The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,420

MitigationsMitigation rules15,243

No official patch12,918

In triage1,591

Published soon5

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Gift Cards For WooCommerce Pro<= 4.2.6 Arbitrary File Upload vulnerability	10	6 hours ago
WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons<= 1.0.8 Authenticated (Editor+) Stored Cross-Site Scripting vulnerability	5.9	9 hours ago
Broadstreet Ads<= 1.52.2 Authenticated (Subscriber+) Private Post Meta Disclosure vulnerability	4.3	10 hours ago
YITH WooCommerce Product Add-Ons<= 4.29.0 SQL Injection vulnerability	7.6	10 hours ago
Visualizer< 4.0.0 Cross Site Scripting (XSS) vulnerability	6.5	10 hours ago
WpBookingly<= 1.2.9 Broken Access Control vulnerability	6.5	11 hours ago
Image Photo Gallery Final Tiles Grid<= 3.6.11 Broken Access Control vulnerability	4.3	11 hours ago
PDF for Elementor Forms + Drag And Drop Template Builder<= 5.5.1 Broken Access Control vulnerability	5	11 hours ago
Slider Revolution<= 7.0.9 Unauthenticated Sensitive Information Exposure vulnerability	5.3	1 day ago
@angular/platform-server<= 18.2.14 NPM: @angular/platform-server: SSRF via Hostname Hijacking	8.8	1 day ago
@beproduct/nestjs-auth>= 0.1.2, <= 0.1.19 NPM: Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm	10	1 day ago
camofox-mcp< 1.13.2 NPM: CamoFox MCP: Unauthenticated HTTP MCP browser-control surface	7	1 day ago
sillytavern<= 1.17.0 NPM: SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl	8.5	1 day ago
@libp2p/kad-dht< 16.2.6 NPM: @libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes	7.5	1 day ago
nuxt>= 4.0.0-alpha.1, <= 4.4.5 NPM: Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning	2.3	1 day ago
@nuxt/nitro-server>= 4.2.0, <= 4.4.5 NPM: Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning	2.3	1 day ago
@penpot/mcp< 2.15.0 NPM: PenPot MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE	8.8	1 day ago
@haxtheweb/haxcms-nodejs< 26.0.0 NPM: HAX CMS: Denial of Service using Malicious Import Request	6.5	1 day ago
turbo<= 2.9.13 NPM: Trubo: Login callback CSRF/session fixation	5.1	1 day ago
turbo>= 1.1.0, < 2.9.14 NPM: Turbo: Unexpected local code execution during Yarn Berry detection	9.8	1 day ago