The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,555

Mitigation rules13,179

No official fix9,955

In triage1,533

Published soon64

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
SurveyFunnel<= 1.1.5 Unauthenticated Information Exposure vulnerability	5.3	5 hours ago
SurveyFunnel<= 1.1.5 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	5 hours ago
Trust.Reviews<= 2.5 Unauthenticated Stored Cross-Site Scripting via Social Media Reviews vulnerability	7.1	8 hours ago
Advanced Product Fields (Product Addons) for WooCommerce<= 1.6.17 Cross-Site Request Forgery to Product Field Group Duplication and Publication vulnerability	4.3	9 hours ago
ProfilePress<= 4.16.7 Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability	4.3	9 hours ago
Beaver Builder<= 2.9.4 Authenticated (Contributor+) Sensitive Information Exposure vulnerability	4.3	9 hours ago
Security & Malware scan by CleanTalk<= 2.168 Unauthenticated Stored Cross-Site Scripting via Page URL vulnerability	7.1	9 hours ago
Listar – Directory Listing & Classifieds<= 3.0.0 Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability	4.3	1 day ago
All-in-One Video Gallery4.5.4-4.5.7 Authenticated (Author+) Arbitrary File Upload vulnerability	9.1	1 day ago
myLCO<= 0.8.1 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	1 day ago
Starter Templates<= 4.4.41 Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass vulnerability	9.1	1 day ago
Widgets for Google Reviews<= 13.2.4 Unauthenticated Stored Cross-Site Scripting via Google Reviews vulnerability	7.1	1 day ago
Plugin for Google Reviews<= 6.8 Unauthenticated Stored Cross-Site Scripting via Google Review vulnerability	7.1	1 day ago
FluentForm<= 6.1.7 Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id vulnerability	6.5	1 day ago
Live Sales Notification for Woocommerce - Woomotiv<= 3.6.3 Reflected Cross-Site Scripting vulnerability	7.1	1 day ago
Application Passwords<= 0.1.3 Reflected Cross-Site Scripting via reject_url vulnerability	7.1	1 day ago
CSV Sumotto<= 1.0 Reflected Cross-Site Scripting vulnerability	7.1	1 day ago
Flex QR Code Generator<= 1.2.6 Unauthenticated Arbitrary File Upload vulnerability	10	1 day ago
10Web Booster – Website speed optimization, Cache & Page Speed optimizer<= 2.32.7 Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache vulnerability	9.6	1 day ago
Contact Form by BestWebSoft<= 4.3.5 Broken Access Control vulnerability	4.3	2 days ago