Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,670
Mitigations
Mitigation rules
14,811
No official patch
11,246
In triage
1,605
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WP Travel Engine
<= 6.7.5
WordPress WP Travel Engine - Travel and Tour Booking Plugin plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode vulnerability
6.5
1 day ago
ElementsKit Elementor addons Lite
<= 3.7.9
Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget vulnerability
6.5
1 day ago
WCFM – Frontend Manager for WooCommerce
<= 6.7.25
WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.25 - Insecure Direct Object References to Authenticated (Vendor+) Arbitrary Post/Product Manipulation vulnerability
8.1
1 day ago
Shortcodes Ultimate
<= 7.4.7
Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode vulnerability
6.5
1 day ago
Shortcodes Ultimate
<= 7.4.8
authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode vulnerability
5.9
1 day ago
Royal Elementor Addons
<= 1.7.1049
Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass vulnerability
6.5
1 day ago
Simple Shopping Cart
<= 5.2.4
Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsc_display_product' Shortcode vulnerability
6.5
1 day ago
Xpro Elementor Addons
<= 1.4.20
WordPress Xpro Addons - 140+ Widgets for Elementor plugin <= 1.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
Gutenverse
<= 3.4.6
WordPress Gutenverse - Ultimate WordPress FSE Blocks Addons & Ecosystem plugin <= 3.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'imageLoad' vulnerability
6.5
1 day ago
Xpro Elementor Addons
<= 1.4.24
WordPress Xpro Addons - 140+ Widgets for Elementor plugin <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Box Widget vulnerability
6.5
1 day ago
Spam Protect for Contact Form 7
< 1.2.10
Editor+ Remote Code Execution vulnerability
7.2
2 days ago
Perfmatters
<= 2.5.9.1
Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter vulnerability
8.1
2 days ago
MSTW League Manager
<= 2.10
Cross Site Scripting (XSS) vulnerability
6.5
2 days ago
Webmention
<= 5.6.2
Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
6.4
3 days ago
MW WP Form
<= 5.1.0
Unauthenticated Arbitrary File Move via move_temp_file_to_upload_dir vulnerability
8.1
3 days ago
W3 Total Cache
<= 2.9.3
Unauthenticated Security Token Exposure via User-Agent Header vulnerability
7.5
3 days ago
Order Listener for WooCommerce
< 3.6.3
Unauthenticated WooCommerce REST Permission Bypass vulnerability
7.5
3 days ago
Webmention
<= 5.6.2
Unauthenticated Blind Server-Side Request Forgery vulnerability
5.4
3 days ago
Export All URLs
< 5.1
Unauthenticated Sensitive Data Exposure vulnerability
5.3
3 days ago
Query Monitor
<= 3.20.3
Reflected Cross-Site Scripting via Request URI vulnerability
7.1
3 days ago
Load more