Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,141
Mitigations
Mitigation rules
13,935
No official fix
10,864
In triage
1,284
Published soon
23
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
The Events Calendar Shortcode & Block
<= 3.1.2
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
1 hour ago
PopupKit
<= 2.2.0
Missing Authorization to Sensitive Information Disclosure and Data Deletion vulnerability
5.4
1 hour ago
WCFM Marketplace
<= 3.7.0
Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation vulnerability
5.3
1 hour ago
Fluent Forms Pro Add On Pack
<= 6.1.12
Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource' vulnerability
5.4
1 hour ago
WCFM – Frontend Manager for WooCommerce
<= 6.7.24
WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update vulnerability
7.2
1 hour ago
WCFM Membership
<= 2.11.8
WordPress WCFM Membership - WooCommerce Memberships for Multivendor Marketplace plugin <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment vulnerability
4.3
1 hour ago
WP Enabled SVG
<= 0.2
Author+ Stored XSS via SVG vulnerability
5.9
2 hours ago
Atarim
<= 4.0.9
WordPress Visual Website Collaboration, Feedback & Project Management - Atarim plugin <= 4.0.9 - Missing Authorization to Authenticated (Subscriber+) Project Page/File Deletion vulnerability
5.3
2 hours ago
WP jQuery DataTable
<= 4.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
2 hours ago
Wishlist
<= 1.0.43
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
2 hours ago
Gosign – Posts Slider Block
<= 1.1.0
WordPress Gosign - Posts Slider Block plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
2 hours ago
Post Grid, Slider & Carousel Ultimate
<= 1.6.10
WordPress Post Grid, Slider & Carousel Ultimate - with Shortcode, Gutenberg Block & Elementor Widget plugin <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler() vulnerability
7.5
2 hours ago
Front End Users
<= 3.2.30
Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode vulnerability
6.5
2 hours ago
Simple Map No Api
<= 1.9
Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability
6.5
2 hours ago
Ketchup Shortcodes
<= 0.1.2
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
3 hours ago
DethemeKit For Elementor
<= 2.1.8
Authenticated (Contributor+) Stored Cross-Site Scripting via De Gallery Widget vulnerability
6.5
3 hours ago
Maps for WP
<= 1.2.4
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
3 hours ago
Listamester
<= 2.3.4
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
3 hours ago
Form Builder CP
<= 1.2.41
Authenticated (Contributor+) SQL Injection vulnerability
8.5
3 hours ago
SKT Blocks
<= 1.7
WordPress SKT Blocks - Gutenberg based Page Builder plugin <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
3 hours ago
Load more