Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
47,765
Mitigations
Mitigation rules
15,397
No official patch
13,005
In triage
1,551
Published soon
17
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
<= 2.0.8
SQL Injection vulnerability
8.5
04/06/2026
Sunshine Photo Cart
<= 3.6.7
Broken Access Control vulnerability
6.3
02/06/2026
SePay Gateway
<= 1.1.20
Sensitive Data Exposure vulnerability
6.5
02/06/2026
Tiled Gallery Carousel Without JetPack
<= 3.1
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
8 hours ago
Easy Cart
<= 1.8
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
8 hours ago
ZeM STL
<= 1.0
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
8 hours ago
BirdSeed
<= 2.2.0
Cross-Site Request Forgery vulnerability
4.3
8 hours ago
Word Replacer
<= 0.4
Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
5.9
8 hours ago
WP Nano AD
<= 1.31
Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
5.9
8 hours ago
DeMomentSomTres Shortcodes
<= 1.1.1
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
8 hours ago
Remove NoFollow Commenter URL
<= 1.0
Cross-Site Request Forgery to Settings Update vulnerability
4.3
8 hours ago
Google Plus One Bottom
<= 0.0.2
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
8 hours ago
Laiser Tag
<= 1.2.5
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
8 hours ago
JTL-Connector for WooCommerce
<= 2.4.1
Missing Authorization to Authenticated (Subscriber+) Settings Modification vulnerability
4.3
8 hours ago
Tectite Forms
<= 1.3
Cross-Site Request Forgery to Settings Update vulnerability
4.3
8 hours ago
Remove meta boxes per user role
<= 1.01
Cross-Site Request Forgery to Settings Update vulnerability
4.3
8 hours ago
Kirki – Freeform Page Builder, Website Builder & Customizer
6.0.0-6.0.6
Unauthenticated Privilege Escalation via 'handle_forgot_password' vulnerability
9.8
11 hours ago
Gravity Forms
<= 2.10.0.1
Arbitrary File Deletion vulnerability
9.6
14 hours ago
LearnPress
<= 4.3.6
Reflected Cross Site Scripting (XSS) vulnerability
7.1
14 hours ago
Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)
<= 4.9
Authenticated (Author+) Stored Cross-Site Scripting vulnerability
5.9
15 hours ago
Load more