The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total46,481

MitigationsMitigation rules15,080

No official patch13,378

In triage1,450

Published soon7

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
LatePoint<= 5.4.1 Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability vulnerability	8.8	5 hours ago
TheGem Theme Elements (for Elementor)< 5.12.1.1 Cross Site Scripting (XSS) vulnerability	6.5	5 hours ago
Highland Software Custom Role Manager<= 1.0.0 Authenticated (Subscriber+) Privilege Escalation vulnerability	8.8	6 hours ago
Templately<= 3.6.1 Sensitive Data Exposure vulnerability	7.7	8 hours ago
myCred<= 3.0.3 Broken Access Control vulnerability	6.5	2 days ago
Groundhogg< 4.4.1 Broken Access Control vulnerability	6.5	2 days ago
HT Mega< 3.0.7 Unauthenticated PII Disclosure vulnerability	7.5	3 days ago
Drag and Drop File Upload for Contact Form 7<= 1.1.3 Unauthenticated Arbitrary File Upload vulnerability	8.1	3 days ago
reCaptcha by WebDesignBy< 2.0 Admin+ Stored XSS vulnerability	5.9	3 days ago
KiviCare<= 4.2.1 Insecure Direct Object References (IDOR) vulnerability	6.3	3 days ago
ITERAS<= 1.8.2 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	3 days ago
HubSpot<= 11.3.32 Forms, Popups, Live Chat plugin <= 11.3.32 - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure vulnerability	4.3	3 days ago
Liaison Site Prober<= 1.2.1 Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint vulnerability	5.3	3 days ago
Taqnix<= 1.0.3 Cross-Site Request Forgery to Account Deletion vulnerability	4.3	3 days ago
Books Gallery<= 4.8.0 Missing Authorization to Unauthenticated Settings Update vulnerability	5.3	3 days ago
Royal Elementor Addons<= 1.7.1056 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	4 days ago
Booking Calendar Contact Form<= 1.2.63 Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover vulnerability	4.3	4 days ago
ExactMetrics<= 9.1.2 Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval vulnerability	4.3	4 days ago
BetterDocs<= 4.3.11 Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage vulnerability	4.3	4 days ago
MaxiBlocks<= 2.1.8 Missing Authorization to Authenticated (Author+) Media File Deletion vulnerability	3.8	4 days ago