The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,320

Mitigation rules13,157

No official fix9,853

In triage1,651

Published soon9

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
g-FFL Cockpit<= 1.7.1 Improper Authorization to Unauthenticated Product Deletion vulnerability	5.3	41 minutes ago
CSS3 Buttons<= 0.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	42 minutes ago
List Attachments Shortcode<= 0.4.1a Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode vulnerability	5.9	45 minutes ago
WP Landing Page<= 0.9.3 Cross-Site Request Forgery to Arbitrary Post Meta Update vulnerability	4.3	52 minutes ago
Listar – Directory Listing & Classifieds<= 3.0.0 Missing Authorization to Authenticated (Subscriber+) Listing Update vulnerability	5.4	54 minutes ago
Helloprint<= 2.1.2 Missing Authorization to Unauthenticated Arbitrary Order Status Modification vulnerability	5.3	1 hour ago
Search, Filters & Merchandising for WooCommerce<= 3.0.63 Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation vulnerability	5.4	1 hour ago
Ultra Skype Button<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_id' Shortcode Attribute vulnerability	6.5	1 hour ago
TR Timthumb<= 1.0.4 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	1 hour ago
Yet Another WebClap for WordPress<= 0.2 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	1 hour ago
weDocs<= 2.1.14 Missing Authorization to Settings Update vulnerability	5.4	1 hour ago
Nouri.sh Newsletter<= 1.0.1.3 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	16 hours ago
Jabbernotification<= 0.99-RC2 Reflected Cross-Site Scripting via admin.php PATH_INFO vulnerability	7.1	17 hours ago
Time Sheets<= 2.1.3 Use of Known Vulnerable Component vulnerability	7.2	17 hours ago
Twitscription<= 0.1.1 Reflected Cross-Site Scripting via admin.php PATH_INFO vulnerability	7.1	17 hours ago
dream gallery<= 1.0 Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action vulnerability	7.1	17 hours ago
WP-SOS-Donate<= 0.9.2 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	17 hours ago
My auctions allegro<= 3.6.32 Unauthenticated Local File Inclusion via controller vulnerability	8.1	17 hours ago
My auctions allegro<= 3.6.32 Unauthenticated SQL Injection via auction_id vulnerability	9.3	17 hours ago
User Verification<= 2.0.39 Authentication Bypass to Account Takeover vulnerability	9.8	17 hours ago