Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
49,427
Mitigations
Mitigation rules
15,963
No official patch
13,057
In triage
1,372
Published soon
11
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
Ultimate Member
<= 2.10.1
SQL Injection vulnerability
9.3
12 minutes ago
GEO my WordPress
<= 4.5.4
Unauthenticated SQL Injection vulnerability
9.3
20 minutes ago
Under Construction
<= 5.76
Arbitrary File Download vulnerability
6.5
25 minutes ago
WordPress Social Login and Register
<= 7.7.0
Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability
9.8
2 hours ago
Planyo online reservation system
<= 3.0
Unauthenticated Server-Side Request Forgery vulnerability
7.2
22 hours ago
Form Vibes – Database Manager for Forms
<= 1.5.2
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
22 hours ago
WP Hotel Booking
<= 2.3.1
Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability
5.3
22 hours ago
Code Engine
<= 0.3.5
Authenticated (Contributor+) Remote Code Execution vulnerability
9.9
22 hours ago
Essential Addons for Elementor
<= 6.6.10
Authenticated (Contributor+) Account Takeover vulnerability
8.8
23 hours ago
SEO Plugin by Squirrly SEO
<= 14.0.0
Unauthenticated Arbitrary Post Creation and Stored Cross-Site Scripting vulnerability
7.2
1 day ago
wpForo Forum
<= 3.1.1
Cross Site Scripting (XSS) vulnerability
6.5
1 day ago
Motors
<= 1.4.112
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
Majestic Support
<= 1.1.9
SQL Injection vulnerability
8.5
1 day ago
Simple JWT Login
<= 3.6.6
Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation vulnerability
8.8
1 day ago
SureCart
<= 4.2.3
Unauthenticated Linked WordPress Account Takeover vulnerability
8.1
1 day ago
Instant Appointment
<= 1.2
Unauthenticated Arbitrary File Upload vulnerability
10
1 day ago
WP Ultimate CSV Importer
<= 8.0.1
Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability
10
1 day ago
@andrea9293/mcp-documentation-server
1.13.0
NPM: @andrea9293/mcp-documentation-server: Web UI API binds to all interfaces without authentication by default
8.8
1 day ago
systeminformation
<= 5.31.6
NPM: systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
8.7
1 day ago
dd-trace
< 5.100.0
NPM: dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS
7.5
1 day ago
Load more