The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total48,520

MitigationsMitigation rules15,609

No official patch12,969

In triage1,525

Published soon2

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Transbank Webpay REST< 1.14.0 Unauthenticated Stored XSS vulnerability	7.1	11 hours ago
LBG Zoominoutslider<= 5.4.4 SQL Injection vulnerability	8.5	12 hours ago
Vitepos< 3.4.2 Outlet Manager+ Privilege Escalation vulnerability	7.2	13 hours ago
Simple File List<= 6.3.7 Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action vulnerability	7.5	14 hours ago
Simple File List<= 6.3.7 Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' Parameter vulnerability	7.5	14 hours ago
Contact Form Entries<= 1.5.1 Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability	8.6	14 hours ago
Branda<= 3.4.29 WordPress Branda - White Label & Branding, Free Login Page Customizer plugin <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability	9.8	14 hours ago
Motors< 1.4.110 Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media vulnerability	5.4	14 hours ago
Pie Register< 3.8.4.10 Unauthenticated Email Verification Bypass via Predictable Token vulnerability	5.3	15 hours ago
Simple File List<= 6.3.7 Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode Attribute vulnerability	6.5	15 hours ago
@merill/lokka< 2.1.2 NPM: Lokka: Azure Resource Manager URL path validation issue	8.7	3 days ago
@jhb.software/payload-cloudinary-plugin>= 0.3.0, < 0.4.0 NPM: @jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing	7.1	3 days ago
appium-mcp<= 1.85.9 NPM: appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)	8.2	3 days ago
@zenalexa/unicli< 0.225.2 NPM: Uni-CLI: Legacy HTTP MCP transport accepted browser-originated localhost requests	8.6	3 days ago
parse-server<= 8.6.82 NPM: parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change	2.3	3 days ago
mcp-searxng< 1.7.1 NPM: SearXNG MCP Server: DNS-resolved Private Hostname SSRF in `web_url_read`	7.1	3 days ago
mcp-searxng< 1.7.1 NPM: SearXNG MCP Server: Unbounded Response Body Read Bypasses URL Size Limit in `web_url_read`	7.5	3 days ago
network-ai<= 5.12.1 NPM: Network-AI: EnvironmentManager.restore() backup ID path traversal copies arbitrary directories into environment data	6.1	3 days ago
network-ai<= 5.12.1 NPM: Network-AI: EnvironmentManager.backup() follows symlinked directories and copies files outside the environment root into backups	5.5	3 days ago
network-ai>= 5.0.0, <= 5.12.1 NPM: Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions	5.9	3 days ago