The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total49,265
Mitigations15,918
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
UsersWP<= 1.2.65
Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
8.8
8 minutes ago
Super Forms<= 6.3.313
Unauthenticated Arbitrary File Upload vulnerability
10
26 minutes ago
LoginPress Pro<= 6.2.3
Unauthenticated Authentication Bypass vulnerability
8.1
34 minutes ago
LoginPress Pro<= 6.2.3
Unauthenticated Authentication Bypass vulnerability
8.1
38 minutes ago
LoginPress Pro<= 6.2.3
Unauthenticated Authentication Bypass vulnerability
8.1
41 minutes ago
BetterDocs<= 4.6.0
Authenticated (Custom+) SQL Injection vulnerability
8.5
11 hours ago
Salon booking system<= 10.30.32
Cross-Site Request Forgery to Remote Code Execution vulnerability
8.8
14 hours ago
Post Export Import with Media<= 1.13.1
Authenticated (Administrator+) Arbitrary File Upload vulnerability
7.2
14 hours ago
WPCafe<= 3.0.14
Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability
5.4
15 hours ago
FluentForm<= 6.2.1
Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Subscription Cancellation vulnerability
5.4
16 hours ago
@jsonbored/gittensory-mcp<= 0.1.0
NPM: Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
6.5
16 hours ago
Eventer<= 4.4.2
Unauthenticated SQL Injection vulnerability
9.3
20 hours ago
Eventer<= 4.4.2
Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation vulnerability
9.3
21 hours ago
Simple Coherent Form<= 2.4.13
Unauthenticated Arbitrary File Deletion vulnerability
9.1
21 hours ago
Jssor Slider by jssor.com<= 3.1.24
Unauthenticated Arbitrary File Read vulnerability
7.5
21 hours ago
Backstage<= 1.4.2
Unauthenticated Privilege Escalation vulnerability
7.5
21 hours ago
多说社会化评论框<= 1.2
Unauthenticated Privilege Escalation vulnerability
8.8
21 hours ago
Widget Logic Visual<= 1.52
Authenticated (Subscriber+) Remote Code Execution vulnerability
8.8
21 hours ago
waku<= 1.0.0-beta.0
NPM: Waku has an Open Redirect via `unstable_redirect` Helper
3.1
1 day ago
waku<= 1.0.0-beta.0
NPM: Waku: Cross-Origin CSRF on RSC Server Action Dispatch
6.5
1 day ago