Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,324
Mitigations
Mitigation rules
14,611
No official patch
11,213
In triage
1,323
Published soon
31
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Code Embed
<= 2.5.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields vulnerability
6.5
5 hours ago
Post SMTP
<= 3.8.0
Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite vulnerability
5.4
5 hours ago
JSON Content Importer
< 2.0.10
Contributor+ Stored XSS vulnerability
6.5
5 hours ago
Contextual Related Posts
< 4.2.2
Broken Access Control vulnerability
5.3
1 day ago
Writeprint Stylometry
<= 0.1
Reflected Cross-Site Scripting via 'p' Parameter vulnerability
7.1
1 day ago
[CR]Paid Link Manager
<= 0.5
Reflected Cross-Site Scripting vulnerability
7.1
1 day ago
WP Go Maps
<= 10.0.05
Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings vulnerability
6.5
1 day ago
Duplicate Post
<= 4.5
Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability
5.4
1 day ago
Subscriptions for WooCommerce
<= 1.9.2
Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability
5.3
1 day ago
Royal Elementor Addons
<= 1.7.1049
WordPress Royal Addons for Elementor - Addons and Templates Kit for Elementor plugin <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure vulnerability
5.3
1 day ago
Booster for WooCommerce
< 7.11.3
Broken Access Control vulnerability
5.3
2 days ago
Listeo Core
<= 2.0.21
Reflected Cross Site Scripting (XSS) vulnerability
7.1
2 days ago
UpSolution Core
<= 8.41
Reflected Cross Site Scripting (XSS) vulnerability
7.1
2 days ago
CP Multi View Event Calendar
<= 1.4.34
Cross Site Scripting (XSS) vulnerability
6.5
2 days ago
WowStore
<= 4.4.3
WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability
9.3
2 days ago
NEX-Forms
<= 9.1.9
WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id vulnerability
7.5
2 days ago
NEX-Forms
<= 9.1.9
WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability
4.3
2 days ago
WP User Frontend
<= 4.2.8
Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter vulnerability
5.3
2 days ago
Wicked Folders
<= 4.1.0
Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability
4.3
2 days ago
Thim Elementor Kit
<= 1.3.7
Missing Authorization to Unauthenticated Private Course Disclosure vulnerability
5.3
2 days ago
Load more