Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
37,997
Mitigations
Mitigation rules
13,899
No official fix
10,831
In triage
1,239
Published soon
37
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Greenshift
<= 12.5.7
WordPress GreenShift - Animation and Page Builder Blocks plugin <= 12.5.7 - Authenticated (Subscriber+) Information Disclosure of AI API Keys vulnerability
4.3
11 hours ago
Image Map Block – Gutenberg block to create image map with hyperlink
<= 1.0.2
Unauthenticated Server-Side Request Forgery via image-proxy Endpoint vulnerability
7.2
12 hours ago
Peter’s Date Countdown
<= 2.0.0
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
12 hours ago
ShortPixel Image Optimizer
<= 6.4.2
Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter vulnerability
4.9
13 hours ago
ELEX WordPress HelpDesk & Customer Ticketing System
<= 3.3.5
Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability
5.3
21 hours ago
ProfileGrid
<= 5.9.7.2
Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification vulnerability
5.3
21 hours ago
ProfileGrid
<= 5.9.7.2
WordPress ProfileGrid - User Profiles, Groups and Communities plugin <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension vulnerability
4.3
21 hours ago
Robin image optimizer
<= 2.0.2
Authenticated (Author+) Stored Cross-Site Scripting via Image Alternative Text Field vulnerability
5.9
21 hours ago
Dynamic Widget Content
<= 1.3.6
Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Content Field vulnerability
6.5
21 hours ago
Essential Widgets
<= 3.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes vulnerability
6.5
21 hours ago
PopupKit
<= 2.2.0
Unauthenticated SQL Injection via Multiple REST API Endpoints vulnerability
7.6
22 hours ago
UserPlus
<= 2.0
Missing Authorization via Multiple Functions vulnerability
6.3
1 day ago
Sell BTC – Cryptocurrency Selling Calculator
<= 1.5
WordPress Sell BTC - Cryptocurrency Selling Calculator plugin <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'orderform_data' AJAX Action vulnerability
7.1
1 day ago
School Management
<= 91.5.0
Authenticated (Student+) Arbitrary File Upload vulnerability
9.9
1 day ago
Booking Calendar and Notification
<= 4.0.3
Missing Authorization via wpcb_all_bookings, wpcb_update_booking_post, and wpcb_delete_posts Functions vulnerability
6.5
1 day ago
MyRewards
<= 5.6.0
WordPress MyRewards - Loyalty Points and Rewards for WooCommerce plugin <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Loyalty Rule Modification vulnerability
6.5
1 day ago
Smart Appointment & Booking
<= 1.0.7
Authenticated (Subscriber+) Stored Cross-Site Scripting via saab_save_form_data AJAX Action vulnerability
6.5
1 day ago
WebPurify Profanity Filter
<= 4.0.2
Missing Authorization to Unauthenticated Plugin Settings Change via webpurify_save_options vulnerability
6.5
1 day ago
WP FOFT Loader
<= 2.1.39
Authenticated (Author+) Arbitrary File Upload vulnerability
8.8
1 day ago
Persian Woocommerce SMS
<= 7.0.5
Reflected Cross-Site Scripting vulnerability
7.1
1 day ago
Load more