Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,279
Mitigations
Mitigation rules
14,022
No official fix
10,917
In triage
1,396
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Media Library Folders
<= 8.3.6
Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename vulnerability
4.3
12 hours ago
Essential Addons for Elementor
<= 6.5.9
Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget vulnerability
6.5
12 hours ago
MP3 Audio Player for Music, Radio & Podcast by Sonaar
5.3-5.10
Authenticated (Author+) Server-Side Request Forgery vulnerability
5
12 hours ago
Mail Mint
<= 1.19.2
Authenticated (Administrator+) SQL Injection via Multiple API Endpoints vulnerability
7.6
12 hours ago
Modula Image Gallery
<= 2.13.6
WordPress Modula Image Gallery - Photo Grid & Video Gallery plugin <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing vulnerability
4.3
12 hours ago
myCred
<= 2.9.7.3
Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode vulnerability
6.5
12 hours ago
Link Hopper
<= 2.5
Authenticated (Administrator+) Stored Cross-Site Scripting via 'hop_name' Parameter vulnerability
5.9
12 hours ago
Ravelry Designs Widget
<= 1.0.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute vulnerability
6.5
12 hours ago
UpMenu
<= 3.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute vulnerability
6.5
12 hours ago
collectchat
<= 2.4.8
Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field vulnerability
6.5
12 hours ago
Press3D
<= 1.0.2
Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability
5.9
12 hours ago
Smart Forms
<= 2.6.99
Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure vulnerability
4.3
12 hours ago
User Language Switch
<= 1.6.10
Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter vulnerability
5.9
12 hours ago
User Language Switch
<= 1.6.10
Authenticated (Administrator+) Server-Side Request Forgery via 'info_language' Parameter vulnerability
5.5
12 hours ago
Payment Page
<= 1.4.6
Authenticated (Author+) Stored Cross-Site Scripting via 'pricing_plan_select_text_font_family' Parameter vulnerability
5.9
12 hours ago
MDirector Newsletter
<= 4.5.8
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
12 hours ago
MailChimp Campaigns
<= 3.2.4
Missing Authorization to Authenticated (Subscriber+) MailChimp App Disconnection vulnerability
5.3
12 hours ago
WP Quick Contact Us
<= 1.0
Cross-Site Request Forgery to Settings Update vulnerability
4.3
13 hours ago
Best-wp-google-map
<= 2.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'latitude' Shortcode Attribute vulnerability
6.5
13 hours ago
Percent to Infograph
<= 1.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
13 hours ago
Load more