The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total34,986

Mitigation rules13,019

No official fix9,772

In triage1,300

Published soon4

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Giveaways and Contests by RafflePress<= 1.12.19 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	10 hours ago
GiveWP<= 4.13.0 WordPress GiveWP - Donation plugin and Fundraising Platform plugin <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' vulnerability	7.1	10 hours ago
Code Snippets<= 3.9.1 Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains vulnerability	8.5	10 hours ago
Amelia1.2.18-1.2.36 WordPress Amelia plugin - 1.2.18-1.2.36 - Unauthenticated Sensitive Information Exposure vulnerability	5.3	10 hours ago
SiteSEO<= 1.3.2 Insecure Direct Object Reference to Sensitive Post Meta Disclosure vulnerability	4.3	10 hours ago
SureForms<= 1.13.1 Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution vulnerability	4.3	10 hours ago
WP Ultimate CSV Importer<= 7.33.1 Authenticated (Administrator+) PHP Object Injection via CSV Import vulnerability	7.2	10 hours ago
Directorist<= 8.5.2 Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update vulnerability	6.5	10 hours ago
Pet-Manager – Petfinder<= 3.6.1 Authenticated (Contributor+) Stored Cross-Site Scripting via kwm-petfinder Shortcode vulnerability	6.5	10 hours ago
SiteSEO<= 1.3.2 Improper Authorization to Authenticated Settings Reset vulnerability	5.3	10 hours ago
Community Events<= 1.5.4 Unauthenticated SQL Injection vulnerability	9.3	10 hours ago
WSChat<= 3.1.6 Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability	5.4	10 hours ago
Time Slot<= 1.4.7 Unauthenticated Arbitrary Email Sending vulnerability	5.3	10 hours ago
WP Login and Register using JWT<= 3.0.0 Missing Authorization to Authenticated (Subscriber+) API Key Exposure vulnerability	4.3	10 hours ago
Responsive Lightbox<= 2.5.3 Authenticated (Author+) Server-Side Request Forgery vulnerability	5.4	11 hours ago
Profile Builder<= 3.14.8 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	11 hours ago
Email Subscribers & Newsletters<= 5.9.10 Missing Authentication to Unauthenticated Mailing Queue Trigger vulnerability	5.3	11 hours ago
Quiz Maker<= 6.7.0.80 Unauthenticated Sensitive Information Exposure vulnerability	5.3	11 hours ago
New User Approve<= 3.0.9 Unauthenticated Sensitive Information Disclosure via Type Juggling vulnerability	5.3	11 hours ago
Royal Elementor Addons<= 1.7.1036 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	11 hours ago