Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
37,054
Mitigations
Mitigation rules
13,661
No official fix
10,673
In triage
1,141
Published soon
44
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Star Review Manager
<= 1.2.2
Cross-Site Request Forgery to Settings Update vulnerability
4.3
1 hour ago
Administrative Shortcodes
<= 0.3.4
Authenticated (Contributor+) Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes vulnerability
6.5
1 hour ago
Administrative Shortcodes
<= 0.3.4
Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute vulnerability
7.5
1 hour ago
ZT Captcha
<= 1.0.4
Cross-Site Request Forgery to Settings Update vulnerability
4.3
1 hour ago
Cookie consent for developers
<= 1.7.1
Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields vulnerability
5.9
1 hour ago
Wise Analytics
<= 1.1.9
Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter vulnerability
5.3
2 hours ago
AIKTP
<= 5.0.04
Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions vulnerability
5.4
2 hours ago
WP Youtube Video Gallery
<= 1.0
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
3 hours ago
Alchemist Ajax Upload
<= 1.1
Missing Authorization to Unauthenticated Arbitrary Media File Deletion vulnerability
5.3
3 hours ago
Same Category Posts
<= 1.1.19
Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder vulnerability
5.9
3 hours ago
VK Google Job Posting Manager
<= 1.2.20
Authenticated (Author+) Stored Cross-Site Scripting via Job Description Field vulnerability
5.9
3 hours ago
Simple Crypto Shortcodes
<= 1.0.2
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
3 hours ago
Melapress Role Editor
<= 1.1.1
Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment vulnerability
8.8
19 hours ago
BuddyPress
<= 14.3.3
Unauthenticated Arbitrary Shortcode Execution vulnerability
7.3
19 hours ago
All-in-One Video Gallery
<= 4.6.4
Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion vulnerability
6.5
19 hours ago
WP DSGVO Tools (GDPR)
<= 3.1.36
Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode vulnerability
6.5
20 hours ago
weDocs
<= 2.1.16
Missing Authorization to Authenticated (Subscriber+) Documentation Post Update vulnerability
4.3
20 hours ago
Schema & Structured Data for WP & AMP
<= 1.54
Authenticated (Contributor+) Stored Cross-Site Scripting via User Custom Schema vulnerability
6.5
20 hours ago
KiviCare
<= 3.6.15
WordPress KiviCare - Clinic & Patient Management System (EHR) plugin <= 3.6.15 - Missing Authorization to Unauthenticated Limited Arbitrary File Upload vulnerability
5.3
20 hours ago
WP RSS Aggregator
<= 5.0.10
Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode vulnerability
6.5
20 hours ago
Load more