The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,179

Mitigation rules13,091

No official fix9,833

In triage1,337

Published soon26

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Search Exclude<= 2.5.7 Missing Authorization to Authenticated (Contributor+) Search Settings Modification via REST API vulnerability	4.3	7 hours ago
Wishlist for WooCommerce<= 1.0.9 Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation vulnerability	6.5	22 hours ago
ProjectList<= 0.3.0 Authenticated (Editor+) Arbitrary File Upload vulnerability	9.1	22 hours ago
Job Board by BestWebSoft<= 1.2.1 Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage vulnerability	7.1	22 hours ago
AI Engine for WordPress: ChatGPT, GPT Content Generator<= 1.0.1 Authenticated (Contributor+) Arbitrary File Read vulnerability	6.5	23 hours ago
Telegram Bot & Channel<= 4.1 Unauthenticated Stored Cross-Site Scripting via Telegram Username vulnerability	7.1	23 hours ago
WavePlayer<= 3.7.0 Unauthenticated Arbitrary File Upload vulnerability	10	23 hours ago
EduKart Pro<= 1.0.3 Unauthenticated Privilege Escalation vulnerability	9.8	23 hours ago
Attention Bar<= 0.7.2.1 Authenticated (Contributor+) SQL Injection vulnerability	8.5	1 day ago
OrderConvo<= 14 Missing Authorization to Unauthenticated Information Disclosure vulnerability	5.3	1 day ago
OrderConvo<= 14 Missing Authorization to Unauthenticated User Impersonation in Order Messages vulnerability	4.3	1 day ago
Chamber Dashboard Business Directory<= 3.3.11 Missing Authorization to Unauthenticated Business Information Export vulnerability	5.3	1 day ago
Refund Request for WooCommerce<= 1.0 Missing Authorization to Authenticated (Subscriber+) Refund Status Update vulnerability	5.4	1 day ago
Locker Content<= 1.0.0 Unauthenticated Information Exposure vulnerability	5.3	1 day ago
Frontend File Manager<= 23.4 Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming vulnerability	5.4	1 day ago
Social Images Widget<= 2.1 Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability	5.3	1 day ago
Autochat Automatic Conversation<= 1.1.9 Missing Authorization to Unauthenticated Settings Update vulnerability	5.3	1 day ago
YouTube Subscribe<= 3.0.0 Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID vulnerability	5.9	1 day ago
Conditionnal Maintenance Mode for WordPress<= 1.0.0 Cross-Site Request Forgery vulnerability	4.3	1 day ago
ProjectList<= 0.3.0 Authenticated (Editor+) SQL Injection via 'id' Parameter vulnerability	8.5	1 day ago