Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,698
Mitigations
Mitigation rules
14,235
No official patch
11,034
In triage
1,355
Published soon
78
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
User Registration
<= 5.1.2
Insecure Direct Object Reference to Unauthenticated Limited User Deletion vulnerability
5.3
19 minutes ago
TP2WP Importer
<= 1.1
Authenticated (Administrator+) Stored Cross-Site Scripting via 'Watched domains' Textarea vulnerability
5.9
23 minutes ago
WP Social Meta
<= 1.0.1
Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability
5.9
31 minutes ago
Custom Logo
<= 2.2
Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting vulnerability
5.9
31 minutes ago
The Events Calendar
<= 6.15.16
Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API vulnerability
5.4
35 minutes ago
Geo Mashup
<= 1.13.17
Unauthenticated SQL Injection via 'sort' Parameter vulnerability
9.3
15 hours ago
Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins.
<= 3.8.3
Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 Token vulnerability
7.5
16 hours ago
Post Duplicator
<= 3.0.8
Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' Parameter vulnerability
4.3
23 hours ago
WP Recipe Maker
<= 10.2.3
Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
4.3
23 hours ago
Disable Admin Notices individually
<= 1.4.2
WordPress Disable Admin Notices - Hide Dashboard Notifications plugin <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
23 hours ago
Secure Copy Content Protection and Content Locking
<= 5.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute vulnerability
6.5
23 hours ago
Responsive Lightbox
<= 2.7.1
Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload vulnerability
5
23 hours ago
Rise Blocks
<= 3.7
WordPress Rise Blocks - A Complete Gutenberg Page Builder plugin <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes vulnerability
6.5
1 day ago
ElementsKit Elementor addons Lite
< 3.7.9
Unauthenticated Mailchimp REST Endpoint vulnerability
6.5
1 day ago
The Plus Addons for Elementor Page Builder Lite
<= 6.4.7
WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.7 - Unauthenticated Email Relay vulnerability
5.3
1 day ago
Conditional CAPTCHA
<= 4.0.0
Open Redirect vulnerability
4.7
1 day ago
Ebook Store
<= 5.8001
Reflected Cross-Site Scripting via 'step' vulnerability
7.1
1 day ago
WP Ad Guru
<= 2.5.4
Reflected Cross-Site Scripting vulnerability
7.1
1 day ago
DesignThemes Directory Addon
<= 1.8
Broken Access Control vulnerability
7.5
2 days ago
DesignThemes Booking Manager
<= 2.0
Broken Access Control vulnerability
7.5
2 days ago
Load more