The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total38,937

MitigationsMitigation rules14,436

No official patch11,184

In triage1,419

Published soon45

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Page and Post Clone<= 6.3 Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter vulnerability	8.5	1 hour ago
Media LIbrary Assistant<= 3.33 Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification vulnerability	4.3	1 hour ago
Apocalypse Meow<= 22.1.0 Authenticated (Administrator+) SQL Injection via 'type' Parameter vulnerability	7.6	1 hour ago
OoohBoi Steroids for Elementor<= 2.1.24 Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls vulnerability	6.5	1 hour ago
My Calendar<= 3.7.3 WordPress My Calendar - Accessible Event Manager plugin <= 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	1 hour ago
Seraphinite Accelerator<= 2.28.14 Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor vulnerability	4.3	1 hour ago
Seraphinite Accelerator<= 2.28.14 Missing Authorization to Authenticated (Subscriber+) Log Clearing vulnerability	4.3	1 hour ago
JS Help Desk<= 2.8.2 WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie vulnerability	9.3	17 hours ago
All-in-One Video Gallery<= 4.7.1 Reflected Cross-Site Scripting via 'vi' Parameter vulnerability	7.1	18 hours ago
Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder<= 1.6.0 WordPress Gutena Forms - Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema() vulnerability	6.5	1 day ago
Envira Photo Gallery<= 1.12.3 Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API vulnerability	5.9	1 day ago
Enable Media Replace<= 4.1.7 Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace vulnerability	5.4	1 day ago
WP-Members<= 3.5.5.1 Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute vulnerability	8.5	1 day ago
Morkva UA Shipping<= 1.7.9 Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field vulnerability	5.9	1 day ago
Taskbuilder<= 5.0.3 Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field vulnerability	5.9	1 day ago
WPBookit<= 1.0.8 Missing Authorization to Unauthenticated Sensitive Customer Data Exposure vulnerability	5.3	1 day ago
Email Subscribers & Newsletters<= 5.9.16 Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter vulnerability	7.6	1 day ago
PostX<= 5.0.8 Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints vulnerability	7.2	1 day ago
WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms<= 1.1.5 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
Contest Gallery<= 28.1.4 Unauthenticated SQL Injection vulnerability	9.3	1 day ago