Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
49,251
Mitigations
Mitigation rules
15,912
No official patch
13,072
In triage
1,338
Published soon
67
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
@jsonbored/gittensory-mcp
<= 0.1.0
NPM: Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
6.5
6 hours ago
Eventer
<= 4.4.2
Unauthenticated SQL Injection vulnerability
9.3
10 hours ago
Eventer
<= 4.4.2
Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation vulnerability
9.3
10 hours ago
Simple Coherent Form
<= 2.4.13
Unauthenticated Arbitrary File Deletion vulnerability
9.1
10 hours ago
Jssor Slider by jssor.com
<= 3.1.24
Unauthenticated Arbitrary File Read vulnerability
7.5
10 hours ago
Backstage
<= 1.4.2
Unauthenticated Privilege Escalation vulnerability
7.5
11 hours ago
多说社会化评论框
<= 1.2
Unauthenticated Privilege Escalation vulnerability
8.8
11 hours ago
Widget Logic Visual
<= 1.52
Authenticated (Subscriber+) Remote Code Execution vulnerability
8.8
11 hours ago
waku
<= 1.0.0-beta.0
NPM: Waku has an Open Redirect via `unstable_redirect` Helper
3.1
23 hours ago
waku
<= 1.0.0-beta.0
NPM: Waku: Cross-Origin CSRF on RSC Server Action Dispatch
6.5
23 hours ago
@better-auth/scim
>= 1.5.0, < 1.7.0-beta.4
NPM: @better-auth/scim: Account/provider takeover via missing owner binding on non-org SCIM providers
8.3
1 day ago
better-auth
>= 0.3.4, < 1.6.11
NPM: Better Auth: Stale sessions persist after user deletion across admin, anonymous, and SCIM flows
3.8
1 day ago
@better-auth/scim
>= 1.6.0, < 1.6.11
NPM: Better Auth: Stale sessions persist after user deletion across admin, anonymous, and SCIM flows
3.8
1 day ago
better-auth
< 1.6.11
NPM: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
8.1
1 day ago
@better-auth/oauth-provider
>= 1.6.0, < 1.6.11
NPM: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
8.1
1 day ago
@better-auth/sso
>= 0.1.0, < 1.6.11
NPM: @better-auth/sso provider registration has server-side request forgery via unvalidated OIDC endpoints
9.6
1 day ago
better-auth
>= 1.4.8-beta.7, < 1.6.0
NPM: Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
8.1
1 day ago
@better-auth/oauth-provider
>= 1.6.0, < 1.6.11
NPM: Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
8.1
1 day ago
better-auth
< 1.6.11
NPM: Better Auth has insecure cryptographic defaults in oidcProvider: alg=none advertised and plain PKCE accepted by default
8.7
1 day ago
better-auth
< 1.6.13
NPM: Better Auth has stored XSS in the auth-server origin via javascript: redirect_uri in oidc-provider and mcp
7.7
1 day ago
Load more