Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,142
Mitigations
Mitigation rules
13,937
No official fix
10,864
In triage
1,287
Published soon
24
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Thumbnail carousel slider
< 1.0.1
Authenticated (Subscriber+) Arbitrary File Upload vulnerability
9.9
1 minute ago
WP Database Backup
< 5.2
Unauthenticated OS Command Injection vulnerability
10
1 minute ago
ZoomSounds
< 6.05
Unauthenticated Arbitrary File Upload vulnerability
10
5 minutes ago
The Events Calendar Shortcode & Block
<= 3.1.2
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
6 hours ago
PopupKit
<= 2.2.0
Missing Authorization to Sensitive Information Disclosure and Data Deletion vulnerability
5.4
6 hours ago
WCFM Marketplace
<= 3.7.0
Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation vulnerability
5.3
6 hours ago
Fluent Forms Pro Add On Pack
<= 6.1.12
Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource' vulnerability
5.4
7 hours ago
WCFM – Frontend Manager for WooCommerce
<= 6.7.24
WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update vulnerability
7.2
7 hours ago
WCFM Membership
<= 2.11.8
WordPress WCFM Membership - WooCommerce Memberships for Multivendor Marketplace plugin <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment vulnerability
4.3
7 hours ago
WP Enabled SVG
<= 0.2
Author+ Stored XSS via SVG vulnerability
5.9
7 hours ago
Atarim
<= 4.0.9
WordPress Visual Website Collaboration, Feedback & Project Management - Atarim plugin <= 4.0.9 - Missing Authorization to Authenticated (Subscriber+) Project Page/File Deletion vulnerability
5.3
7 hours ago
WP jQuery DataTable
<= 4.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
8 hours ago
Wishlist
<= 1.0.43
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
8 hours ago
Gosign – Posts Slider Block
<= 1.1.0
WordPress Gosign - Posts Slider Block plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
8 hours ago
Post Grid, Slider & Carousel Ultimate
<= 1.6.10
WordPress Post Grid, Slider & Carousel Ultimate - with Shortcode, Gutenberg Block & Elementor Widget plugin <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler() vulnerability
7.5
8 hours ago
Front End Users
<= 3.2.30
Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode vulnerability
6.5
8 hours ago
Simple Map No Api
<= 1.9
Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability
6.5
8 hours ago
Ketchup Shortcodes
<= 0.1.2
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
8 hours ago
DethemeKit For Elementor
<= 2.1.8
Authenticated (Contributor+) Stored Cross-Site Scripting via De Gallery Widget vulnerability
6.5
8 hours ago
Maps for WP
<= 1.2.4
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
8 hours ago
Load more