The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,681

MitigationsMitigation rules15,355

No official patch12,999

In triage1,512

Published soon81

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 2.0.8 SQL Injection vulnerability	8.5	04/06/2026
Sunshine Photo Cart<= 3.6.7 Broken Access Control vulnerability	6.3	02/06/2026
SePay Gateway<= 1.1.20 Sensitive Data Exposure vulnerability	6.5	02/06/2026
WP Contact Form 7 DB Handler<= 3.0 Cross-Site Request Forgery to Arbitrary File Deletion vulnerability	8.1	8 hours ago
Geo Mashup<= 1.13.19 Missing Authorization to Unauthenticated Plugin Settings Disclosure vulnerability	5.3	8 hours ago
SMTP2GO<= 1.16.0 Missing Authorization to Authenticated (Subscriber+) Log Read/Truncate vulnerability	4.3	8 hours ago
Easy Digital Downloads<= 3.6.7 Cross-Site Request Forgery to Payment Account Hijacking vulnerability	4.3	9 hours ago
LiveSmart Video Chat Live Video Chat<= 1.2 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	9 hours ago
The Post Grid<= 7.9.2 Broken Access Control vulnerability	4.3	11 hours ago
ElementsKit Elementor addons Lite<= 3.9.6 Broken Access Control vulnerability	5.3	11 hours ago
Timetable and Event Schedule<= 2.4.16 Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability	4.3	11 hours ago
ElementsKit Elementor addons Lite<= 3.9.6 Broken Access Control vulnerability	4.3	11 hours ago
WP Meta and Date Remover<= 2.3.6 Broken Access Control vulnerability	4.3	11 hours ago
DearFlip<= 2.4.27 Broken Access Control vulnerability	4.3	11 hours ago
FOX<= 1.4.6 Authenticated (Subscriber+) Authorization Bypass vulnerability	4.3	11 hours ago
Duplicate Page and Post<= 2.9.5 SQL Injection vulnerability	8.5	11 hours ago
Advanced Custom Fields: Font Awesome Field<= 5.0.2 Cross Site Scripting (XSS) vulnerability	6.5	11 hours ago
Adminimize<= 1.11.11 Broken Access Control vulnerability	4.3	11 hours ago
Facebook for WooCommerce<= 3.7.0 Open Redirection vulnerability	4.7	12 hours ago
SVG Support<= 2.5.14 Broken Access Control vulnerability	4.3	12 hours ago