The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,627

MitigationsMitigation rules15,324

No official patch12,979

In triage1,509

Published soon58

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 2.0.8 SQL Injection vulnerability	8.5	04/06/2026
Sunshine Photo Cart<= 3.6.7 Broken Access Control vulnerability	6.3	02/06/2026
SePay Gateway<= 1.1.20 Sensitive Data Exposure vulnerability	6.5	02/06/2026
Xpro Elementor Addons - Pro<= 1.4.7 WordPress Xpro Elementor Addons - Pro plugin <= 1.4.7 - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read vulnerability	6.5	7 hours ago
MinhNhut Link Gateway<= 3.6.1 Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	4.4	7 hours ago
myLinksDump<= 1.6 Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability	5.9	7 hours ago
rexCrawler<= 1.0.15 Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability	5.9	7 hours ago
Taxi Booking Manager for WooCommerce<= 2.0.1 Broken Access Control vulnerability	5.3	8 hours ago
Tiktok Feed<= 1.0.24 Broken Access Control vulnerability	4.3	8 hours ago
WpBookingly<= 1.2.9 Broken Access Control vulnerability	4.3	8 hours ago
WpTravelly<= 2.1.5 Broken Access Control vulnerability	6.3	8 hours ago
WP Promoter<= 1.3 Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability	6.1	9 hours ago
MetaMagic SEO Plugin<= 1.6 Cross-Site Request Forgery to Plugin Settings Update vulnerability	4.3	9 hours ago
Github Shortcode<= 0.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	9 hours ago
Livemesh Addons for WPBakery Page Builder<= 3.9.4 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	10 hours ago
EnvíaloSimple<= 2.4.5 Authenticated (Administrator+) SQL Injection vulnerability	7.6	10 hours ago
Shortcode Buddy<= 0.1.9.5 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	10 hours ago
iWR Tooltip<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	10 hours ago
BitForm – Data management solution for WordPress<= 1.1.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	10 hours ago
Listen Shortcode<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	10 hours ago