Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
48,520
Mitigations
Mitigation rules
15,609
No official patch
12,969
In triage
1,525
Published soon
2
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
Transbank Webpay REST
< 1.14.0
Unauthenticated Stored XSS vulnerability
7.1
5 hours ago
LBG Zoominoutslider
<= 5.4.4
SQL Injection vulnerability
8.5
6 hours ago
Vitepos
< 3.4.2
Outlet Manager+ Privilege Escalation vulnerability
7.2
8 hours ago
Simple File List
<= 6.3.7
Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action vulnerability
7.5
8 hours ago
Simple File List
<= 6.3.7
Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' Parameter vulnerability
7.5
8 hours ago
Contact Form Entries
<= 1.5.1
Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability
8.6
8 hours ago
Branda
<= 3.4.29
WordPress Branda - White Label & Branding, Free Login Page Customizer plugin <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability
9.8
9 hours ago
Motors
< 1.4.110
Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media vulnerability
5.4
9 hours ago
Pie Register
< 3.8.4.10
Unauthenticated Email Verification Bypass via Predictable Token vulnerability
5.3
9 hours ago
Simple File List
<= 6.3.7
Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode Attribute vulnerability
6.5
9 hours ago
@merill/lokka
< 2.1.2
NPM: Lokka: Azure Resource Manager URL path validation issue
8.7
2 days ago
@jhb.software/payload-cloudinary-plugin
>= 0.3.0, < 0.4.0
NPM: @jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing
7.1
2 days ago
appium-mcp
<= 1.85.9
NPM: appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)
8.2
2 days ago
@zenalexa/unicli
< 0.225.2
NPM: Uni-CLI: Legacy HTTP MCP transport accepted browser-originated localhost requests
8.6
2 days ago
parse-server
<= 8.6.82
NPM: parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change
2.3
2 days ago
mcp-searxng
< 1.7.1
NPM: SearXNG MCP Server: DNS-resolved Private Hostname SSRF in `web_url_read`
7.1
2 days ago
mcp-searxng
< 1.7.1
NPM: SearXNG MCP Server: Unbounded Response Body Read Bypasses URL Size Limit in `web_url_read`
7.5
2 days ago
network-ai
<= 5.12.1
NPM: Network-AI: EnvironmentManager.restore() backup ID path traversal copies arbitrary directories into environment data
6.1
2 days ago
network-ai
<= 5.12.1
NPM: Network-AI: EnvironmentManager.backup() follows symlinked directories and copies files outside the environment root into backups
5.5
2 days ago
network-ai
>= 5.0.0, <= 5.12.1
NPM: Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions
5.9
2 days ago
Load more