Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,502
Mitigations
Mitigation rules
14,743
No official patch
11,224
In triage
1,364
Published soon
64
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Text Toggle
<= 1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability
6.5
23 minutes ago
WP Games Embed
<= 0.1beta
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
23 minutes ago
fyyd podcast shortcodes
<= 0.3.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability
6.5
25 minutes ago
Sheets2Table
<= 0.4.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'titles' Shortcode Attribute vulnerability
6.5
25 minutes ago
Show Posts list
<= 1.1.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
26 minutes ago
Ad Short
<= 2.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'client' Shortcode Attribute vulnerability
6.5
31 minutes ago
WP Random Button
<= 1.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'cat' Shortcode Attribute vulnerability
6.5
33 minutes ago
Ecover Builder For Dummies
<= 1.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability
6.5
1 hour ago
Kali Forms
<= 2.4.9
Unauthenticated Remote Code Execution via form_process vulnerability
10
6 hours ago
Injection Guard
<= 1.2.9
Unauthenticated Stored Cross-Site Scripting via Query Parameter Name vulnerability
7.1
7 hours ago
WowOptin
<= 1.4.29
Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API vulnerability
7.2
8 hours ago
Pre* Party Resource Hints
<= 1.8.20
Authenticated (Subscriber+) SQL Injection via 'hint_ids' Parameter vulnerability
8.5
8 hours ago
Expire Users
<= 1.2.2
Authenticated (Subscriber+) Privilege Escalation to Administrator via save_extra_user_profile_fields vulnerability
8.8
8 hours ago
Linksy Search and Replace
<= 1.0.4
Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Update via linksy_search_and_replace_item_details vulnerability
8.8
8 hours ago
WP-Chatbot for Messenger
<= 4.9
Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability
6.5
18 hours ago
Autoptimize
<= 3.1.14
Authenticated (Contributor+) Stored Cross-Site Scripting via Lazy-loaded Image Attributes vulnerability
6.5
18 hours ago
Scoreboard for HTML5 Games Lite
<= 1.2
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
18 hours ago
Autoptimize
<= 3.1.14
Authenticated (Contributor+) Stored Cross-Site Scripting via 'ao_post_preload' Meta Value vulnerability
6.5
18 hours ago
RepairBuddy
<= 4.1132
Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via wc_rep_shop_settings_submission AJAX Action vulnerability
5.3
18 hours ago
EmailKit
<= 1.6.3
Authenticated (Administrator+) Path Traversal via 'emailkit-editor-template' REST API Parameter vulnerability
4.9
2 days ago
Load more