Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,002
Mitigations
Mitigation rules
14,473
No official patch
11,202
In triage
1,507
Published soon
27
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
LotekMedia Popup Form
<= 1.0.6
Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
5.9
7 hours ago
True Ranker
<= 2.2.9
Cross-Site Request Forgery to Unauthorized True Ranker Disconnection vulnerability
4.3
7 hours ago
Carta Online
<= 2.13.0
Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
5.9
7 hours ago
Infomaniak Connect for OpenID
<= 1.0.2
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
7 hours ago
Font Pairing Preview For Landing Pages
<= 1.3
Cross-Site Request Forgery to Settings Update vulnerability
4.3
7 hours ago
Show YouTube video
<= 1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability
6.5
7 hours ago
Purchase Button For Affiliate Link
<= 1.0.2
Cross-Site Request Forgery to Settings Update vulnerability
4.3
7 hours ago
DA Media GigList
<= 1.9.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'list_title' Shortcode Attribute vulnerability
6.5
7 hours ago
Consensus Embed
<= 1.6
Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability
6.5
7 hours ago
Media Library Alt Text Editor
<= 1.0.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute vulnerability
6.5
7 hours ago
The Guardian News Feed
<= 1.2
Cross-Site Request Forgery to Settings Update vulnerability
4.3
7 hours ago
MyQtip – easy qTip2
<= 2.0.5
WordPress MyQtip - easy qTip2 plugin <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
7 hours ago
Wueen
<= 0.2.0
Authenticated (Contributor+) Stored Cross-Site Scripting via plugin's Shortcode vulnerability
6.5
7 hours ago
Mobile DJ Manager
<= 1.7.8.1
Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion vulnerability
5.3
8 hours ago
MailArchiver
<= 4.4.0
Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability
5.9
8 hours ago
Community Events
<= 1.5.8
Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field vulnerability
7.6
8 hours ago
ProfileGrid
<= 5.9.8.1
Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion vulnerability
4.3
8 hours ago
ProfileGrid
<= 5.9.8.2
Cross-Site Request Forgery to Group Membership Request Approval/Denial vulnerability
4.3
8 hours ago
Stock Ticker
<= 3.26.1
Authenticated (Administrator+) Stored Cross-Site Scripting via Template vulnerability
5.9
8 hours ago
Easy PHP Settings
<= 1.0.4
Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting vulnerability
7.2
8 hours ago
Load more