Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
40,161
Mitigations
Mitigation rules
14,973
No official patch
11,320
In triage
1,389
Published soon
17
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
FluentForm
6.1.21
WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability
5.3
1 day ago
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
<= 2.0.6
Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal vulnerability
7.5
1 day ago
wpForo Forum
<= 2.4.16
Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability
6.5
1 day ago
WP Statistics
<= 14.16.4
Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation vulnerability
6.5
1 day ago
WP Statistics
<= 14.16.4
Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter vulnerability
7.1
1 day ago
MasterStudy LMS
<= 3.7.25
Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability
8.5
1 day ago
DirectoryPress
<= 3.6.26
WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin <= 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability
9.3
1 day ago
WowShipping Pro
< 1.0.8
Backdoor vulnerability
10
1 day ago
CMS für Motorrad Werkstätten
<= 1.0.0
Cross-Site Request Forgery vulnerability
4.3
1 day ago
Canto
<= 3.1.1
Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification vulnerability
4.3
1 day ago
Quiz And Survey Master
<= 10.1.0
Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability
5.3
1 day ago
Backup Guard
<= 3.1.19.8
Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal in 'fileName' Parameter vulnerability
4.9
1 day ago
LatePoint
<= 5.3.2
Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability
5.3
1 day ago
Tutor LMS
<= 3.9.8
Authenticated (Admin+) SQL Injection via 'date' Parameter vulnerability
7.6
1 day ago
Tutor LMS
<= 3.9.8
Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order vulnerability
5.3
1 day ago
Kubio AI Page Builder
<= 2.7.2
Missing Authorization to Authenticated (Contributor+) Limited File Upload via Kubio Block Attributes vulnerability
5.3
1 day ago
Form Maker by 10Web
<= 1.15.40
Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter vulnerability
7.6
1 day ago
Royal Elementor Addons
<= 1.7.1056
Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget vulnerability
6.5
1 day ago
OneSignal – Web Push Notifications
<= 3.8.0
WordPress OneSignal - Web Push Notifications plugin <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'post_id' vulnerability
3.1
1 day ago
Better Find and Replace
<= 1.7.9
WordPress Better Find and Replace - AI-Powered Suggestions plugin <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title vulnerability
5.9
1 day ago
Load more