Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,467
Mitigations
Mitigation rules
14,079
No official fix
10,960
In triage
1,232
Published soon
33
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Business Directory
<= 6.4.20
Missing Authorization to Unauthenticated Arbitrary Listing Modification vulnerability
5.3
1 minute ago
EventPrime
<= 4.2.8.4
Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter vulnerability
4.3
2 minutes ago
WP-DownloadManager
<= 1.69
Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter vulnerability
2.7
3 minutes ago
Dam Spam
<= 1.0.8
Cross-Site Request Forgery to Arbitrary Pending Comment Deletion vulnerability
4.3
4 minutes ago
YayMail – WooCommerce Email Customizer
<= 4.3.2
Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability
2.7
6 minutes ago
Kali Forms
<= 2.4.8
Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure vulnerability
4.3
7 minutes ago
YayMail – WooCommerce Email Customizer
<= 4.3.2
Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation vulnerability
2.7
8 minutes ago
YayMail – WooCommerce Email Customizer
<= 4.3.2
Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements vulnerability
5.9
11 minutes ago
YayMail – WooCommerce Email Customizer
<= 4.3.2
Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action vulnerability
7.2
12 minutes ago
Private Comment
<= 0.0.4
Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting vulnerability
5.9
23 minutes ago
InteractiveCalculator for WordPress
<= 1.0.3
Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability
6.5
24 minutes ago
Cart All In One For WooCommerce
<= 1.1.21
Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting vulnerability
7.2
34 minutes ago
Gutenberg Blocks by Kadence Blocks
<= 3.6.1
Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter vulnerability
4.3
37 minutes ago
Gutenberg Blocks by Kadence Blocks
<= 3.6.1
Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload vulnerability
4.3
37 minutes ago
Taskbuilder
<= 5.0.2
Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation vulnerability
4.3
38 minutes ago
WooCommerce PDF Invoices & Packing Slips
<= 5.6.0
Missing Authorization to Authenticated (Subscriber+) Peppol Identifier Modification vulnerability
4.3
40 minutes ago
Keybase.io Verification
<= 1.4.5
Cross-Site Request Forgery to Settings Update vulnerability
4.3
40 minutes ago
Restrict Content
<= 3.2.18
WordPress Membership Plugin - Restrict Content plugin <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings vulnerability
5.9
43 minutes ago
WP Plugin Info Card
<= 6.2.0
Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation vulnerability
4.3
43 minutes ago
VK All in One Expansion Unit
<= 9.112.3
Authenticated (Contributor+) Stored Cross-Site Scripting via SNS Title vulnerability
6.5
47 minutes ago
Load more