The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,951

MitigationsMitigation rules15,503

No official patch12,971

In triage1,570

Published soon10

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Schema & Structured Data for WP & AMP< 1.60 Unauthenticated Arbitrary Media Upload vulnerability	5.3	37 minutes ago
Spam protection, AntiSpam, FireWall by CleanTalk< 6.79 Unauthenticated Stored XSS via Comment Shortcode Bypass vulnerability	7.1	1 hour ago
Open User Map PRO<= 1.4.31 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 hour ago
XStore< 9.7.3 Unauthenticated SQLi vulnerability	9.3	1 hour ago
Store Locator WordPress< 1.6.6 Admin+ Stored XSS via map_style vulnerability	5.9	5 hours ago
UpdraftPlus<= 1.26.4 Unauthenticated Authentication Bypass via UpdraftCentral udrpc vulnerability	8.1	16 hours ago
Newsletters<= 4.13 Unauthenticated SQL Injection vulnerability	9.3	1 day ago
Doctreat Core<= 1.6.8 Unauthenticated Privilege Escalation vulnerability	9.8	1 day ago
aThemes Addons for Elementor<= 1.1.8 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	1 day ago
MW WP Form<= 5.1.3 Authenticated (Editor+) Stored Cross-Site Scripting vulnerability	5.9	1 day ago
Easy Image Collage<= 1.13.6 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	1 day ago
Slider Revolution<= 7.0.10 Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability	6.5	1 day ago
WP GDPR Cookie Consent<= 1.0.0 Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability	6.5	1 day ago
FV Flowplayer Video Player<= 7.5.49.7212 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
Booking Package<= 1.7.16 Authenticated (Editor+) Privilege Escalation vulnerability	7.2	1 day ago
Ad Inserter<= 2.8.15 Reflected Cross-Site Scripting vulnerability	7.1	1 day ago
Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More<= 1.0.15 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
All In One WP Security & Firewall<= 5.4.7 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
Advanced Google reCAPTCHA<= 5.38 Authenticated (Subscriber+) Authentication Bypass vulnerability	8.8	1 day ago
Hippoo Mobile App for WooCommerce<= 1.9.4 Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability	9.8	2 days ago