The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,304

Mitigation rules13,148

No official fix9,841

In triage1,644

Published soon9

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
User Verification<= 2.0.39 Authentication Bypass to Account Takeover vulnerability	9.8	Just now
Wp Social<= 3.1.3 Missing Authorization in Cache REST Endpoints to Social Counter Tampering vulnerability	5.3	7 hours ago
User Generator and Importer<= 1.2.2 Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation vulnerability	8.8	7 hours ago
Projectopia<= 5.1.19 Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability	5.3	7 hours ago
CryptX<= 4.0.4 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	7 hours ago
Trail Manager<= 1.0.0 Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	5.9	7 hours ago
ARK Related Posts<= 2.19 Cross-Site Request Forgery to Settings Update vulnerability	4.3	7 hours ago
Thai Lottery Widget<= 2.5 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	7 hours ago
WC Vendors Marketplace<= 2.6.4 Cross-Site Request Forgery to Vendor Product Deletion vulnerability	4.3	7 hours ago
Weekly Planner<= 1.0 Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	5.9	7 hours ago
Live CSS Preview<= 2.0.0 Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability	5.4	8 hours ago
Voidek Employee Portal<= 1.0.6 Missing Authorization vulnerability	5.3	8 hours ago
Payaza<= 0.3.8 Missing Authorization to Unauthenticated Order Status Update vulnerability	5.3	8 hours ago
Torod<= 1.9 Cross-Site Request Forgery To Plugin's Settings Modification vulnerability	4.3	8 hours ago
Time Sheets<= 2.1.3 Cross-Site Request Forgery vulnerability	4.3	8 hours ago
FitVids for WordPress<= 4.0.1 Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	5.9	8 hours ago
PostGallery<= 1.12.5 Authenticated (Subscriber+) Arbitrary File Upload vulnerability	9.9	19 hours ago
Clikstats<= 0.8 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	22 hours ago
Timetable and Event Schedule< 2.4.16 Contributor+ Event Disclosure via IDOR vulnerability	4.3	1 day ago
Custom Post Type UI<= 1.18.0 Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification vulnerability	4.8	1 day ago