Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,596
Mitigations
Mitigation rules
14,780
No official patch
11,283
In triage
1,412
Published soon
77
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Woocommerce Custom Product Addons Pro
<= 5.4.1
Unauthenticated Remote Code Execution via Custom Pricing Formula vulnerability
10
13 minutes ago
Contest Gallery
<= 28.1.5
Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion vulnerability
8.1
30 minutes ago
JupiterX Core
<= 4.14.1
Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import vulnerability
8.8
37 minutes ago
WP Job Portal
<= 2.4.8
Unauthenticated SQL Injection via 'radius' Parameter vulnerability
9.3
45 minutes ago
Product Filter by WBW
<= 3.1.2
Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE TABLE vulnerability
6.5
52 minutes ago
LearnDash LMS
<= 5.0.3
Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter vulnerability
8.5
1 hour ago
User Registration
<= 5.1.4
Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation vulnerability
5.4
1 hour ago
LearnPress
<= 4.3.2.8
Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion vulnerability
4.3
2 hours ago
Quiz And Survey Master
<= 10.3.5
Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter vulnerability
8.5
2 hours ago
Smart Custom Fields
<= 5.0.6
Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search vulnerability
4.3
2 hours ago
King Addons for Elementor
<= 51.1.49
Unauthenticated API Keys Disclosure vulnerability
5.3
3 hours ago
Sina Extension for Elementor
<= 3.7.0
Authenticated (Contributor+) Stored Cross-Site Scripting via `Fancy Text Widget` And `Countdown Widget` vulnerability
6.5
3 hours ago
JetFormBuilder
<= 3.5.6.2
Unauthenticated Arbitrary File Read via Media Field vulnerability
7.5
8 hours ago
Shortcodes Blocks Creator Ultimate
<= 2.2.0
Reflected Cross-Site Scripting via 'page' vulnerability
7.1
9 hours ago
Shortcodes Blocks Creator Ultimate
<= 2.2.0
Reflected Cross-Site Scripting via _wpnonce vulnerability
7.1
9 hours ago
SEO Help
<= 6.1.3
Reflected Cross-Site Scripting vulnerability
7.1
9 hours ago
Video & Photo Gallery for Ultimate Member
<= 1.1.1
Reflected Cross-Site Scripting vulnerability
7.1
9 hours ago
ReviewX
<= 2.2.10
WordPress ReviewX - WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin <= 2.2.10 - Incorrect Authorization to Unauthenticated Information Exposure and Data Manipulation vulnerability
6.5
9 hours ago
Task Manager
<= 3.0.2
Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'task_id' Parameter vulnerability
6.5
10 hours ago
WP-WebAuthn
<= 1.3.4
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
10 hours ago
Load more