Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
35,676
Mitigations
Mitigation rules
13,213
No official fix
9,999
In triage
1,591
Published soon
51
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Emplibot
<= 1.0.9
Authenticated (Admin+) Server-Side Request Forgery vulnerability
4.4
29 minutes ago
HT Slider For Elementor
<= 1.7.4
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
51 minutes ago
404 Solution
<= 3.1.0
Authenticated (Admin+) SQL Injection via 'filterText' Parameter vulnerability
7.6
51 minutes ago
Design Import/Export
<= 2.2
Authenticated (Administrator+) SQL Injection via XML File Import vulnerability
7.6
52 minutes ago
HAPPY
<= 1.0.9
Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Reply vulnerability
5.4
55 minutes ago
Custom Post Type UI
<= 1.18.1
Authenticated (Administrator+) Stored Cross-Site Scripting via 'label' Import Parameter vulnerability
5.9
56 minutes ago
Employee Spotlight
<= 5.1.3
Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification vulnerability
5.3
59 minutes ago
Image Slider by Ays
<= 2.7.0
Cross-Site Request Forgery to Arbitrary Slider Deletion vulnerability
4.3
1 hour ago
GenerateBlocks
<= 2.1.2
Authenticated (Contributor+) Information Exposure via Metadata vulnerability
4.3
1 hour ago
WPGraphQL Smart Cache
< 2.0.1
Unauthenticated Private Content Disclosure vulnerability
7.5
5 hours ago
WPMasterToolKit
<= 2.13.0
Authenticated (Author+) Code Injection vulnerability
7.2
11 hours ago
Simple CSV Table
<= 1.0.1
Directory Traversal to Authenticated (Contributor+) Arbitrary File Read vulnerability
6.5
13 hours ago
VikRentItems Flexible Rental Management System
<= 1.2.0
Reflected Cross-Site Scripting via 'delto' Parameter vulnerability
7.1
14 hours ago
Fancy Product Designer
<= 6.4.8
Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability
7.1
14 hours ago
Flow-Flow Social Stream
3.0.0-4.7.5
Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
6.5
14 hours ago
Campay Woocommerce Payment Gateway
<= 1.2.2
Unauthenticated Payment Bypass vulnerability
5.4
14 hours ago
Funnel Builder by FunnelKit
<= 3.13.1.5
Unauthenticated SQL Injection vulnerability
9.3
15 hours ago
WP User Manager
<= 2.9.12
Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter vulnerability
7.7
15 hours ago
Infility Global
<= 2.14.23
Authenticated (Subscriber+) Arbitrary File Upload vulnerability
9.9
15 hours ago
Multi Uploader for Gravity Forms
<= 1.1.7
Unauthenticated Arbitrary File Deletion vulnerability
8.6
15 hours ago
Load more