Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,930
Mitigations
Mitigation rules
14,436
No official patch
11,184
In triage
1,419
Published soon
45
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
OoohBoi Steroids for Elementor
<= 2.1.24
Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls vulnerability
6.5
1 minute ago
My Calendar
<= 3.7.3
WordPress My Calendar - Accessible Event Manager plugin <= 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
29 minutes ago
Seraphinite Accelerator
<= 2.28.14
Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor vulnerability
4.3
31 minutes ago
Seraphinite Accelerator
<= 2.28.14
Missing Authorization to Authenticated (Subscriber+) Log Clearing vulnerability
4.3
35 minutes ago
JS Help Desk
<= 2.8.2
WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie vulnerability
9.3
16 hours ago
All-in-One Video Gallery
<= 4.7.1
Reflected Cross-Site Scripting via 'vi' Parameter vulnerability
7.1
16 hours ago
Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder
<= 1.6.0
WordPress Gutena Forms - Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema() vulnerability
6.5
23 hours ago
Envira Photo Gallery
<= 1.12.3
Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API vulnerability
5.9
23 hours ago
Enable Media Replace
<= 4.1.7
Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace vulnerability
5.4
23 hours ago
WP-Members
<= 3.5.5.1
Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute vulnerability
8.5
23 hours ago
Morkva UA Shipping
<= 1.7.9
Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field vulnerability
5.9
23 hours ago
Taskbuilder
<= 5.0.3
Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field vulnerability
5.9
23 hours ago
WPBookit
<= 1.0.8
Missing Authorization to Unauthenticated Sensitive Customer Data Exposure vulnerability
5.3
23 hours ago
Email Subscribers & Newsletters
<= 5.9.16
Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter vulnerability
7.6
23 hours ago
PostX
<= 5.0.8
Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints vulnerability
7.2
23 hours ago
WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
<= 1.1.5
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
Contest Gallery
<= 28.1.4
Unauthenticated SQL Injection vulnerability
9.3
1 day ago
User Registration
<= 5.1.2
Unauthenticated Privilege Escalation via Membership Registration vulnerability
9.8
1 day ago
All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login
<= 2.2.5
Authentication Bypass vulnerability
9.8
1 day ago
Master Addons for Elementor Premium
<= 2.1.3
Authenticated (Subscriber+) Remote Code Execution via render_preview vulnerability
8.8
1 day ago
Load more