Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
49,264
Mitigations
Mitigation rules
15,912
No official patch
13,073
In triage
1,338
Published soon
67
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
BetterDocs
<= 4.6.0
Authenticated (Custom+) SQL Injection vulnerability
8.5
9 hours ago
Salon booking system
<= 10.30.32
Cross-Site Request Forgery to Remote Code Execution vulnerability
8.8
13 hours ago
Post Export Import with Media
<= 1.13.1
Authenticated (Administrator+) Arbitrary File Upload vulnerability
7.2
13 hours ago
WPCafe
<= 3.0.14
Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability
5.4
14 hours ago
FluentForm
<= 6.2.1
Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Subscription Cancellation vulnerability
5.4
15 hours ago
@jsonbored/gittensory-mcp
<= 0.1.0
NPM: Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
6.5
15 hours ago
Eventer
<= 4.4.2
Unauthenticated SQL Injection vulnerability
9.3
19 hours ago
Eventer
<= 4.4.2
Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation vulnerability
9.3
19 hours ago
Simple Coherent Form
<= 2.4.13
Unauthenticated Arbitrary File Deletion vulnerability
9.1
20 hours ago
Jssor Slider by jssor.com
<= 3.1.24
Unauthenticated Arbitrary File Read vulnerability
7.5
20 hours ago
Backstage
<= 1.4.2
Unauthenticated Privilege Escalation vulnerability
7.5
20 hours ago
多说社会化评论框
<= 1.2
Unauthenticated Privilege Escalation vulnerability
8.8
20 hours ago
Widget Logic Visual
<= 1.52
Authenticated (Subscriber+) Remote Code Execution vulnerability
8.8
20 hours ago
waku
<= 1.0.0-beta.0
NPM: Waku has an Open Redirect via `unstable_redirect` Helper
3.1
1 day ago
waku
<= 1.0.0-beta.0
NPM: Waku: Cross-Origin CSRF on RSC Server Action Dispatch
6.5
1 day ago
@better-auth/scim
>= 1.5.0, < 1.7.0-beta.4
NPM: @better-auth/scim: Account/provider takeover via missing owner binding on non-org SCIM providers
8.3
2 days ago
better-auth
>= 0.3.4, < 1.6.11
NPM: Better Auth: Stale sessions persist after user deletion across admin, anonymous, and SCIM flows
3.8
2 days ago
@better-auth/scim
>= 1.6.0, < 1.6.11
NPM: Better Auth: Stale sessions persist after user deletion across admin, anonymous, and SCIM flows
3.8
2 days ago
better-auth
< 1.6.11
NPM: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
8.1
2 days ago
@better-auth/oauth-provider
>= 1.6.0, < 1.6.11
NPM: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
8.1
2 days ago
Load more