Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,743
Mitigations
Mitigation rules
14,825
No official patch
11,227
In triage
1,630
Published soon
11
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WP Visitor Statistics (Real Time Traffic)
<= 8.4
Authenticated (Contributor+) Stored Cross-Site Scripting via 'height' Shortcode Attribute vulnerability
6.5
3 hours ago
Magic Conversation For Gravity Forms
<= 3.0.97
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
3 hours ago
Element Pack Elementor Addons
<= 8.4.2
Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget vulnerability
6.5
3 hours ago
Whole Enquiry Cart for WooCommerce
<= 1.2.1
Authenticated (Administrator+) Stored Cross-Site Scripting via 'woowhole_success_msg' Parameter vulnerability
5.9
4 hours ago
pz-frontend-manager
<= 1.0.6
Missing Authorization to Arbitrary User Deletion via 'dataType' Parameter vulnerability
5.3
5 hours ago
AM LottiePlayer
<= 3.6.0
Authenticated (Author+) Stored Cross-Site Scripting via SVG vulnerability
5.9
5 hours ago
Sports Club Management
<= 1.12.9
Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' Attribute vulnerability
6.5
5 hours ago
Columns by BestWebSoft
<= 1.0.3
Authenticated (Contributor+) Stored Cross-Site Scripting via 'columns' Shortcode 'id' Attribute vulnerability
6.5
5 hours ago
Quran Translations
<= 1.7
Cross-Site Request Forgery to Playlist Settings Form vulnerability
4.3
5 hours ago
Riaxe Product Customizer
<= 2.4
Unauthenticated Sensitive Information Disclosure via '/orders' REST API Endpoint vulnerability
5.3
5 hours ago
Gerador de Certificados – DevApps
<= 1.3.6
WordPress Gerador de Certificados - DevApps plugin <= 1.3.6 - Authenticated (Administrator+) Arbitrary File Upload vulnerability
7.2
7 hours ago
Wavr
<= 0.2.6
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
7 hours ago
WowPress
<= 1.0.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
8 hours ago
Inquiry form to posts or pages
<= 1.0
Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field vulnerability
5.9
8 hours ago
The Plus Addons for Elementor Page Builder Lite
<= 6.4.9
WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar vulnerability
6.5
8 hours ago
Backup Migration
<= 2.0.0
Missing Authorization to Unauthenticated Backup Upload to Offline Storage vulnerability
5.3
8 hours ago
Investi
<= 1.0.26
Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute vulnerability
6.5
8 hours ago
Strong Testimonials
<= 3.2.21
Authenticated (Contributor+) Stored Cross-Site Scripting via testimonial_view Shortcode vulnerability
6.5
8 hours ago
TableOn
<= 1.0.4.4
WordPress TableOn - WordPress Posts Table Filterable plugin <= 1.0.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability
6.5
8 hours ago
LTL Freight Quotes – R+L Carriers Edition
<= 3.3.13
WordPress LTL Freight Quotes - R+L Carriers Edition plugin <= 3.3.13 - Missing Authorization to Unauthenticated Settings Update vulnerability
5.3
8 hours ago
Load more