The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total36,468

MitigationsMitigation rules13,406

No official fix10,386

In triage1,168

Published soon33

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Unify<= 3.4.9 Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter vulnerability	6.5	49 minutes ago
WP Enable WebP<= 1.0 Authenticated (Author+) Arbitrary File Upload vulnerability	9.1	51 minutes ago
SVG Map Plugin<= 1.0.0 Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting vulnerability	7.1	57 minutes ago
Premmerce WooCommerce Customers Manager<= 1.1.14 Reflected Cross-Site Scripting vulnerability	7.1	1 hour ago
WP Photo Album Plus<= 9.1.05.008 Reflected Cross-Site Scripting vulnerability	7.1	1 hour ago
HBLPAY Payment Gateway for WooCommerce<= 5.0.0 Reflected Cross-Site Scripting via 'cusdata' Parameter vulnerability	7.1	1 hour ago
Bit Form – Contact Form Plugin<= 2.21.6 WordPress Bit Form - Contact Form Plugin plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay vulnerability	6.5	1 hour ago
Flashcard<= 0.9 Authenticated (Contributor+) Arbitrary File Read via Path Traversal vulnerability	6.5	1 hour ago
Pure WC Variation Swatches<= 1.1.7 Unauthenticated Settings Update vulnerability	6.5	1 hour ago
Customer Reviews for WooCommerce<= 5.93.1 Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter vulnerability	6.5	1 hour ago
EmailKit<= 1.6.1 Authenticated (Author+) Arbitrary File Read via Path Traversal vulnerability	6.5	1 hour ago
User Activity Log<= 2.2 Unauthenticated Limited Options Update via Failed Login vulnerability	7.5	1 hour ago
Latest Registered Users<= 1.4 Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export vulnerability	7.5	2 hours ago
Money Space<= 2.13.9 Unauthenticated Sensitive Information Exposure vulnerability	8.6	2 hours ago
iPaymu Payment Gateway for WooCommerce<= 2.0.2 Missing Authentication to Unauthenticated Payment Bypass and Order Information Disclosure vulnerability	8.2	2 hours ago
Yoco Payments<= 3.8.8 Unauthenticated Arbitrary File Read vulnerability	7.5	2 hours ago
Drag and Drop Multiple File Upload – Contact Form 7<= 1.3.9.2 WordPress Drag and Drop Multiple File Upload - Contact Form 7 plugin <= 1.3.9.2 - Unauthenticated Limited Arbitrary File Upload vulnerability	10	2 hours ago
Optional Email<= 1.3.11 Unauthenticated Privilege Escalation to Account Takeover vulnerability	9.8	2 hours ago
Wish To Go<= 0.5.2 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	9 hours ago
Simcast<= 1.0.0 Cross-Site Request Forgery to Settings Update vulnerability	4.3	9 hours ago