Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,640
Mitigations
Mitigation rules
14,806
No official patch
11,257
In triage
1,515
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Auto Post Scheduler
<= 1.84
Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page vulnerability
7.1
30 minutes ago
WooCommerce Payments
<= 10.5.1
Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax vulnerability
6.5
37 minutes ago
Kubio AI Page Builder
<= 2.7.0
Cross Site Scripting (XSS) vulnerability
6.5
1 hour ago
Loco Translate
<= 2.8.2
Reflected Cross-Site Scripting via 'update_href' Parameter vulnerability
7.1
3 hours ago
Oxygen
<= 6.0.8
Unauthenticated Server-Side Request Forgery via route_path vulnerability
7.2
3 hours ago
Gravity SMTP
<= 2.1.4
Unauthenticated Sensitive Information Exposure via REST API vulnerability
7.5
4 hours ago
Everest Forms Pro
<= 1.9.12
Unauthenticated Remote Code Execution via Calculation Field vulnerability
10
4 hours ago
Contact Form by Supsystic
<= 1.7.36
Unauthenticated Server-Side Template Injection via Prefill Functionality vulnerability
10
4 hours ago
Ibtana
<= 1.2.5.7
WordPress Ibtana - WordPress Website Builder plugin <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
11 hours ago
TrueBooker
<= 1.1.4
WordPress Truebooker - Appointment Booking and Scheduler Plugin plugin <= 1.1.4 - Sensitive Information Exposure via Views Files vulnerability
5.3
11 hours ago
Debugger & Troubleshooter
<= 1.3.2
Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation vulnerability
9.8
14 hours ago
Fluent Booking
<= 2.0.01
Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability
7.1
21 hours ago
Ultimate Member
<= 2.11.2
Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag vulnerability
8
22 hours ago
Blackhole for Bad Bots
<= 3.8
Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header vulnerability
7.1
22 hours ago
LeadConnector
< 3.0.22
Unauthenticated Rest Call vulnerability
6.5
22 hours ago
Shared Files
< 1.7.58
Contributor+ Arbitrary File Download vulnerability
6.5
22 hours ago
Frontend Admin by DynamiApps
<= 3.28.31
Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts vulnerability
7.2
1 day ago
FloristPress
<= 7.8.2
Reflected Cross-Site Scripting via 'noresults' Parameter vulnerability
7.1
1 day ago
JS Help Desk
<= 3.0.4
WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter vulnerability
9.3
1 day ago
SureForms
<= 2.5.2
Unauthenticated Payment Amount Validation Bypass via 'form_id' vulnerability
7.5
1 day ago
Load more