The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total36,747

MitigationsMitigation rules13,540

No official fix10,542

In triage1,069

Published soon17

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
LEAV Last Email Address Validator<= 1.7.1 Cross-Site Request Forgery to Plugin Settings Update vulnerability	4.3	5 minutes ago
Related Posts by Taxonomy<= 2.7.6 Authenticated (Contributor+) Stored Cross-Site Scripting via 'related_posts_by_tax' Shortcode vulnerability	6.5	14 minutes ago
DK PDF – WordPress PDF Generator<= 2.3.0 WordPress DK PDF - WordPress PDF Generator plugin <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery vulnerability	5	18 minutes ago
Rede Itaú for WooCommerce<= 5.1.2 Missing Authorization to Unauthenticated Rede Order Logs Deletion vulnerability	5.3	21 minutes ago
Rede Itaú for WooCommerce<= 5.1.2 WordPress Rede Itaú for WooCommerce - Payment PIX, Credit Card and Debit plugin <= 5.1.2 - Unauthenticated Order Status Manipulation vulnerability	5.3	21 minutes ago
All In One SEO Pack<= 4.9.2 WordPress All in One SEO - Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosure vulnerability	4.3	24 minutes ago
Booking Calendar<= 10.14.11 Missing Authorization to Sensitive Information Exposure vulnerability	4.3	25 minutes ago
Shield Security<= 21.0.9 Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator vulnerability	4.3	26 minutes ago
Kalium<= 3.29 Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_request vulnerability	5.3	30 minutes ago
WP-Members<= 3.5.4.3 Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields vulnerability	6.5	15 hours ago
Simply Schedule Appointments<= 1.6.9.9 Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters vulnerability	9.3	16 hours ago
Drag and Drop Multiple File Upload – Contact Form 7<= 1.3.9.2 Missing Authorization to Unauthenticated File Deletion vulnerability	3.7	23 hours ago
List Site Contributors<= 1.1.8 Reflected Cross-Site Scripting via alpha vulnerability	7.1	1 day ago
AJS Footnotes<= 1.0 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
Name Directory<= 1.30.3 Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability	7.1	1 day ago
GeekyBot<= 1.1.7 WordPress GeekyBot - Generate AI Content Without Prompt, Chatbot and Lead Generation plugin <= 1.1.7 - Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
Gotham Block Extra Light<= 1.5.0 Authenticated (Contributor+) Arbitrary File Read via 'ghostban' Shortcode vulnerability	6.5	1 day ago
Shipping Rate By Cities<= 2.0.0 Unauthenticated SQL Injection via 'city' Parameter vulnerability	9.3	1 day ago
News and Blog Designer Bundle<= 1.1 Unauthenticated Local File Inclusion vulnerability	8.1	1 day ago
Dreamer Blog<= 1.2 Subscriber+ Arbitrary Plugin Installation vulnerability	8.8	1 day ago