The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total34,950

Mitigation rules12,994

No official fix9,752

In triage1,269

Published soon4

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Profile Builder<= 3.14.8 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	4 minutes ago
Email Subscribers & Newsletters<= 5.9.10 Missing Authentication to Unauthenticated Mailing Queue Trigger vulnerability	5.3	13 minutes ago
Quiz Maker<= 6.7.0.80 Unauthenticated Sensitive Information Exposure vulnerability	5.3	14 minutes ago
New User Approve<= 3.0.9 Unauthenticated Sensitive Information Disclosure via Type Juggling vulnerability	5.3	16 minutes ago
Royal Elementor Addons<= 1.7.1036 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	33 minutes ago
YITH WooCommerce Wishlist<= 4.10.0 Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion vulnerability	5.3	35 minutes ago
YITH WooCommerce Wishlist<= 4.10.0 Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename vulnerability	5.3	38 minutes ago
wModes<= 1.2.2 Missing Authorization to Sensitive Information Disclosure vulnerability	4.3	46 minutes ago
Pixel Manager for WooCommerce<= 1.49.2 Unauthenticated Information Exposure vulnerability	5.3	18 hours ago
Icon List Block<= 1.2.1 Authenticated (Subscriber+) Server-Side Request Forgery vulnerability	6.4	18 hours ago
AI Engine<= 3.1.8 Authenticated (Editor+) Server-Side Request Forgery vulnerability	5.5	18 hours ago
WP Duplicate Page<= 1.7 Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability	4.3	18 hours ago
WP Migrate Lite<= 2.7.6 Unauthenticated Blind Server-Side Request Forgery vulnerability	7.2	18 hours ago
Enable SVG, WebP & ICO Upload<= 1.1.2 Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass vulnerability	9.1	18 hours ago
Enable SVG, WebP & ICO Upload<= 1.1.2 Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploads vulnerability	5.9	18 hours ago
Element Pack Elementor Addons<= 8.3.4 Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget vulnerability	6.5	18 hours ago
Live sales notification for WooCommerce<= 2.3.39 Missing Authorization to Unauthenticated Customer Data Exposure vulnerability	7.5	18 hours ago
Cryptocurrency Payment Gateway for WooCommerce<= 2.0.22 Missing Authorization to Unauthenticated Tracking Status Update vulnerability	5.3	22 hours ago
Restrictions for BuddyPress<= 1.5.2 Missing Authorization to Unauthenticated Tracking Status Update vulnerability	5.3	23 hours ago
Simple User Import Export<= 1.1.7 Authenticated (Admin+) CSV Injection vulnerability	6.6	23 hours ago