The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total49,294
Mitigations15,929
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
All-in-One Video Gallery<= 4.8.5
Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
6.4
7 hours ago
WP Hotel Booking<= 2.3.1
Reflected Cross-Site Scripting vulnerability
7.1
7 hours ago
Hide My WP Lite<= 1.3
Unauthenticated Path Traversal to Arbitrary File Read vulnerability
7.5
7 hours ago
UsersWP<= 1.2.65
Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
8.8
8 hours ago
Super Forms<= 6.3.313
Unauthenticated Arbitrary File Upload vulnerability
10
8 hours ago
LoginPress Pro<= 6.2.3
Unauthenticated Authentication Bypass vulnerability
8.1
8 hours ago
LoginPress Pro<= 6.2.3
Unauthenticated Authentication Bypass vulnerability
8.1
8 hours ago
LoginPress Pro<= 6.2.3
Unauthenticated Authentication Bypass vulnerability
8.1
8 hours ago
Mail Mint<= 1.24.1
Authenticated (Administrator+) SQL Injection vulnerability
7.6
17 hours ago
Logo Slider<= 5.5
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
17 hours ago
KiviCare<= 4.4.0
Missing Authorization to Unauthenticated Payment Bypass and Appointment Status Manipulation vulnerability
5.3
17 hours ago
JoomSport<= 5.7.9
Authenticated (Contributor+) SQL Injection vulnerability
6.5
17 hours ago
Jeg Elementor Kit<= 3.2.6
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
17 hours ago
Invoice123<= 1.7.0
Missing Authorization to Authenticated (Subscriber+) Setting Modification vulnerability
4.3
17 hours ago
Import and export users and customers<= 2.4.0
Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
4.3
18 hours ago
Hostel<= 1.1.7
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
18 hours ago
Highlighting Code Block<= 2.2.0
Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
5.9
18 hours ago
Happyforms<= 1.26.12
Authenticated (Admin+) Local File Inclusion vulnerability
6.6
18 hours ago
GW AI Website Builder<= 1.0.1
Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion vulnerability
4.3
18 hours ago
GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference<= 1.1.8
Cross-Site Request Forgery to Google Meet Credential Reset vulnerability
4.3
18 hours ago