The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,228

Mitigation rules13,123

No official fix9,836

In triage1,437

Published soon19

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Nextend Facebook Connect <= 3.1.21 Cross-Site Request Forgery to Unlink User Social Login vulnerability	4.3	16 hours ago
Reuters Direct<= 3.0.0 Missing Authorization to Unauthenticated Settings Reset vulnerability	5.3	17 hours ago
Bold Page Builder<= 5.5.2 Cross Site Scripting (XSS) vulnerability	6.5	2 days ago
Unlimited Elements for Elementor (Premium)<= 2.0 Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability	7.1	2 days ago
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 2.0 Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability	7.1	2 days ago
AI ChatBot with ChatGPT and Content Generator by AYS<= 2.7.0 Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter vulnerability	7.2	2 days ago
PowerPress Podcasting<= 11.15.2 Authenticated (Contributor+) Arbitrary File Upload via 'powerpress_edit_post' vulnerability	9.9	2 days ago
KiviCare<= 3.6.13 SQL Injection vulnerability	8.5	2 days ago
WP Directory Kit<= 1.4.5 Reflected Cross-Site Scripting via 'order_by' Parameter vulnerability	7.1	2 days ago
Customer Reviews Collector for WooCommerce<= 4.6.1 Reflected Cross-Site Scripting vulnerability	7.1	2 days ago
Simple Folio<= 1.1.0 Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability	6.5	2 days ago
Houzez<= 4.1.6 Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability	7.1	2 days ago
Folders<= 3.1.5 Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation vulnerability	4.3	2 days ago
SKT PayPal for WooCommerce<= 1.4 Unauthenticated Payment Bypass vulnerability	7.5	2 days ago
Tiare Membership<= 1.2 Unauthenticated Privilege Escalation vulnerability	9.8	2 days ago
Tiger<= 101.2.1 Authenticated (Subscriber+) Privilege Escalation vulnerability	8.8	2 days ago
Tiger<= 101.2.1 Privilege Escalation vulnerability	9.8	2 days ago
FindAll Membership<= 1.0.4 Authentication Bypass via Social Login vulnerability	9.8	2 days ago
Houzez<= 4.1.6 Authenticated (Subscriber+) PHP Object Injection via Saved Search vulnerability	8.8	2 days ago
WP Fastest Cache <= 1.4.0 Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions vulnerability	4.3	2 days ago