The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total46,895

MitigationsMitigation rules15,211

No official patch13,394

In triage1,547

Published soon10

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Meta Field Block<= 1.5.2 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	5 hours ago
Media Sync<= 1.4.9 Authenticated (Author+) Path Traversal vulnerability	6.5	5 hours ago
LatePoint<= 5.3.2 Cross-Site Request Forgery vulnerability	4.3	5 hours ago
WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content<= 7.8.5.10 One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin <= 7.8.5.10 - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tampering vulnerability	5.4	6 hours ago
LearnPress<= 4.3.5 Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment vulnerability	4.3	8 hours ago
Envira Photo Gallery<= 1.12.4 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	8 hours ago
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 2.0.7 Authenticated (Contributor+) SQL Injection vulnerability	8.5	9 hours ago
ACF Extended<= 0.9.2.3 Unauthenticated Arbitrary Shortcode Execution vulnerability	6.5	11 hours ago
Google Analytics by Monster Insights<= 10.1.2 Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset vulnerability	7.1	11 hours ago
Custom Twitter Feeds (Tweets Widget)<= 2.5.4 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	12 hours ago
ProfileGrid <= 5.9.8.4 Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining vulnerability	7.1	12 hours ago
Fusion Builder<= 3.15.1 Unauthenticated SQL Injection vulnerability	9.3	12 hours ago
Fusion Builder<= 3.15.2 Authenticated (Subscriber+) Arbitrary File Read vulnerability	6.5	12 hours ago
Court Reservation<= 1.10.11 Unauthenticated SQL Injection vulnerability	9.3	13 hours ago
coreActivity: Activity Logging plugin for WordPress<= 3.0 Unauthenticated PHP Object Injection vulnerability	8.1	13 hours ago
ProfileGrid <= 5.9.8.4 Authenticated (Subscriber+) SQL Injection vulnerability	8.5	13 hours ago
My Calendar<= 3.7.9 Authenticated (Custom+) Missing Authorization to Unauthorized Event Publication vulnerability	4.3	23 hours ago
The Plus Addons for Elementor Page Builder Lite<= 6.4.11 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	23 hours ago
Tutor LMS<= 3.9.9 Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion vulnerability	5.3	1 day ago
Woocommerce Support System<= 1.3.0 Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability	5.3	1 day ago