The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total48,849
Mitigations15,763
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
GiveWP<= 4.15.3
Cross-Site Request Forgery vulnerability
4.3
12 hours ago
Appointment Booking Calendar<= 1.4.02
Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability
4.3
12 hours ago
Contact Form by WPForms<= 1.10.2
Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection vulnerability
5.3
13 hours ago
JetWidgets For Elementor<= 1.0.21
Authenticated (Author+) Stored Cross-Site Scripting vulnerability
5.9
13 hours ago
Event Organiser<= 3.12.9
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
13 hours ago
FV Flowplayer Video Player<= 7.5.51.7212
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
13 hours ago
Kali Forms<= 2.4.13
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
14 hours ago
Tutor LMS<= 3.9.13
Authenticated (Author+) Stored Cross-Site Scripting vulnerability
5.9
14 hours ago
Gutenberg Blocks by Kadence Blocks<= 3.7.7
Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Optimizer Data Deletion/Read/Modification vulnerability
4.3
14 hours ago
GiveWP<= 4.16.0
Authenticated (Author+) Stored Cross-Site Scripting vulnerability
5.9
14 hours ago
JoomSport<= 5.7.8
Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Deletion vulnerability
4.3
14 hours ago
Ajax Load More - Filters<= 3.4.1
WordPress Ajax Load More - Filters plugin <= 3.4.1 - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
19 hours ago
Dokan<= 5.0.4
Authenticated (Custom+) Stored Cross-Site Scripting vulnerability
7.1
19 hours ago
Frisbii Pay<= 1.8.9
Missing Authorization to Authenticated (Subscriber+) Payment Token Modification vulnerability
6.5
19 hours ago
MaxButtons<= 9.8.5
Reflected Cross-Site Scripting vulnerability
7.1
19 hours ago
EventON<= 5.0.11
WordPress EventON (Pro) - WordPress Virtual Event Calendar Plugin plugin <= 5.0.11 - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection vulnerability
9.3
19 hours ago
Export User Data<= 2.2.6
Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion vulnerability
8
19 hours ago
ProfileGrid <= 5.9.9.5
User Profiles, Groups and Communities plugin <= 5.9.9.5 - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability
9.8
20 hours ago
Frontend File Manager<= 23.6
Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
7.7
20 hours ago
Gutenberg Blocks by Kadence Blocks<= 3.7.7
Missing Authorization to Authenticated (Contributor+) Arbitrary Media Attachment Creation vulnerability
4.3
1 day ago