Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
35,718
Mitigations
Mitigation rules
13,213
No official fix
10,020
In triage
1,591
Published soon
50
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Brizy
<= 2.7.16
Authenticated (Contributor+) Sensitive Information Exposure via get_users Function vulnerability
6.5
14 hours ago
King Addons for Elementor
<= 51.1.39
Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
6.5
14 hours ago
Marquee Addons for Elementor
<= 2.4.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Marquee Widget vulnerability
6.5
14 hours ago
Enter Addons
<= 2.2.7
Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets vulnerability
6.5
14 hours ago
Popup Builder
<= 4.4.1
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
15 hours ago
Livemesh SiteOrigin Widgets
<= 3.9.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets vulnerability
6.5
15 hours ago
TI WooCommerce Wishlist
<= 2.10.0
Unauthenticated HTML Injection vulnerability
5.3
15 hours ago
WidgetKit
<= 2.5.6
Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets vulnerability
6.5
16 hours ago
myCred
<= 2.9.7
Missing Authorization to Unauthenticated Withdrawal Request Approval vulnerability
5.3
16 hours ago
MediaCommander – Bring Folders to Media, Posts, and Pages
<= 2.3.1
Missing Authorization to Authenticated (Author+) Media Folder Deletion vulnerability
6.5
16 hours ago
Lucky Draw Contests
<= 4.2
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
16 hours ago
Popover Windows
<= 1.2
Missing Authorization to Authenticated (Subscriber+) Popover Configuration Update via AJAX Actions vulnerability
5.4
16 hours ago
Custom Frames
<= 1.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Parameter vulnerability
6.5
16 hours ago
Shortcode Ajax
<= 1.0
Unauthenticated Arbitrary Shortcode Execution via 'code' Parameter vulnerability
5.4
16 hours ago
Popover Windows
<= 1.2
Cross-Site Request Forgery to Arbitrary Popover Configuration Update vulnerability
4.3
16 hours ago
Quick Testimonials
<= 2.1
Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
5.9
16 hours ago
Solutions Ad Manager
<= 1.0.0
Unauthenticated Open Redirect via 'sam-redirect-to' Parameter vulnerability
4.7
17 hours ago
AnnunciFunebri Impresa
<= 4.7.0
Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Deletion vulnerability
5.4
17 hours ago
Devs CRM
<= 1.1.8
Missing Authorization to Unauthenticated Lead Tag Update vulnerability
5.3
17 hours ago
Popup Builder
<= 1.1.37
Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Reset vulnerability
5.4
17 hours ago
Load more