The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,477

MitigationsMitigation rules15,265

No official patch12,873

In triage1,600

Published soon8

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
AIWU<= 1.4.14 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	4 minutes ago
Cost of Goods by PixelYourSite<= 1.2.12 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	5 minutes ago
Read More & Accordion<= 3.5.7 Privilege Escalation vulnerability	8.8	5 minutes ago
Correct Prices<= 1.0 Reflected Cross-Site Scripting vulnerability	7.1	6 minutes ago
SponsorMe<= 0.5.2 Reflected Cross-Site Scripting vulnerability	7.1	6 minutes ago
LJ comments import: reloaded<= 0.97.1 Reflected Cross-Site Scripting vulnerability	7.1	7 minutes ago
VatanSMS WP SMS<= 1.01 Reflected Cross-Site Scripting vulnerability	7.1	8 minutes ago
Oliver POS< 4.5.4 Other Vulnerability Type vulnerability	6.5	9 minutes ago
診断ジェネレータ作成プラグイン<= 1.4.16 Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter vulnerability	6.5	9 minutes ago
Kirki – Freeform Page Builder, Website Builder & Customizer<= 6.0.6 Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure vulnerability	6.5	10 minutes ago
WooCommerce PayPal Payments<= 4.0.1 Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure vulnerability	8.2	35 minutes ago
WishList Member X<= 3.30.1 Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation vulnerability	8.8	35 minutes ago
WishList Member X<= 3.30.1 Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Update vulnerability	8.8	36 minutes ago
WishList Member X<= 3.30.1 Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key vulnerability	8.8	36 minutes ago
WishList Member X<= 3.30.1 Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation vulnerability	8.8	36 minutes ago
Ditty<= 3.1.65 Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability	7.5	3 days ago
AudioIgniter Music Player<= 2.0.2 Unauthenticated Insecure Direct Object Reference to 'audioigniter_playlist_id' Parameter vulnerability	7.5	3 days ago
WP ERP Pro<= 1.5.1 Unauthenticated SQL Injection vulnerability	8.5	3 days ago
BookingPress Appointment Booking Pro<= 5.6 Unauthenticated Arbitrary File Upload vulnerability	10	3 days ago
Easy Elements for Elementor – Addons & Website Templates<= 1.4.5 Unauthenticated Privilege Escalation vulnerability	9.8	3 days ago