The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total37,409

MitigationsMitigation rules13,770

No official fix10,756

In triage1,259

Published soon11

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
WoWPth<= 2.0 Reflected XSS vulnerability	7.1	11 hours ago
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes<= 1.4.9 Authenticated (Subscriber+) SQL Injection vulnerability	8.5	11 hours ago
Ads Pro<= 4.89 Unauthenticated SQL Injection vulnerability	9.3	11 hours ago
Ads Pro<= 4.89 Unauthenticated Time-Based SQL Injection via ‘bsa_pro_id' vulnerability	9.3	11 hours ago
Likes and Dislikes<= 1.0.0 Unauthenticated SQL Injection vulnerability	9.3	11 hours ago
ArielBrailovsky-ViralAd<= 1.0.8 Unauthenticated SQL Injection vulnerability	9.3	11 hours ago
WPBookit<= 1.0.2 Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update vulnerability	9.8	11 hours ago
Advanced Google reCAPTCHA<= 1.29 Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter vulnerability	8.5	11 hours ago
Himer< 2.1.3 CSRF While Sending the Invites	4.3	12 hours ago
EventON< 2.2.8 Reflected XSS vulnerability	7.1	12 hours ago
EventON< 4.5.5 Reflected XSS vulnerability	7.1	12 hours ago
Frontend Dashboard1.5.10-2.2.7 WordPress Frontend Dashboard plugin 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function vulnerability	8.8	12 hours ago
Custom Login Page Customizer< 2.5.4 Unauthenticated Arbitrary Password Reset vulnerability	9.8	12 hours ago
Himer< 2.1.1 Bypass Poll Voting Restrictions via CSRF vulnerability	4.3	12 hours ago
Presto Player< 2.2.3 Contributor+ Stored XSS vulnerability	6.5	12 hours ago
GoZen Forms<= 1.1.5 Unauthenticated SQL Injection via emdedSc() vulnerability	9.3	12 hours ago
VikBooking Hotel Booking Engine & PMS< 1.6.8 Broken Access Control vulnerability	5.4	12 hours ago
Genesis Blocks< 3.1.3 Contributor+ Stored XSS vulnerability	6.5	13 hours ago
Feedback Modal for Website<= 1.0.1 Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'export_data' Parameter vulnerability	5.3	13 hours ago
Image Photo Gallery Final Tiles Grid<= 3.6.8 Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting vulnerability	5.9	13 hours ago