Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,554
Mitigations
Mitigation rules
14,751
No official patch
11,270
In triage
1,364
Published soon
76
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WP NG Weather
<= 1.0.9
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
47 minutes ago
Tour & Activity Operator Plugin for TourCMS
<= 1.7.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
48 minutes ago
Company Posts for LinkedIn
<= 1.0.0
Missing Authorization to Authenticated (Subscriber+) Arbitrary LinkedIn Post Data Deletion vulnerability
4.3
50 minutes ago
Easy Image Gallery
<= 1.5.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery SHORTCODE Post Meta vulnerability
6.5
51 minutes ago
Weaver Show Posts
<= 1.8.1
Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability
5.9
53 minutes ago
Quentn WP
<= 1.2.12
Unauthenticated SQL Injection via 'qntn_wp_access' Cookie vulnerability
9.3
54 minutes ago
Task Manager
<= 3.0.2
Authenticated (Subscriber+) Arbitrary File Read vulnerability
6.5
56 minutes ago
App Builder
<= 5.5.10
WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin <= 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability
6.5
58 minutes ago
MimeTypes Link Icons
<= 3.2.20
Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post Content vulnerability
8.3
59 minutes ago
myLinksDump
<= 1.6
Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters vulnerability
7.6
1 hour ago
Hr Press Lite
<= 1.0.2
Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure vulnerability
6.5
1 hour ago
Review Map by RevuKangaroo
<= 1.7
Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
5.9
1 hour ago
Fonts Manager | Custom Fonts
<= 1.2
Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability
9.3
1 hour ago
Reward Video Ad for WordPress
<= 1.6
Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings vulnerability
5.9
1 hour ago
Ed's Font Awesome
<= 2.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
1 hour ago
Ed's Social Share
<= 2.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
1 hour ago
Ricerca – advanced search
<= 1.1.12
WordPress Ricerca - advanced search plugin <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings vulnerability
5.9
1 hour ago
ElementCamp
<= 2.3.6
Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter vulnerability
8.5
1 hour ago
CMS Commander
<= 2.288
Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter vulnerability
8.5
1 hour ago
MinhNhut Link Gateway
<= 3.6.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
1 hour ago
Load more