The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,765

MitigationsMitigation rules15,404

No official patch12,993

In triage1,553

Published soon17

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 2.0.8 SQL Injection vulnerability	8.5	04/06/2026
Sunshine Photo Cart<= 3.6.7 Broken Access Control vulnerability	6.3	02/06/2026
FPW Category Thumbnails<= 1.9.5 Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability	6.5	2 hours ago
hiWeb Migration Simple<= 2.0.0.1 Reflected Cross-Site Scripting vulnerability	7.1	3 hours ago
rognone<= 0.6.2 Reflected Cross-Site Scripting vulnerability	7.1	3 hours ago
rognone<= 0.6.2 Reflected Cross-Site Scripting vulnerability	7.1	3 hours ago
Simple Custom Login Page<= 1.0.3 Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	7.1	3 hours ago
Spectra<= 2.19.25 Authenticated (Contributor+) Remote Code Execution vulnerability	8.8	3 hours ago
GEO my WordPress<= 4.5.5 Unauthenticated SQL Injection vulnerability	9.3	3 hours ago
Simple History<= 5.26.0 Authenticated (Subscriber+) Account Takeover vulnerability	7.5	3 hours ago
SePay Gateway<= 1.1.20 Sensitive Data Exposure vulnerability	6.5	5 hours ago
Tiled Gallery Carousel Without JetPack<= 3.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	15 hours ago
Easy Cart<= 1.8 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	15 hours ago
ZeM STL<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	15 hours ago
BirdSeed<= 2.2.0 Cross-Site Request Forgery vulnerability	4.3	15 hours ago
Word Replacer<= 0.4 Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability	5.9	15 hours ago
WP Nano AD<= 1.31 Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability	5.9	15 hours ago
DeMomentSomTres Shortcodes<= 1.1.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	15 hours ago
Remove NoFollow Commenter URL<= 1.0 Cross-Site Request Forgery to Settings Update vulnerability	4.3	15 hours ago
Google Plus One Bottom<= 0.0.2 Cross-Site Request Forgery to Plugin Settings Update vulnerability	4.3	15 hours ago