Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
36,872
Mitigations
Mitigation rules
13,636
No official fix
10,553
In triage
1,269
Published soon
53
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
LA-Studio Element Kit for Elementor
<= 1.5.6.3
Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter vulnerability
9.8
12 hours ago
Photo Gallery by 10Web
<= 1.8.36
Missing Authorization to Unauthenticated Arbitrary Comment Deletion vulnerability
5.3
19 hours ago
NotificationX
<= 3.2.0
Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview' vulnerability
7.1
23 hours ago
Nexter Extension
<= 4.4.6
WordPress Nexter Extension - Site Enhancements Toolkit plugin <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace' vulnerability
9.8
1 day ago
Academy LMS
<= 3.5.0
Privilege Escalation vulnerability
9.8
1 day ago
Bookingor
<= 1.0.12
Subscriber+ Category Deletion vulnerability
5.4
1 day ago
FlatPM
<= 3.2.2
WordPress FlatPM - Ad Manager, AdSense and Custom Code plugin <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Post Meta vulnerability
6.5
1 day ago
Head Meta Data
<= 20251118
Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability
6.5
1 day ago
NotificationX
<= 3.1.11
Missing Authorization to Authenticated (Contributor+) Analytics Reset vulnerability
5.4
1 day ago
Creator LMS
<= 1.1.12
WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update vulnerability
8.8
1 day ago
The Events Calendar
<= 6.15.13
Missing Authorization to Authenticated (Subscriber+) Data Migration Control vulnerability
5.4
1 day ago
Tutor LMS
<= 3.9.4
WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion vulnerability
5.4
1 day ago
Advanced Custom Fields: Extended
<= 0.9.2.1
Unauthenticated Privilege Escalation via Insert User Form Action vulnerability
9.8
2 days ago
Koko Analytics
<= 2.1.2
SQL Injection vulnerability
6.9
2 days ago
Custom Fonts – Host Your Fonts Locally
<= 2.1.16
WordPress Custom Fonts - Host Your Fonts Locally plugin <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion vulnerability
6.5
2 days ago
E-xact Hosted Payment
<= 2.0
Unauthenticated Arbitrary File Deletion vulnerability
8.6
2 days ago
Dokan
<= 4.2.4
Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information Disclosure vulnerability
8.1
2 days ago
Viet contact
<= 1.3.2
Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters vulnerability
5.9
2 days ago
WP Hello Bar
<= 1.02
Authenticated (Administrator+) Stored Cross-Site Scripting via 'digit_one' and 'digit_two' Parameters vulnerability
5.9
2 days ago
weMail
<= 2.0.7
Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability
5.3
2 days ago
Load more