The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total48,592

MitigationsMitigation rules15,649

No official patch12,992

In triage1,458

Published soon26

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Infility Global< 2.15.20 Editor+ SQL Injection via orderby Parameter vulnerability	8.5	9 minutes ago
Essential Blocks for Gutenberg<= 6.1.4 Page Builder for Gutenberg Blocks & Patterns plugin <= 6.1.4 - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	12 hours ago
WP Meta SEO<= 4.5.18 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	13 hours ago
URL Preview<= 1.0 Unauthenticated Server-Side Request Forgery vulnerability	7.2	13 hours ago
Kargo Takip<= 1.2 Unauthenticated Server-Side Request Forgery vulnerability	7.2	13 hours ago
EntreDroppers<= 1.1.2 Reflected Cross-Site Scripting vulnerability	7.1	13 hours ago
Image Sizes on Demand<= 1.3 Reflected Cross-Site Scripting vulnerability	7.1	13 hours ago
Post Video Players<= 1.163 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	14 hours ago
Email JavaScript Cloak<= 1.03 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	14 hours ago
ARForms<= 7.1.3 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	14 hours ago
AdRotate Banner Manager<= 5.17.7 Authenticated (Contributor+) PHP Code Injection vulnerability	8.8	14 hours ago
ProfileGrid <= 5.9.9.2 Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability	6.5	15 hours ago
Welcome Software Publishing<= 0.0.31 Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation vulnerability	8.8	18 hours ago
WP Forms Connector<= 1.8 Missing Authorization to Unauthenticated Information Exposure vulnerability	7.5	18 hours ago
WP Forms Connector<= 1.8 Unauthenticated SQL Injection vulnerability	9.3	18 hours ago
Invoice Generator<= 1.0.0 Unauthenticated Account Takeover vulnerability	9.8	18 hours ago
SignUp & SignIn<= 1.0.0 Unauthenticated Privilege Escalation vulnerability	9.8	19 hours ago
Funnel Builder by FunnelKit<= 3.15.0.5 SQL Injection vulnerability	7.6	20 hours ago
WP Meta SEO<= 4.5.18 Authenticated (Contributor+) Server-Side Request Forgery vulnerability	6.4	1 day ago
WP Latest Posts<= 5.0.11 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	1 day ago