The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total39,408

MitigationsMitigation rules14,671

No official patch11,207

In triage1,321

Published soon54

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
EmailKit<= 1.6.3 Authenticated (Administrator+) Path Traversal via 'emailkit-editor-template' REST API Parameter vulnerability	4.9	1 day ago
Contact List<= 3.0.18 Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter vulnerability	6.5	1 day ago
Keep Backup Daily<= 2.1.2 Authenticated (Admin+) Stored Cross-Site Scripting via Backup Title vulnerability	5.9	1 day ago
Keep Backup Daily<= 2.1.1 Authenticated (Admin+) Limited Path Traversal via 'kbd_path' Parameter vulnerability	2.7	1 day ago
Alt Manager<= 1.8.2 Authenticated (Author+) Stored Cross-Site Scripting via Post Title vulnerability	5.9	1 day ago
Premmerce Redirect Manager<= 1.0.12 Broken Access Control vulnerability	6.5	2 days ago
Scape< 1.5.16 Arbitrary File Deletion vulnerability	8.6	2 days ago
Fusion Builder< 3.15.0 Reflected Cross Site Scripting (XSS) vulnerability	7.1	2 days ago
Taboola Pixel<= 1.1.4 Reflected Cross Site Scripting (XSS) vulnerability	7.1	2 days ago
Restrict Content<= 3.2.22 Broken Access Control vulnerability	7.5	2 days ago
Product Rearrange for WooCommerce<= 1.2.2 SQL Injection vulnerability	9.3	2 days ago
Product Rearrange for WooCommerce<= 1.2.2 Broken Access Control vulnerability	8.2	2 days ago
KiviCare<= 4.1.2 WordPress KiviCare - Clinic & Patient Management System (EHR) plugin <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token vulnerability	9.8	2 days ago
KiviCare<= 4.1.2 Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard vulnerability	8.2	2 days ago
Post SMTP<= 3.8.0 Unauthenticated Stored Cross-Site Scripting via 'event_type' vulnerability	7.1	2 days ago
Slimstat Analytics<= 5.3.5 Unauthenticated Stored Cross-Site Scripting via 'fh' vulnerability	7.1	2 days ago
Restrict Content<= 3.2.24 WordPress Membership Plugin - Restrict Content plugin <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect vulnerability	4.3	2 days ago
Simply Schedule Appointments<= 1.6.10.0 Unauthenticated SQL Injection via 'fields' Parameter vulnerability	9.3	2 days ago
Aimogen Pro<= 2.7.5 Unauthenticated Privilege Escalation via Arbitrary Function Call vulnerability	9.8	2 days ago
ilGhera Carta Docente for WooCommerce<= 1.5.0 Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter vulnerability	6.5	2 days ago