The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total40,172

MitigationsMitigation rules14,980

No official patch11,313

In triage1,390

Published soon1

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Hostel<= 1.1.6 Reflected Cross-Site Scripting via 'shortcode_id' Parameter vulnerability	7.1	41 minutes ago
Youzify<= 1.3.6 Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter vulnerability	6.5	43 minutes ago
Easy Appointments<= 3.12.21 Unauthenticated Sensitive Information Exposure via REST API vulnerability	7.5	48 minutes ago
Drag and Drop Multiple File Upload – Contact Form 7<= 1.3.9.6 Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass vulnerability	8.1	1 hour ago
Drag and Drop Multiple File Upload – Contact Form 7<= 1.3.9.6 Unauthenticated Limited Arbitrary File Read via mfile Field vulnerability	7.5	1 hour ago
WP Customer Area<= 8.3.4 Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file vulnerability	8.8	1 hour ago
CMP – Coming Soon & Maintenance<= 4.1.16 WordPress CMP - Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution vulnerability	7.2	10 hours ago
Ultimate Flipbox Addon for Elementor<= 2.0.8 Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes vulnerability	5.9	10 hours ago
Pz-LinkCard<= 2.5.8.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	11 hours ago
WpStream< 4.11.2 Arbitrary File Upload vulnerability	5.4	3 days ago
FluentForm6.1.21 WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability	5.3	3 days ago
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 2.0.6 Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal vulnerability	7.5	3 days ago
wpForo Forum<= 2.4.16 Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability	6.5	3 days ago
WP Statistics<= 14.16.4 Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation vulnerability	6.5	3 days ago
WP Statistics<= 14.16.4 Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter vulnerability	7.1	3 days ago
MasterStudy LMS<= 3.7.25 Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability	8.5	3 days ago
DirectoryPress<= 3.6.26 WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin <= 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability	9.3	3 days ago
WowShipping Pro< 1.0.8 Backdoor vulnerability	10	3 days ago
CMS für Motorrad Werkstätten<= 1.0.0 Cross-Site Request Forgery vulnerability	4.3	3 days ago
Canto<= 3.1.1 Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification vulnerability	4.3	3 days ago