Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,989
Mitigations
Mitigation rules
14,874
No official patch
11,331
In triage
1,402
Published soon
40
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
AddFunc Head & Footer Code
<= 2.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields vulnerability
6.5
8 hours ago
Aruba HiSpeed Cache
<= 3.0.4
Cross-Site Request Forgery to Plugin Settings Reset vulnerability
4.3
8 hours ago
UsersWP
<= 1.2.58
Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter vulnerability
4.3
8 hours ago
Download Manager
<= 3.3.51
Missing Authorization to Authenticated (Contributor+) Media File Protection Removal vulnerability
4.3
8 hours ago
WP-Optimize
<= 4.5.0
Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation vulnerability
5.4
8 hours ago
Bookly
<= 27.0
WordPress Online Scheduling and Appointment Booking System - Bookly plugin <= 27.0 - Unauthenticated Price Manipulation via 'tips' vulnerability
5.3
8 hours ago
List category posts
<= 0.94.0
Authenticated (Author+) Stored Cross-Site Scripting via 'catlist' Shortcode vulnerability
6.5
8 hours ago
Ultimate FAQ
<= 2.4.7
Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content vulnerability
5.9
8 hours ago
OSM
<= 6.1.15
Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute vulnerability
6.5
9 hours ago
MStore API
<= 4.18.3
Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Meta Update vulnerability
4.3
9 hours ago
Experto Dashboard for WooCommerce
<= 1.0.4
Authenticated (Administrator+) Stored Cross-Site Scripting via 'Navigation Font Size' Setting vulnerability
5.9
9 hours ago
Download Manager
<= 3.3.52
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
9 hours ago
Ziggeo
<= 3.1.1
Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via 'ziggeo_ajax' AJAX Action vulnerability
5.4
9 hours ago
Magazine Companion
<= 1.3.0
Authenticated (Author+) Stored Cross-Site Scripting via 'sliderStyle' Block Attribute vulnerability
5.9
10 hours ago
Extensions for Leaflet Map
<= 4.14
Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode vulnerability
6.5
10 hours ago
Advanced Contact form 7 DB
<= 2.0.9
Cross-Site Request Forgery to Form Entry Deletion vulnerability
4.3
10 hours ago
Advanced Contact form 7 DB
<= 2.0.9
Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel Export vulnerability
4.3
10 hours ago
PageLayer
<= 2.0.8
Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes vulnerability
6.5
10 hours ago
BEAR
<= 1.1.5
WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability
4.3
10 hours ago
BEAR
<= 1.1.5
WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification vulnerability
4.3
10 hours ago
Load more