The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,416

MitigationsMitigation rules15,243

No official patch12,918

In triage1,591

Published soon5

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
YITH WooCommerce Product Add-Ons<= 4.29.0 SQL Injection vulnerability	7.6	4 hours ago
Visualizer< 4.0.0 Cross Site Scripting (XSS) vulnerability	6.5	4 hours ago
WpBookingly<= 1.2.9 Broken Access Control vulnerability	6.5	5 hours ago
Image Photo Gallery Final Tiles Grid<= 3.6.11 Broken Access Control vulnerability	4.3	5 hours ago
PDF for Elementor Forms + Drag And Drop Template Builder<= 5.5.1 Broken Access Control vulnerability	5	5 hours ago
Slider Revolution<= 7.0.9 Unauthenticated Sensitive Information Exposure vulnerability	5.3	20 hours ago
@angular/platform-server<= 18.2.14 NPM: @angular/platform-server: SSRF via Hostname Hijacking	8.8	21 hours ago
@beproduct/nestjs-auth>= 0.1.2, <= 0.1.19 NPM: Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm	10	21 hours ago
camofox-mcp< 1.13.2 NPM: CamoFox MCP: Unauthenticated HTTP MCP browser-control surface	7	21 hours ago
sillytavern<= 1.17.0 NPM: SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl	8.5	21 hours ago
@libp2p/kad-dht< 16.2.6 NPM: @libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes	7.5	21 hours ago
nuxt>= 4.0.0-alpha.1, <= 4.4.5 NPM: Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning	2.3	21 hours ago
@nuxt/nitro-server>= 4.2.0, <= 4.4.5 NPM: Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning	2.3	21 hours ago
@penpot/mcp< 2.15.0 NPM: PenPot MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE	8.8	21 hours ago
@haxtheweb/haxcms-nodejs< 26.0.0 NPM: HAX CMS: Denial of Service using Malicious Import Request	6.5	21 hours ago
turbo<= 2.9.13 NPM: Trubo: Login callback CSRF/session fixation	5.1	21 hours ago
turbo>= 1.1.0, < 2.9.14 NPM: Turbo: Unexpected local code execution during Yarn Berry detection	9.8	21 hours ago
@turbo/codemod>= 2.3.4, < 2.9.14 NPM: Turbo: Unexpected local code execution during Yarn Berry detection	9.8	21 hours ago
@turbo/workspaces>= 2.3.4, < 2.9.14 NPM: Turbo: Unexpected local code execution during Yarn Berry detection	9.8	21 hours ago
9router>= 0.4.30, < 0.4.37 NPM: 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes	10	22 hours ago