Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
49,300
Mitigations
Mitigation rules
15,929
No official patch
13,073
In triage
1,340
Published soon
27
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
safeinstall-cli
< 0.10.2
NPM: SafeInstall agent guard shell parsing can miss raw package execution
8.8
2 hours ago
tarteaucitronjs
< 1.33.0
NPM: tarteaucitron: data-cookie attribute can be used to delete arbitrary cookies
4.3
5 hours ago
@libp2p/gossipsub
< 16.0.0
NPM: libp2p: CPU DoS via oversized IHAVE and IWANT control message arrays
7.5
5 hours ago
morgan
>= 1.2.0, <= 1.10.1
NPM: morgan vulnerable to Log Forging via unneutralized control characters in :remote-user
5.3
7 hours ago
All-in-One Video Gallery
<= 4.8.5
Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
6.4
15 hours ago
WP Hotel Booking
<= 2.3.1
Reflected Cross-Site Scripting vulnerability
7.1
15 hours ago
Hide My WP Lite
<= 1.3
Unauthenticated Path Traversal to Arbitrary File Read vulnerability
7.5
15 hours ago
UsersWP
<= 1.2.65
Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
8.8
15 hours ago
Super Forms
<= 6.3.313
Unauthenticated Arbitrary File Upload vulnerability
10
16 hours ago
LoginPress Pro
<= 6.2.3
Unauthenticated Authentication Bypass vulnerability
8.1
16 hours ago
LoginPress Pro
<= 6.2.3
Unauthenticated Authentication Bypass vulnerability
8.1
16 hours ago
LoginPress Pro
<= 6.2.3
Unauthenticated Authentication Bypass vulnerability
8.1
16 hours ago
Mail Mint
<= 1.24.1
Authenticated (Administrator+) SQL Injection vulnerability
7.6
1 day ago
Logo Slider
<= 5.5
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
KiviCare
<= 4.4.0
Missing Authorization to Unauthenticated Payment Bypass and Appointment Status Manipulation vulnerability
5.3
1 day ago
JoomSport
<= 5.7.9
Authenticated (Contributor+) SQL Injection vulnerability
6.5
1 day ago
Jeg Elementor Kit
<= 3.2.6
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
Invoice123
<= 1.7.0
Missing Authorization to Authenticated (Subscriber+) Setting Modification vulnerability
4.3
1 day ago
Import and export users and customers
<= 2.4.0
Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
4.3
1 day ago
Hostel
<= 1.1.7
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
Load more