The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,721

MitigationsMitigation rules15,377

No official patch12,989

In triage1,529

Published soon23

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 2.0.8 SQL Injection vulnerability	8.5	04/06/2026
Sunshine Photo Cart<= 3.6.7 Broken Access Control vulnerability	6.3	02/06/2026
SePay Gateway<= 1.1.20 Sensitive Data Exposure vulnerability	6.5	02/06/2026
LiteSpeed Cache<= 7.7 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	2 hours ago
WP Travel Pro<= 10.6.0 Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators vulnerability	9.1	2 hours ago
WooCommerce Infinite Scroll<= 1.8 Authenticated (Subscriber+) PHP Object Injection vulnerability	8.8	2 hours ago
Link Whisper Free<= 0.9.0 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	2 hours ago
StatCounter<= 2.1.1 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	7.1	3 hours ago
Login with phone number1.8.50-1.8.60 Unauthenticated Authentication Bypass vulnerability	9.8	6 hours ago
Advanced Google Maps<= 6.0.4 Unauthenticated Privilege Escalation vulnerability	9.8	6 hours ago
Rank Math SEO<= 1.0.271 Missing Authorization to Unauthenticated Homepage Settings Modification vulnerability	5.3	19 hours ago
Contact Form 7 – PayPal & Stripe Add-on<= 2.4.9 Unauthenticated Payment Bypass vulnerability	5.3	20 hours ago
Frontend Admin by DynamiApps<= 3.28.8 Authenticated (Administrator+) SQL Injection vulnerability	7.6	20 hours ago
Media LIbrary Assistant<= 3.35 Cross-Site Request Forgery vulnerability	8.1	21 hours ago
The Plus Addons for Elementor Page Builder Lite<= 6.4.15 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	21 hours ago
Automotive Car Dealership Business<= 13.4.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	22 hours ago
Simple Divi Shortcode<= 1.2 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	23 hours ago
Breeze<= 2.5.2 Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor vulnerability	5.3	1 day ago
Post Snippets<= 4.0.19 Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability	5.9	1 day ago
Poll Maker<= 6.3.7 Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action vulnerability	4.3	1 day ago