Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,526
Mitigations
Mitigation rules
14,743
No official patch
11,246
In triage
1,364
Published soon
73
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
MinhNhut Link Gateway
<= 3.6.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
3 minutes ago
Comment SPAM Wiper
<= 1.2.1
Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting vulnerability
5.9
4 minutes ago
Wikilookup
<= 1.1.5
Authenticated (Administrator+) Stored Cross-Site Scripting via 'Popup Width' Setting vulnerability
5.9
6 minutes ago
Canto
<= 3.1.1
Missing Authorization to Unauthenticated File Upload vulnerability
5.3
8 minutes ago
Multi Functional Flexi Lightbox
<= 1.2
Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter vulnerability
5.9
9 minutes ago
Xhanch – My Advanced Settings
<= 1.1.2
WordPress Xhanch - My Advanced Settings plugin <= 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability
4.3
11 minutes ago
Lobot Slider Administrator
<= 0.6.0
Cross-Site Request Forgery to Settings Update vulnerability
4.3
13 minutes ago
FuseDesk
<= 6.8
Authenticated (Contributor+) Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute vulnerability
6.5
14 minutes ago
Any Post Slider
<= 1.0.4
Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_type' Shortcode Attribute vulnerability
6.5
15 minutes ago
Appmax
<= 1.0.3
Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint vulnerability
5.3
17 minutes ago
Go Night Pro
<= 1.1.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'margin' Shortcode Attribute vulnerability
6.5
18 minutes ago
Build App Online
<= 1.0.23
Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action vulnerability
5.3
19 minutes ago
REST API TO MiniProgram
<= 5.1.2
Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter vulnerability
4.3
23 minutes ago
Sherk Custom Post Type Displays
<= 1.2.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability
6.5
27 minutes ago
e-shot
<= 1.0.2
Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via API Token via 'eshot_form_builder_get_account_data' AJAX Action vulnerability
5.3
30 minutes ago
Punnel – Landing Page Builder
<= 1.3.1
Missing Authorization to Authenticated (Subscriber+) Settings Update via 'punnel_save_config' AJAX Action vulnerability
5.3
31 minutes ago
Smarter Analytics
<= 2.0
Missing Authorization to Unauthenticated Plugin Settings Reset via 'reset' Parameter vulnerability
5.3
32 minutes ago
Integration with Hubspot Forms
<= 1.2.2
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
33 minutes ago
Twitter Feeds
<= 1.0.0
Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute vulnerability
6.5
34 minutes ago
Simple Football Scoreboard
<= 1.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
35 minutes ago
Load more