Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
35,815
Mitigations
Mitigation rules
13,214
No official fix
10,091
In triage
1,478
Published soon
73
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Lightweight Accordion
<= 1.5.20
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
16 minutes ago
Elementor Addon Elements
<= 1.14.3
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
36 minutes ago
HandL UTM Grabber
<= 2.8.0
Reflected Cross-Site Scripting vulnerability
7.1
1 hour ago
JetWidgets For Elementor
<= 1.0.20
Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability
6.5
1 hour ago
Restrict Elementor Widgets, Columns and Sections
<= 1.12
Broken Access Control vulnerability
4.3
2 days ago
Turitor
< 1.5.3
Local File Inclusion vulnerability
7.5
2 days ago
Digiqole
< 2.2.7
Local File Inclusion vulnerability
7.5
2 days ago
Brizy
<= 2.7.16
Authenticated (Contributor+) Sensitive Information Exposure via get_users Function vulnerability
6.5
2 days ago
King Addons for Elementor
<= 51.1.39
Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
6.5
2 days ago
Marquee Addons for Elementor
<= 2.4.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Marquee Widget vulnerability
6.5
2 days ago
Enter Addons
<= 2.2.7
Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets vulnerability
6.5
2 days ago
Popup Builder
<= 4.4.1
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
2 days ago
Livemesh SiteOrigin Widgets
<= 3.9.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets vulnerability
6.5
2 days ago
TI WooCommerce Wishlist
<= 2.10.0
Unauthenticated HTML Injection vulnerability
5.3
2 days ago
WidgetKit
<= 2.5.6
Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets vulnerability
6.5
2 days ago
myCred
<= 2.9.7
Missing Authorization to Unauthenticated Withdrawal Request Approval vulnerability
5.3
2 days ago
MediaCommander
<= 2.3.1
Missing Authorization to Authenticated (Author+) Media Folder Deletion vulnerability
6.5
2 days ago
Lucky Draw Contests
<= 4.2
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
2 days ago
Popover Windows
<= 1.2
Missing Authorization to Authenticated (Subscriber+) Popover Configuration Update via AJAX Actions vulnerability
5.4
2 days ago
Custom Frames
<= 1.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Parameter vulnerability
6.5
2 days ago
Load more