Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
36,556
Mitigations
Mitigation rules
13,427
No official fix
10,451
In triage
787
Published soon
45
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Gutenverse Form
<= 2.3.2
Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
5.9
37 minutes ago
Folders
<= 3.1.5
Missing Authorization to Authenticated (Author+) Media Replacement vulnerability
4.3
49 minutes ago
Jeg Elementor Kit
<= 3.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
6.5
8 hours ago
Awesome Hotel Booking
<= 1.0
Incorrect Authorization to Unauthenticated Arbitrary Booking Modification vulnerability
6.5
11 hours ago
Testimonial Master
<= 0.2.1
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
11 hours ago
Starred Review
<= 1.4.2
Reflected Cross-Site Scripting via PHP_SELF Variable vulnerability
7.1
11 hours ago
Post Like Dislike
<= 1.0
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
11 hours ago
Stumble! for WordPress
<= 1.1.1
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
11 hours ago
WP Widget Changer
<= 1.2.5
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
11 hours ago
AA Block country
<= 1.0.1
Unauthenticated IP Address Spoofing via X-Forwarded-For Header vulnerability
5.3
11 hours ago
Piraeus Bank WooCommerce Payment Gateway
<= 3.1.4
Missing Authorization to Unauthenticated Arbitrary Order Status Change vulnerability
6.5
11 hours ago
Stylish Order Form Builder
<= 1.0
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter vulnerability
6.5
12 hours ago
Unify
<= 3.4.9
Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter vulnerability
6.5
15 hours ago
WP Enable WebP
<= 1.0
Authenticated (Author+) Arbitrary File Upload vulnerability
9.1
15 hours ago
SVG Map Plugin
<= 1.0.0
Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting vulnerability
7.1
15 hours ago
Premmerce WooCommerce Customers Manager
<= 1.1.14
Reflected Cross-Site Scripting vulnerability
7.1
15 hours ago
WP Photo Album Plus
<= 9.1.05.008
Reflected Cross-Site Scripting vulnerability
7.1
15 hours ago
HBLPAY Payment Gateway for WooCommerce
<= 5.0.0
Reflected Cross-Site Scripting via 'cusdata' Parameter vulnerability
7.1
15 hours ago
Bit Form – Contact Form Plugin
<= 2.21.6
WordPress Bit Form - Contact Form Plugin plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay vulnerability
6.5
15 hours ago
Flashcard
<= 0.9
Authenticated (Contributor+) Arbitrary File Read via Path Traversal vulnerability
6.5
15 hours ago
Load more