Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
49,159
Mitigations
Mitigation rules
15,846
No official patch
13,071
In triage
1,296
Published soon
39
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
better-auth
< 1.6.11
NPM: Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins
9.1
25 minutes ago
@aborruso/ckan-mcp-server
< 0.4.106
NPM: @aborruso/ckan-mcp-server: SSRF via base_url allows access to internal networks (Potential fix bypass of CVE-2026-33060)
5.7
1 hour ago
9router
<= 0.4.71
NPM: 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
7.3
22 hours ago
9router
<= 0.4.71
NPM: 9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover
9.9
22 hours ago
9router
<= 0.4.41
NPM: 9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats
10
23 hours ago
decompress
<= 4.2.1
NPM: Decompress: Archive extraction can create files and links outside of the target directory
9.1
1 day ago
@xhmikosr/decompress
< 10.2.1
NPM: Decompress: Archive extraction can create files and links outside of the target directory
9.1
1 day ago
wpDiscuz
<= 7.6.56
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
Ultimate Member
<= 2.11.4
Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
JSON API User
<= 4.1.0
Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
NEX-Forms
<= 9.2.2
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
CURCY
<= 2.2.14
Unauthenticated Arbitrary Shortcode Execution vulnerability
5.4
1 day ago
Printcart Web to Print Product Designer for WooCommerce
<= 2.5.2
Unauthenticated Arbitrary File Deletion vulnerability
8.6
1 day ago
AR For Woocommerce
<= 8.40
Unauthenticated Path Traversal to Arbitrary File Read vulnerability
7.5
1 day ago
AR For WordPress
<= 8.40
Unauthenticated Arbitrary File Read vulnerability
7.5
1 day ago
Index Now
<= 3.0.16
Cross Site Request Forgery (CSRF) vulnerability
4.3
1 day ago
FormLayer
<= 1.0.6
Sensitive Data Exposure vulnerability
5.3
1 day ago
Exclusive Addons Elementor
<= 2.7.9.9
Sensitive Data Exposure vulnerability
5.3
1 day ago
9router
<= 0.4.55
NPM: 9router has an Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofING
7.5
4 days ago
9router
>= 0.2.21, <= 0.4.41
NPM: 9router's Hardcoded Default fallback JWT Secret Allows Authentication Bypass
9.8
4 days ago
Load more