Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,219
Mitigations
Mitigation rules
14,022
No official fix
10,886
In triage
1,376
Published soon
41
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WP Server Log Viewer
<= 1.0
Stored Cross Site Scripting vulnerability
5.9
14 hours ago
Duplicate Post
<= 3.2.3
Stored Cross-Site Scripting vulnerability
5.9
14 hours ago
OpenPix
<= 2.13.3
Subscriber+ Payment Gateway Settings Reset vulnerability
5.4
14 hours ago
LatePoint
<= 5.2.6
WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.6 - Missing Authorization to Booking Details Exposure vulnerability
5.3
14 hours ago
Gutenberg Blocks by Kadence Blocks
<= 3.5.32
Incorrect Authorization to Authenticated (Contributor+) Post Publication vulnerability
4.3
15 hours ago
Master Addons for Elementor
<= 2.0.6.1
Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget vulnerability
7.2
1 day ago
Lazy Blocks
<= 4.2.0
WordPress Custom Block Builder - Lazy Blocks plugin <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution vulnerability
8.8
1 day ago
Twitter posts to Blog
<= 1.11.25
Missing Authorization to Unauthenticated Plugin Settings Update vulnerability
6.5
1 day ago
Slimstat Analytics
<= 5.3.1
Authenticated (Subscriber+) SQL Injection via `args` Parameter vulnerability
8.5
1 day ago
Videospirecore Theme
<= 1.0.6
Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover vulnerability
8.8
1 day ago
WPvivid Backup and Migration
<= 0.9.123
Unauthenticated Arbitrary File Upload vulnerability
10
1 day ago
WPZOOM Addons for Elementor
<= 1.3.2
WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more vulnerability
5.3
1 day ago
IDE Micro code-editor
<= 1.0.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability
6.5
1 day ago
BuddyHolis ListSearch
<= 1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute vulnerability
6.5
1 day ago
WDES Responsive Popup
<= 1.3.6
Authenticated (Contributor+) Stored Cross-Site Scripting via 'attr' Shortcode Attribute vulnerability
6.5
1 day ago
Invoct – PDF Invoices & Billing for WooCommerce
<= 1.6
WordPress Invoct - PDF Invoices & Billing for WooCommerce plugin <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability
4.3
1 day ago
MMA Call Tracking
<= 2.3.15
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
1 day ago
WPlyr Media Block
<= 1.3.0
Authenticated (Administrator+) Stored Cross-Site Scripting via '_wplyr_accent_color' Parameter vulnerability
5.9
1 day ago
Slideshow Wp
<= 1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute vulnerability
6.5
1 day ago
Sudoku Shortcode
<= 1.0.0
Authenticated (Contributor+) Cross-Site Scripting via 'background' Shortcode Attribute vulnerability
6.5
1 day ago
Load more