Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,483
Mitigations
Mitigation rules
14,085
No official fix
10,956
In triage
1,240
Published soon
31
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Download Manager
<= 3.3.46
Reflected Cross-Site Scripting via 'redirect_to' Parameter vulnerability
7.1
14 minutes ago
ShopLentor
<= 3.3.2
Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action vulnerability
8.6
18 minutes ago
Rent Fetch
<= 0.32.6
Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter vulnerability
7.1
27 minutes ago
WPNakama
<= 0.6.5
Unauthenticated SQL Injection via 'order' REST API Parameter vulnerability
9.3
1 hour ago
Taskbuilder
<= 5.0.2
Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters vulnerability
8.5
1 hour ago
Business Directory
<= 6.4.21
Unauthenticated SQL Injection via payment Parameter vulnerability
9.3
1 hour ago
RegistrationMagic
<= 6.0.6.9
WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment vulnerability
5.3
7 hours ago
Complianz
<= 7.4.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
7 hours ago
User Submitted Posts
<= 20260113
Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter vulnerability
5.3
7 hours ago
Video Share VOD
<= 2.7.11
Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values vulnerability
6.5
7 hours ago
SiteOrigin Widgets Bundle
<= 1.70.4
Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability
5.4
7 hours ago
Community Events
<= 1.5.7
Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter vulnerability
5.9
7 hours ago
WP Event Aggregator
<= 1.8.7
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
7 hours ago
Business Directory
<= 6.4.20
Missing Authorization to Unauthenticated Arbitrary Listing Modification vulnerability
5.3
7 hours ago
EventPrime
<= 4.2.8.4
Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter vulnerability
4.3
7 hours ago
WP-DownloadManager
<= 1.69
Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter vulnerability
2.7
7 hours ago
Dam Spam
<= 1.0.8
Cross-Site Request Forgery to Arbitrary Pending Comment Deletion vulnerability
4.3
7 hours ago
YayMail – WooCommerce Email Customizer
<= 4.3.2
Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability
2.7
7 hours ago
Kali Forms
<= 2.4.8
Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure vulnerability
4.3
7 hours ago
YayMail – WooCommerce Email Customizer
<= 4.3.2
Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation vulnerability
2.7
7 hours ago
Load more