Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
36,582
Mitigations
Mitigation rules
13,450
No official fix
10,467
In triage
840
Published soon
48
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Tutor LMS
<= 3.9.3
Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details vulnerability
6.5
10 hours ago
Gutenverse Form
<= 2.3.2
Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
5.9
19 hours ago
Folders
<= 3.1.5
Missing Authorization to Authenticated (Author+) Media Replacement vulnerability
4.3
19 hours ago
Block Slider
<= 2.2.3
Broken Access Control vulnerability
6.5
19 hours ago
Handmade Framework
<= 3.9
Local File Inclusion vulnerability
7.5
21 hours ago
MediaPress
<= 1.6.2
Cross Site Scripting (XSS) vulnerability
6.5
22 hours ago
X Addons for Elementor
<= 1.0.23
Cross Site Scripting (XSS) vulnerability
6.5
1 day ago
Jeg Elementor Kit
<= 3.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
6.5
1 day ago
GA4WP: Google Analytics for WordPress
<= 2.10.0
Broken Access Control vulnerability
5.4
1 day ago
Awesome Hotel Booking
<= 1.0
Incorrect Authorization to Unauthenticated Arbitrary Booking Modification vulnerability
6.5
1 day ago
Testimonial Master
<= 0.2.1
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
1 day ago
Starred Review
<= 1.4.2
Reflected Cross-Site Scripting via PHP_SELF Variable vulnerability
7.1
1 day ago
Post Like Dislike
<= 1.0
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
1 day ago
Stumble! for WordPress
<= 1.1.1
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
1 day ago
WP Widget Changer
<= 1.2.5
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
1 day ago
AA Block country
<= 1.0.1
Unauthenticated IP Address Spoofing via X-Forwarded-For Header vulnerability
5.3
1 day ago
Piraeus Bank WooCommerce Payment Gateway
<= 3.1.4
Missing Authorization to Unauthenticated Arbitrary Order Status Change vulnerability
6.5
1 day ago
Stylish Order Form Builder
<= 1.0
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter vulnerability
6.5
1 day ago
Unify
<= 3.4.9
Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter vulnerability
6.5
1 day ago
WP Enable WebP
<= 1.0
Authenticated (Author+) Arbitrary File Upload vulnerability
9.1
1 day ago
Load more