Coupon Deletion via CSRF vulnerability	5.4	1 hour ago
Feeds for YouTube< 2.6.4 Subscriber+ License Data Deletion vulnerability	5.4	1 hour ago
Lazy Blocks< 4.3.0 Admin+ Stored XSS via Custom Block Frontend HTML vulnerability	5.9	1 hour ago
Schema & Structured Data for WP & AMP< 1.60 Unauthenticated Arbitrary Media Upload vulnerability	5.3	4 hours ago
Spam protection, AntiSpam, FireWall by CleanTalk< 6.79 Unauthenticated Stored XSS via Comment Shortcode Bypass vulnerability	7.1	4 hours ago
Open User Map PRO<= 1.4.31 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	4 hours ago
XStore< 9.7.3 Unauthenticated SQLi vulnerability	9.3	5 hours ago
Store Locator WordPress< 1.6.6 Admin+ Stored XSS via map_style vulnerability	5.9	8 hours ago
UpdraftPlus<= 1.26.4 Unauthenticated Authentication Bypass via UpdraftCentral udrpc vulnerability	8.1	19 hours ago
Newsletters<= 4.13 Unauthenticated SQL Injection vulnerability	9.3	1 day ago
Doctreat Core<= 1.6.8 Unauthenticated Privilege Escalation vulnerability	9.8	1 day ago
aThemes Addons for Elementor<= 1.1.8 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	1 day ago
MW WP Form<= 5.1.3 Authenticated (Editor+) Stored Cross-Site Scripting vulnerability	5.9	1 day ago