The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,332

Mitigation rules13,165

No official fix9,857

In triage1,683

Published soon5

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
All-in-One Video Gallery4.5.4-4.5.7 Authenticated (Author+) Arbitrary File Upload vulnerability	9.1	3 minutes ago
myLCO<= 0.8.1 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	1 hour ago
Starter Templates<= 4.4.41 Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass vulnerability	9.1	2 hours ago
Widgets for Google Reviews<= 13.2.4 Unauthenticated Stored Cross-Site Scripting via Google Reviews vulnerability	7.1	2 hours ago
Plugin for Google Reviews<= 6.8 Unauthenticated Stored Cross-Site Scripting via Google Review vulnerability	7.1	2 hours ago
FluentForm<= 6.1.7 Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id vulnerability	6.5	3 hours ago
Live Sales Notification for Woocommerce - Woomotiv<= 3.6.3 Reflected Cross-Site Scripting vulnerability	7.1	3 hours ago
Application Passwords<= 0.1.3 Reflected Cross-Site Scripting via reject_url vulnerability	7.1	3 hours ago
CSV Sumotto<= 1.0 Reflected Cross-Site Scripting vulnerability	7.1	3 hours ago
Flex QR Code Generator<= 1.2.6 Unauthenticated Arbitrary File Upload vulnerability	10	3 hours ago
10Web Booster – Website speed optimization, Cache & Page Speed optimizer<= 2.32.7 Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache vulnerability	9.6	3 hours ago
WPKoi Templates for Elementor<= 3.4.4 Broken Access Control vulnerability	4.3	2 days ago
Canadian Nutrition Facts Label<= 3.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Nutrition Label Custom Post Type vulnerability	6.5	2 days ago
Social Feed Gallery Portfolio<= 1.3 Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability	6.5	2 days ago
CodeConfig Accessibility<= 1.0.0 Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation vulnerability	5.4	2 days ago
RevInsite<= 1.1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	2 days ago
Extra Post Images<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	2 days ago
Cute News Ticker<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability	6.5	2 days ago
g-FFL Cockpit<= 1.7.1 Improper Authorization to Unauthenticated Product Deletion vulnerability	5.3	2 days ago
CSS3 Buttons<= 0.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	2 days ago