Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
49,348
Mitigations
Mitigation rules
15,940
No official patch
13,055
In triage
1,352
Published soon
1
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
n8n-mcp
<= 2.57.3
NPM: n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode
4.2
23 hours ago
tidgi
<= 0.13.0
NPM: TidGi Desktop Remote Code Execution via Malicious TiddlyWiki Repository Import — Tiddler Startup Module Auto-Execution
9.6
1 day ago
@feathersjs/commons
<= 5.0.44
NPM: Prototype pollution in @feathersjs/commons _.merge via JSON-parsed __proto__
3.7
1 day ago
n8n-mcp
<= 2.56.0
NPM: n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments
9.9
1 day ago
@fedify/fedify
>= 0.11.2, < 1.9.12
NPM: Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges
8.6
1 day ago
@fedify/vocab-runtime
< 2.0.19
NPM: Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges
8.6
1 day ago
Genolve
<= 5.0.5
Authenticated (Contributor+) Incorrect Authorization to Privilege Escalation vulnerability
8.8
1 day ago
bbp style pack
<= 6.4.5
Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
CorvusPay WooCommerce Payment Gateway
<= 2.7.4
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
W3 Total Cache
<= 2.9.4
Unauthenticated Arbitrary File Read vulnerability
7.5
1 day ago
WordPress CTA
<= 2.2.2
Unauthenticated Time-Based Blind SQL Injection vulnerability
9.3
1 day ago
Aimogen Pro
<= 2.8.4
WordPress Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin <= 2.8.4 - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit <= 2.8.4 - Unauthenticated Privilege Escalation vulnerability
9.8
1 day ago
Ultimate Auction Pro
<= 2.4.5
Reflected XSS via uwa_manage_auctions vulnerability
7.1
2 days ago
Ultimate Auction Pro
<= 2.4.5
Reflected XSS via uwa_auctions_bids_list vulnerability
7.1
2 days ago
ICS Calendar
<= 12.0.9
Reflected Cross-Site Scripting vulnerability
7.1
2 days ago
Booking Package
<= 1.7.20
Unauthenticated SQL Injection vulnerability
9.3
2 days ago
WP Customer Area
<= 8.3.5
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
2 days ago
FoodBook Lite – Online Food Ordering System
<= 1.5.6
Missing Authorization to Unauthenticated User Registration vulnerability
5.3
2 days ago
News Kit Elementor Addons
<= 1.4.6
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
2 days ago
Fusion Builder
<= 3.15.5
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
2 days ago
Load more