The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,694

MitigationsMitigation rules15,355

No official patch12,999

In triage1,514

Published soon81

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 2.0.8 SQL Injection vulnerability	8.5	04/06/2026
Sunshine Photo Cart<= 3.6.7 Broken Access Control vulnerability	6.3	02/06/2026
SePay Gateway<= 1.1.20 Sensitive Data Exposure vulnerability	6.5	02/06/2026
Shariff Wrapper<= 4.6.20 Authenticated (Contributor+) Cross-Site Scripting vulnerability	6.5	9 hours ago
Simply Schedule Appointments<= 1.6.11.8 Missing Authorization to Unauthenticated Arbitrary Modification vulnerability	5.3	9 hours ago
Photo Gallery by 10Web<= 1.8.40 Authenticated (Contributor+) SQL Injection vulnerability	8.5	10 hours ago
Visualizer<= 3.11.14 Missing Authorization to Authenticated (Subscriber+) Arbitrary Chart Creation and Modification vulnerability	4.3	10 hours ago
Accessibility Checker by Equalize Digital<= 1.42.0 Missing Authorization to Authenticated (Subscriber+) Arbitrary Accessibility Issue Modification vulnerability	4.3	10 hours ago
PDF Embedder<= 4.9.3 Authenticated (Contributor+) Information Exposure vulnerability	4.3	10 hours ago
PeachPay Payments<= 1.120.46 Cross-Site Request Forgery to Stripe Unlink vulnerability	4.3	10 hours ago
a3 Lazy Load<= 2.7.6 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	11 hours ago
WP Contact Form 7 DB Handler<= 3.0 Cross-Site Request Forgery to Arbitrary File Deletion vulnerability	8.1	11 hours ago
Geo Mashup<= 1.13.19 Missing Authorization to Unauthenticated Plugin Settings Disclosure vulnerability	5.3	11 hours ago
SMTP2GO<= 1.16.0 Missing Authorization to Authenticated (Subscriber+) Log Read/Truncate vulnerability	4.3	11 hours ago
Easy Digital Downloads<= 3.6.7 Cross-Site Request Forgery to Payment Account Hijacking vulnerability	4.3	12 hours ago
LiveSmart Video Chat Live Video Chat<= 1.2 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	12 hours ago
The Post Grid<= 7.9.2 Broken Access Control vulnerability	4.3	14 hours ago
ElementsKit Elementor addons Lite<= 3.9.6 Broken Access Control vulnerability	5.3	14 hours ago
Timetable and Event Schedule<= 2.4.16 Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability	4.3	14 hours ago
ElementsKit Elementor addons Lite<= 3.9.6 Broken Access Control vulnerability	4.3	14 hours ago