Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
49,336
Mitigations
Mitigation rules
15,933
No official patch
13,061
In triage
1,325
Published soon
3
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
Ultimate Auction Pro
<= 2.4.5
Reflected XSS via uwa_manage_auctions vulnerability
7.1
14 hours ago
Ultimate Auction Pro
<= 2.4.5
Reflected XSS via uwa_auctions_bids_list vulnerability
7.1
14 hours ago
ICS Calendar
<= 12.0.9
Reflected Cross-Site Scripting vulnerability
7.1
14 hours ago
Booking Package
<= 1.7.20
Unauthenticated SQL Injection vulnerability
9.3
14 hours ago
WP Customer Area
<= 8.3.5
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
17 hours ago
FoodBook Lite – Online Food Ordering System
<= 1.5.6
Missing Authorization to Unauthenticated User Registration vulnerability
5.3
17 hours ago
News Kit Elementor Addons
<= 1.4.6
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
17 hours ago
Fusion Builder
<= 3.15.5
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
Smart Slider 3
<= 3.5.1.37
Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure vulnerability
4.3
1 day ago
Academy LMS
<= 3.8.0
Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability
4.3
1 day ago
safeinstall-cli
< 0.10.2
NPM: SafeInstall agent guard shell parsing can miss raw package execution
8.8
3 days ago
NEX-Forms
<= 9.2.2
Missing Authorization to Unauthenticated Arbitrary Form Entry Modification vulnerability
5.3
3 days ago
TeraWallet – For WooCommerce
<= 1.6.4
Missing Authorization to Authenticated (Subscriber+) User/Email Enumeration vulnerability
4.3
3 days ago
WCFM – Frontend Manager for WooCommerce
<= 6.7.27
Missing Authorization to Unauthenticated Arbitrary Inquiry Reply Injection vulnerability
5.3
3 days ago
WCFM – Frontend Manager for WooCommerce
<= 6.7.27
Authenticated (Subscriber+) Missing Authorization to Arbitrary Vendor Data Manipulation vulnerability
4.3
3 days ago
WCFM Marketplace
<= 3.7.3
Authenticated (Vendor+) Stored Cross-Site Scripting vulnerability
6.5
3 days ago
tarteaucitronjs
< 1.33.0
NPM: tarteaucitron: data-cookie attribute can be used to delete arbitrary cookies
4.3
3 days ago
@libp2p/gossipsub
< 16.0.0
NPM: libp2p: CPU DoS via oversized IHAVE and IWANT control message arrays
7.5
3 days ago
morgan
>= 1.2.0, <= 1.10.1
NPM: morgan vulnerable to Log Forging via unneutralized control characters in :remote-user
5.3
3 days ago
WP Google Maps Pro
<= 10.1.02
Cross Site Scripting (XSS) vulnerability
7.1
3 days ago
Load more