The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total34,954

Mitigation rules12,994

No official fix9,752

In triage1,269

Published soon4

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Pet-Manager – Petfinder<= 3.6.1 Authenticated (Contributor+) Stored Cross-Site Scripting via kwm-petfinder Shortcode vulnerability	6.5	Just now
SiteSEO<= 1.3.2 Improper Authorization to Authenticated Settings Reset vulnerability	5.3	2 minutes ago
Community Events<= 1.5.4 Unauthenticated SQL Injection vulnerability	9.3	4 minutes ago
WSChat<= 3.1.6 Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability	5.4	5 minutes ago
Time Slot<= 1.4.7 Unauthenticated Arbitrary Email Sending vulnerability	5.3	9 minutes ago
WP Login and Register using JWT<= 3.0.0 Missing Authorization to Authenticated (Subscriber+) API Key Exposure vulnerability	4.3	10 minutes ago
Responsive Lightbox<= 2.5.3 Authenticated (Author+) Server-Side Request Forgery vulnerability	5.4	30 minutes ago
Profile Builder<= 3.14.8 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	36 minutes ago
Email Subscribers & Newsletters<= 5.9.10 Missing Authentication to Unauthenticated Mailing Queue Trigger vulnerability	5.3	45 minutes ago
Quiz Maker<= 6.7.0.80 Unauthenticated Sensitive Information Exposure vulnerability	5.3	46 minutes ago
New User Approve<= 3.0.9 Unauthenticated Sensitive Information Disclosure via Type Juggling vulnerability	5.3	48 minutes ago
Royal Elementor Addons<= 1.7.1036 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	1 hour ago
YITH WooCommerce Wishlist<= 4.10.0 Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion vulnerability	5.3	1 hour ago
YITH WooCommerce Wishlist<= 4.10.0 Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename vulnerability	5.3	1 hour ago
wModes<= 1.2.2 Missing Authorization to Sensitive Information Disclosure vulnerability	4.3	1 hour ago
Pixel Manager for WooCommerce<= 1.49.2 Unauthenticated Information Exposure vulnerability	5.3	18 hours ago
Icon List Block<= 1.2.1 Authenticated (Subscriber+) Server-Side Request Forgery vulnerability	6.4	18 hours ago
AI Engine<= 3.1.8 Authenticated (Editor+) Server-Side Request Forgery vulnerability	5.5	18 hours ago
WP Duplicate Page<= 1.7 Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability	4.3	18 hours ago
WP Migrate Lite<= 2.7.6 Unauthenticated Blind Server-Side Request Forgery vulnerability	7.2	18 hours ago