Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,697
Mitigations
Mitigation rules
14,826
No official patch
11,212
In triage
1,631
Published soon
11
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
ProfilePress
<= 4.16.11
WordPress Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields vulnerability
6.5
9 hours ago
Visitors Traffic Real Time Statistics
<= 8.4
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
9 hours ago
Listeo Core
<= 2.0.27
WordPress Listeo-Core - Directory Plugin by Purethemes plugin <= 2.0.27 - Unauthenticated Arbitrary Media Upload vulnerability
5.3
9 hours ago
Widgets for Social Photo Feed
<= 1.7.9
Unauthenticated Stored Cross-Site Scripting via feed_data vulnerability
7.1
9 hours ago
Ninja Forms File Uploads Extension
<= 3.3.26
WordPress Ninja Forms - File Upload plugin <= 3.3.26 - Unauthenticated Arbitrary File Upload vulnerability
10
9 hours ago
Ocean Extra
<= 2.5.3
Broken Access Control vulnerability
5.4
11 hours ago
LTL Freight Quotes – Worldwide Express Edition
<= 5.2.1
Broken Access Control vulnerability
5.3
11 hours ago
Simple Social Media Share Buttons
<= 6.2.0
Cross Site Request Forgery (CSRF) vulnerability
7.5
12 hours ago
Under Construction, Coming Soon & Maintenance Mode
<= 2.1.1
Cross Site Request Forgery (CSRF) vulnerability
7.5
12 hours ago
wpForo Forum
<= 2.4.16
Authenticated (Subscriber+) Arbitrary File Deletion via Post Body vulnerability
8.8
13 hours ago
Text to Speech – TTSWP
<= 1.9.8
Use of Hardcoded Password to Unauthenticated Remote Database Access vulnerability
7.5
13 hours ago
Amelia
<= 2.1.3
Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter vulnerability
8.8
16 hours ago
WPFunnels
<= 3.7.9
Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode vulnerability
6.5
16 hours ago
Gutenberg Blocks by Kadence Blocks
<= 3.6.3
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload vulnerability
7.1
22 hours ago
Gutenberg Blocks by Kadence Blocks
<= 3.6.3
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload vulnerability
4.3
22 hours ago
Media LIbrary Assistant
<= 3.34
Cross Site Scripting (XSS) vulnerability
6.5
1 day ago
Media LIbrary Assistant
<= 3.34
SQL Injection vulnerability
8.5
1 day ago
Ultimate Member
<= 2.11.1
Authenticated (Subscriber+) Stored Cross-Site Scripting via DOM Gadgets vulnerability
6.5
1 day ago
WP Travel Engine
<= 6.7.5
WordPress WP Travel Engine - Travel and Tour Booking Plugin plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode vulnerability
6.5
3 days ago
ElementsKit Elementor addons Lite
<= 3.7.9
Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget vulnerability
6.5
3 days ago
Load more