The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total37,487

MitigationsMitigation rules13,772

No official fix10,778

In triage1,257

Published soon1

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
cits-support-svg-webp-media-upload<= 4.2 Cross-Site Request Forgery to Settings Update vulnerability	4.3	Just now
LazyTasks<= 1.2.29 Missing Authorization to Uanuthenticated Privilege Escalation vulnerability	9.8	3 minutes ago
CRM Memberships<= 2.5 Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint vulnerability	9.8	4 minutes ago
Featured Image from URL<= 5.2.7 Authenticated (Admin+) SQL Injection vulnerability	7.6	20 minutes ago
Memberlite Shortcodes<= 1.4 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	21 minutes ago
Cookie Notice & Compliance for GDPR / CCPA<= 2.5.8 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	46 minutes ago
VK All in One Expansion Unit<= 9.112.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	48 minutes ago
JetFormBuilder<= 3.5.3 Missing Authorization to Unauthenticated Form Generation vulnerability	5.3	54 minutes ago
Double the Donation<= 3.0.0 Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	5.9	55 minutes ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.3.1 Missing Authorization to Authenticated (Subscriber+) Ticket Restore vulnerability	4.3	56 minutes ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.3.1 Missing Authorization to Authenticated (Subscriber+) Trash Restore vulnerability	4.3	56 minutes ago
Course Booking System<= 6.1.5 Missing Authorization to Unauthenticated Booking Data Export vulnerability	5.3	2 hours ago
Return Refund and Exchange For WooCommerce<= 4.5.5 Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation vulnerability	4.3	2 hours ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.3.1 Missing Authorization to Authenticated (Subscriber+) Trash Empty vulnerability	4.3	2 hours ago
CubeWP<= 1.1.27 Unauthenticated Information Exposure vulnerability	5.3	2 hours ago
EPROLO Dropshipping<= 2.3.1 Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification vulnerability	4.3	2 hours ago
Hide Categories Or Products On Shop Page<= 1.0.7 Cross-Site Request Forgery to Settings Update vulnerability	4.3	2 hours ago
XCloner<= 4.8.2 Cross-Site Request Forgery in Xcloner_Remote_Storage:save() vulnerability	4.3	2 hours ago
Omnipress<= 1.6.5 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	2 hours ago
Webcake<= 1.1 Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability	4.3	2 hours ago