The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total35,880

MitigationsMitigation rules13,238

No official fix10,074

In triage1,596

Published soon0

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Ultimate Member<= 2.11.0 Unauthenticated Sensitive Information Exposure vulnerability	5.3	9 minutes ago
FiboSearch – Ajax Search for WooCommerce<= 1.32.0 Authenticated (Contributor+) Stored Cross-Site Scripting via thegem_te_search Shortcode vulnerability	6.5	10 minutes ago
Pretty Google Calendar<= 2.0.0 Missing Authorization to Unauthenticated Google API Key Exposure vulnerability	5.3	1 hour ago
Quran Gateway<= 1.5 Cross-Site Request Forgery to Settings Update vulnerability	4.3	1 hour ago
RESPONSIVE AND SWIPE SLIDER!<= 1.0.2 Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode vulnerability	5.9	1 hour ago
WP DB Booster<= 1.0.1 Cross-Site Request Forgery to Database Cleanup vulnerability	4.3	1 hour ago
Amazon affiliate lite<= 1.0.0 Cross-Site Request Forgery to Plugin Settings Update vulnerability	4.3	1 hour ago
Amazon affiliate lite<= 1.0.0 Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability	5.9	1 hour ago
F70 Lead Document Download<= 1.4.4 Missing Authorization to Unauthenticated Arbitrary Media File Download vulnerability	5.3	1 hour ago
Slimstat Analytics<= 5.3.2 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	15 hours ago
Html5 Audio Player2.4.0-2.5.1 Unauthenticated Server-Side Request Forgery vulnerability	7.2	15 hours ago
Hummingbird<= 3.18.0 Unauthenticated Sensitive Information Exposure via Log File vulnerability	7.5	16 hours ago
Image Photo Gallery Final Tiles Grid<= 3.6.7 Missing Authorization to Authenticated (Contributor+) Gallery Management vulnerability	5.4	1 day ago
myCred<= 2.9.7.1 Missing Authorization to Sensitive Information Exposure vulnerability	4.3	1 day ago
Colibri Page Builder<= 1.0.345 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	1 day ago
BA Book Everything<= 1.8.14 Authenticated (Contributor+) Stored Cross-Site Scripting via babe-search-form Shortcode vulnerability	6.5	1 day ago
Simply Schedule Appointments<= 1.6.9.16 Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability	5.3	1 day ago
Sweet Energy Efficiency<= 1.0.6 Missing Authorization to Authenticated (Subscriber+) Arbitrary Graph Deletion vulnerability	4.3	1 day ago
Prime Slider – Addons For Elementor<= 4.0.9 Authenticated (Subscriber+) Server-Side Request Forgery vulnerability	4.3	1 day ago
HUSKY<= 1.3.7.3 Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr' vulnerability	4.3	1 day ago