The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,249

Mitigation rules13,130

No official fix9,835

In triage1,492

Published soon10

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Kadence WooCommerce Email Designer<= 1.5.17 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	7 hours ago
WP 2FA<= 2.9.3 2-Factor Authentication Bypass vulnerability	5.3	7 hours ago
Broken Link Manager<= 0.6.5 Reflected Cross-Site Scripting vulnerability	7.1	7 hours ago
WP Social Ninja<= 3.20.3 Unauthenticated Stored Cross-Site Scripting via External Content Import vulnerability	7.1	7 hours ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.3.2 Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action vulnerability	8.8	8 hours ago
WordPress eCommerce Plugin – Studiocart<= 2.9.0 Reflected Cross-Site Scripting vulnerability	7.1	8 hours ago
TAX SERVICE Electronic HDM<= 1.2.0 Unauthenticated Arbitrary SQL Injection vulnerability	9.3	8 hours ago
Backup Migration<= 1.4.9 Information Exposure to Unauthenticated Back-up Download vulnerability	7.5	8 hours ago
Cost Calculator Builder<= 3.6.3 Unauthenticated Arbitrary File Deletion vulnerability	8.6	9 hours ago
StreamTube Core<= 4.78 Unauthenticated Arbitrary User Password Change vulnerability	9.8	9 hours ago
WP Directory Kit<= 1.4.6 Authenticated (Admin+) SQL Injection vulnerability	7.6	18 hours ago
VikRentCar<= 1.4.4 Authenticated (Author+) SQL Injection via 'month' Parameter vulnerability	7.6	18 hours ago
Beaver Builder<= 2.9.4 Missing Authorization to Authenticated (Contributor+) Global Preset Modification vulnerability	5.4	18 hours ago
Zigaform – Price Calculator & Cost Estimation Form Builder Lite<= 7.6.5 Unauthenticated Form Submission Data Disclosure in rocket_front_payment_seesummary AJAX Endpoint vulnerability	5.3	18 hours ago
Photo Gallery by Ays<= 6.4.8 Cross-Site Request Forgery to Bulk Actions vulnerability	4.3	18 hours ago
Visualizer<= 3.11.12 Authenticated (Contributor+) SQL Injection vulnerability	8.5	18 hours ago
WP Front User Submit / Front Editor<= 4.9.5 Open Redirect vulnerability	4.7	18 hours ago
WP Ultimate Exporter<= 2.19 Cross-Site Request Forgery to Sensitive Information Exposure vulnerability	4.3	18 hours ago
BlockArt Blocks<= 2.2.13 Authenticated (Contributor+) Stored Cross-Site Scripting via `timestamp` Attribute vulnerability	6.5	19 hours ago
Arconix Shortcodes<= 2.1.19 Cross Site Scripting (XSS) vulnerability	6.5	1 day ago