Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,599
Mitigations
Mitigation rules
14,782
No official patch
11,283
In triage
1,412
Published soon
77
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WP DSGVO Tools (GDPR)
<= 3.1.38
Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users vulnerability
9.1
3 hours ago
JetEngine
<= 3.8.6.1
Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter vulnerability
9.3
3 hours ago
WPGraphQL
<= 2.9.1
Broken Access Control vulnerability
5.4
16 hours ago
Woocommerce Custom Product Addons Pro
<= 5.4.1
Unauthenticated Remote Code Execution via Custom Pricing Formula vulnerability
10
17 hours ago
Contest Gallery
<= 28.1.5
Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion vulnerability
8.1
17 hours ago
JupiterX Core
<= 4.14.1
Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import vulnerability
8.8
17 hours ago
WP Job Portal
<= 2.4.8
Unauthenticated SQL Injection via 'radius' Parameter vulnerability
9.3
17 hours ago
Product Filter by WBW
<= 3.1.2
Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE TABLE vulnerability
6.5
17 hours ago
LearnDash LMS
<= 5.0.3
Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter vulnerability
8.5
18 hours ago
User Registration
<= 5.1.4
Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation vulnerability
5.4
18 hours ago
LearnPress
<= 4.3.2.8
Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion vulnerability
4.3
19 hours ago
Quiz And Survey Master
<= 10.3.5
Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter vulnerability
8.5
19 hours ago
Smart Custom Fields
<= 5.0.6
Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search vulnerability
4.3
19 hours ago
King Addons for Elementor
<= 51.1.49
Unauthenticated API Keys Disclosure vulnerability
5.3
20 hours ago
Sina Extension for Elementor
<= 3.7.0
Authenticated (Contributor+) Stored Cross-Site Scripting via `Fancy Text Widget` And `Countdown Widget` vulnerability
6.5
20 hours ago
JetFormBuilder
<= 3.5.6.2
Unauthenticated Arbitrary File Read via Media Field vulnerability
7.5
1 day ago
Shortcodes Blocks Creator Ultimate
<= 2.2.0
Reflected Cross-Site Scripting via 'page' vulnerability
7.1
1 day ago
Shortcodes Blocks Creator Ultimate
<= 2.2.0
Reflected Cross-Site Scripting via _wpnonce vulnerability
7.1
1 day ago
SEO Help
<= 6.1.3
Reflected Cross-Site Scripting vulnerability
7.1
1 day ago
Video & Photo Gallery for Ultimate Member
<= 1.1.1
Reflected Cross-Site Scripting vulnerability
7.1
1 day ago
Load more