Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,024
Mitigations
Mitigation rules
13,911
No official fix
10,826
In triage
1,263
Published soon
20
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Aiomatic
<= 2.0.5
WordPress AIomatic - Automatic AI Content Writer plugin <= 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability
5.8
7 hours ago
Form Maker by 10Web
<= 1.15.35
Unauthenticated Stored Cross-Site Scripting via Hidden Field vulnerability
7.1
8 hours ago
OS DataHub Maps
<= 1.8.3
Authenticated (Author+) Arbitrary File Upload vulnerability
9.1
8 hours ago
Form Maker by 10Web
<= 1.15.35
Unauthenticated Stored Cross-Site Scripting via SVG file vulnerability
7.1
8 hours ago
PeproDev WooCommerce Receipt Uploader
<= 2.6.9
Reflected Cross-Site Scripting vulnerability
7.1
8 hours ago
Mail Mint
<= 1.19.2
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
7.1
8 hours ago
Mortgage Calculator Estatik
<= 2.0.11
Reflected Cross-Site Scripting vulnerability
7.1
9 hours ago
Library Viewer
< 3.2.0
Reflected Cross-Site Scripting vulnerability
7.1
9 hours ago
EventON-RSVP
< 2.9.5
Reflected XSS vulnerability
7.1
9 hours ago
Meris
<= 1.1.2
Reflected XSS vulnerability
7.1
9 hours ago
Essential Blocks for Gutenberg
< 4.4.3
Unauthenticated Local File Inclusion vulnerability
8.1
9 hours ago
WP Duplicate
<= 1.1.8
Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action vulnerability
9.8
9 hours ago
Yoast SEO
<= 26.8
Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute vulnerability
6.5
14 hours ago
Events Listing Widget
<= 1.3.4
Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field vulnerability
5.9
14 hours ago
Code Snippets
<= 3.9.4
Cross-Site Request Forgery to Cloud Snippet Download/Update Actions vulnerability
4.3
14 hours ago
Employee Directory
<= 1.2.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute vulnerability
6.5
14 hours ago
Docus
<= 1.0.6
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
14 hours ago
WaveSurfer-WP
<= 2.8.3
Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability
6.5
14 hours ago
Orange Comfort+ accessibility toolbar for WordPress
<= 0.7
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
15 hours ago
OAuth Single Sign On – SSO (OAuth Client)
<= 6.26.14
WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 6.26.14 - Missing Authorization vulnerability
5.3
15 hours ago
Load more