The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total49,430
Mitigations15,968
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
mcp-memory-keeper< 0.13.0
NPM: mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath
6.2
19 minutes ago
@tak-ps/cloudtak<= 13.5.0
NPM: TAK-PS-Stats Web UI: Authenticated full-read SSRF in CloudTAK basemap import (PUT /api/basemap) — no IP-classification guard
5
40 minutes ago
WordPress<= 7.0.1
Unauthenticated REST API Batch Request Handler Confusion
9.1
1 hour ago
WordPress<= 7.0.1
Unauthenticated SQL Injection vulnerability
9.8
1 hour ago
rtMedia for WordPress, BuddyPress and bbPress<= 4.6.18
SQL Injection vulnerability
8.5
9 hours ago
SureForms<= 2.2.1
Broken Access Control vulnerability
7.5
9 hours ago
Booking calendar, Appointment Booking System<= 3.2.17
SQL Injection vulnerability
9.3
9 hours ago
Ultimate Member<= 2.10.1
SQL Injection vulnerability
9.3
10 hours ago
GEO my WordPress<= 4.5.4
Unauthenticated SQL Injection vulnerability
9.3
10 hours ago
Under Construction<= 5.76
Arbitrary File Download vulnerability
6.5
10 hours ago
WordPress Social Login and Register<= 7.7.0
Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability
9.8
12 hours ago
Planyo online reservation system<= 3.0
Unauthenticated Server-Side Request Forgery vulnerability
7.2
1 day ago
Form Vibes – Database Manager for Forms<= 1.5.2
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
WP Hotel Booking<= 2.3.1
Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability
5.3
1 day ago
Code Engine<= 0.3.5
Authenticated (Contributor+) Remote Code Execution vulnerability
9.9
1 day ago
Essential Addons for Elementor<= 6.6.10
Authenticated (Contributor+) Account Takeover vulnerability
8.8
1 day ago
SEO Plugin by Squirrly SEO<= 14.0.0
Unauthenticated Arbitrary Post Creation and Stored Cross-Site Scripting vulnerability
7.2
1 day ago
wpForo Forum<= 3.1.1
Cross Site Scripting (XSS) vulnerability
6.5
1 day ago
Motors<= 1.4.112
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
Majestic Support<= 1.1.9
SQL Injection vulnerability
8.5
1 day ago