Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,656
Mitigations
Mitigation rules
14,809
No official patch
11,252
In triage
1,571
Published soon
1
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Webmention
<= 5.6.2
Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
6.4
3 hours ago
MW WP Form
<= 5.1.0
Unauthenticated Arbitrary File Move via move_temp_file_to_upload_dir vulnerability
8.1
4 hours ago
W3 Total Cache
<= 2.9.3
Unauthenticated Security Token Exposure via User-Agent Header vulnerability
7.5
4 hours ago
Order Listener for WooCommerce
< 3.6.3
Unauthenticated WooCommerce REST Permission Bypass vulnerability
7.5
5 hours ago
Webmention
<= 5.6.2
Unauthenticated Blind Server-Side Request Forgery vulnerability
5.4
10 hours ago
Export All URLs
< 5.1
Unauthenticated Sensitive Data Exposure vulnerability
5.3
11 hours ago
Query Monitor
<= 3.20.3
Reflected Cross-Site Scripting via Request URI vulnerability
7.1
1 day ago
Ultimate Addons for WPBakery Page Builder
< 3.21.4
Cross Site Scripting (XSS) vulnerability
6.5
1 day ago
King Addons for Elementor
<= 51.1.53
Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets vulnerability
6.5
1 day ago
Contact Form Entries
<= 1.4.9
Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode vulnerability
4.3
1 day ago
Shortcodes Ultimate
<= 7.4.10
WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute vulnerability
6.5
1 day ago
Amelia
<= 2.1.2
Authenticated (Manager+) SQL Injection via 'sort' Parameter vulnerability
8.5
1 day ago
Performance Monitor
<= 1.0.6
Unauthenticated Blind SSRF vulnerability
5.4
1 day ago
Minify HTML
<= 2.1.12
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
1 day ago
Profile Builder
<= 3.15.5
WordPress User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field vulnerability
4.3
1 day ago
Auto Post Scheduler
<= 1.84
Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page vulnerability
7.1
2 days ago
WooCommerce Payments
<= 10.5.1
Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax vulnerability
6.5
2 days ago
Kubio AI Page Builder
<= 2.7.0
Cross Site Scripting (XSS) vulnerability
6.5
2 days ago
Loco Translate
<= 2.8.2
Reflected Cross-Site Scripting via 'update_href' Parameter vulnerability
7.1
2 days ago
Oxygen
<= 6.0.8
Unauthenticated Server-Side Request Forgery via route_path vulnerability
7.2
2 days ago
Load more