The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,304

Mitigation rules13,157

No official fix9,839

In triage1,651

Published soon9

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Nouri.sh Newsletter<= 1.0.1.3 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	12 hours ago
Jabbernotification<= 0.99-RC2 Reflected Cross-Site Scripting via admin.php PATH_INFO vulnerability	7.1	12 hours ago
Time Sheets<= 2.1.3 Use of Known Vulnerable Component vulnerability	7.2	12 hours ago
Twitscription<= 0.1.1 Reflected Cross-Site Scripting via admin.php PATH_INFO vulnerability	7.1	12 hours ago
dream gallery<= 1.0 Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action vulnerability	7.1	12 hours ago
WP-SOS-Donate<= 0.9.2 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	13 hours ago
My auctions allegro<= 3.6.32 Unauthenticated Local File Inclusion via controller vulnerability	8.1	13 hours ago
My auctions allegro<= 3.6.32 Unauthenticated SQL Injection via auction_id vulnerability	9.3	13 hours ago
User Verification<= 2.0.39 Authentication Bypass to Account Takeover vulnerability	9.8	13 hours ago
Wp Social<= 3.1.3 Missing Authorization in Cache REST Endpoints to Social Counter Tampering vulnerability	5.3	21 hours ago
User Generator and Importer<= 1.2.2 Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation vulnerability	8.8	21 hours ago
Projectopia<= 5.1.19 Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability	5.3	21 hours ago
CryptX<= 4.0.4 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	21 hours ago
Trail Manager<= 1.0.0 Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	5.9	21 hours ago
ARK Related Posts<= 2.19 Cross-Site Request Forgery to Settings Update vulnerability	4.3	21 hours ago
Thai Lottery Widget<= 2.5 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	21 hours ago
WC Vendors Marketplace<= 2.6.4 Cross-Site Request Forgery to Vendor Product Deletion vulnerability	4.3	21 hours ago
Weekly Planner<= 1.0 Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	5.9	21 hours ago
Live CSS Preview<= 2.0.0 Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability	5.4	21 hours ago
Voidek Employee Portal<= 1.0.6 Missing Authorization vulnerability	5.3	21 hours ago