The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,228

Mitigation rules13,123

No official fix9,836

In triage1,437

Published soon14

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Nextend Facebook Connect <= 3.1.21 Cross-Site Request Forgery to Unlink User Social Login vulnerability	4.3	1 day ago
Reuters Direct<= 3.0.0 Missing Authorization to Unauthenticated Settings Reset vulnerability	5.3	1 day ago
Analytics Germanized for Google Analytics<= 1.6.2 Cross Site Scripting (XSS) vulnerability	6.5	2 days ago
Subscriptions & Memberships for PayPal<= 1.1.7 Broken Access Control vulnerability	5.3	2 days ago
FluentCommunity<= 2.0.0 Broken Access Control vulnerability	4.3	2 days ago
Gutenverse<= 3.2.1 Broken Access Control vulnerability	6.5	2 days ago
Gutenverse Form<= 2.2.0 Broken Access Control vulnerability	6.5	2 days ago
Bold Page Builder<= 5.5.2 Cross Site Scripting (XSS) vulnerability	6.5	3 days ago
Unlimited Elements for Elementor (Premium)<= 2.0 Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability	7.1	3 days ago
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 2.0 Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability	7.1	3 days ago
AI ChatBot with ChatGPT and Content Generator by AYS<= 2.7.0 Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter vulnerability	7.2	3 days ago
PowerPress Podcasting<= 11.15.2 Authenticated (Contributor+) Arbitrary File Upload via 'powerpress_edit_post' vulnerability	9.9	3 days ago
KiviCare<= 3.6.13 SQL Injection vulnerability	8.5	3 days ago
WP Directory Kit<= 1.4.5 Reflected Cross-Site Scripting via 'order_by' Parameter vulnerability	7.1	3 days ago
Customer Reviews Collector for WooCommerce<= 4.6.1 Reflected Cross-Site Scripting vulnerability	7.1	3 days ago
Simple Folio<= 1.1.0 Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability	6.5	3 days ago
Houzez<= 4.1.6 Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability	7.1	3 days ago
Folders<= 3.1.5 Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation vulnerability	4.3	3 days ago
SKT PayPal for WooCommerce<= 1.4 Unauthenticated Payment Bypass vulnerability	7.5	3 days ago
Tiare Membership<= 1.2 Unauthenticated Privilege Escalation vulnerability	9.8	3 days ago