Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
36,627
Mitigations
Mitigation rules
13,460
No official fix
10,481
In triage
881
Published soon
31
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
User Registration
<= 4.4.8
Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability
4.3
34 minutes ago
Templately
<= 3.4.8
Unauthenticated Limited Arbitrary JSON File Write vulnerability
5.3
34 minutes ago
miniOrange OTP Verification and SMS Notification for WooCommerce
<= 4.3.8
Missing Authorization to Unauthenticated Notification Settings Modification vulnerability
5.3
35 minutes ago
Blog2Social
<= 8.7.2
Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
4.3
36 minutes ago
Autogen Headers Menu
<= 1.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'head_class' Shortcode Parameter vulnerability
6.5
1 hour ago
Woodpecker for WordPress
<= 3.0.4
Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute vulnerability
6.5
1 hour ago
PullQuote
<= 1.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
1 hour ago
Lesson Plan Book
<= 1.3
Reflected Cross-Site Scripting vulnerability
7.1
13 hours ago
MG AdvancedOptions
<= 1.2
Reflected Cross-Site Scripting vulnerability
7.1
13 hours ago
Top Position Google Finance
<= 0.1.0
Reflected Cross-Site Scripting vulnerability
7.1
13 hours ago
Eventin
<= 4.0.51
WordPress Eventin - Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) plugin <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' vulnerability
7.1
13 hours ago
Frontend Admin by DynamiApps
<= 3.28.23
Unauthenticated Stored Cross-Site Scripting via 'update_field' vulnerability
7.1
14 hours ago
Slimstat Analytics
<= 5.3.3
Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter vulnerability
7.1
14 hours ago
Slimstat Analytics
<= 5.3.4
Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters vulnerability
7.1
15 hours ago
Sendinblue for WooCommerce
<= 4.0.49
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
15 hours ago
Frontend Admin by DynamiApps
<= 3.28.25
Unauthenticated Privilege Escalation to Administrator via Role Form Field vulnerability
9.8
15 hours ago
Frontend Admin by DynamiApps
<= 3.28.25
Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability
9.1
15 hours ago
Client Testimonial Slider
<= 2.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'aft_testimonial_meta_name' Metabox Field vulnerability
6.5
23 hours ago
Contact Form vCard Generator
<= 2.4
Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter vulnerability
5.3
23 hours ago
Debt.com Business in a Box
<= 4.1.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
23 hours ago
Load more