Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,570
Mitigations
Mitigation rules
14,099
No official fix
10,979
In triage
1,254
Published soon
33
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Dealia
<= 1.0.6
Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes vulnerability
6.5
42 minutes ago
Client Testimonial Slider
<= 2.0
Authenticated (Administrator+) Stored Cross-Site Scripting via 'Testimonial Heading' Setting vulnerability
5.9
43 minutes ago
MP3 Audio Player for Music, Radio & Podcast by Sonaar
4.0-5.10
Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability
5.3
45 minutes ago
XO Event Calendar
<= 3.2.10
Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode vulnerability
6.5
49 minutes ago
Groups
<= 3.10.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode vulnerability
6.5
50 minutes ago
YaMaps for WordPress
<= 0.6.40
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters vulnerability
6.5
51 minutes ago
BackWPup
<= 5.6.2
Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update vulnerability
7.2
52 minutes ago
Advanced Custom Fields: Font Awesome Field
<= 5.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
52 minutes ago
Virusdie
<= 1.1.7
Missing Authorization to Authenticated (Subscriber+) API Key Disclosure vulnerability
4.3
54 minutes ago
Image Hotspot by DevVN
<= 1.2.9
Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Meta vulnerability
5.9
55 minutes ago
Shield Security
<= 21.0.9
Missing Authorization to Authenticated (Subscriber+) Email MFA Update vulnerability
4.3
58 minutes ago
SEO Plugin by Squirrly SEO
<= 12.4.14
Missing Authorization to Authenticated (Subscriber+) Cloud Service Disconnection vulnerability
4.3
58 minutes ago
OneClick Chat to Order
<= 1.0.9
Missing Authorization to Authenticated (Editor+) Plugin Settings Update vulnerability
2.7
1 hour ago
Tennis Court Bookings
<= 1.2.7
Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings and Calendar Parameters vulnerability
5.9
1 hour ago
salavat counter
<= 0.9.5
Authenticated (Administrator+) Stored Cross-Site Scripting via 'image_url' Parameter vulnerability
5.9
1 hour ago
Remove Post Type Slug
<= 1.0.2
Cross-Site Request Forgery to Settings Update vulnerability
4.3
1 hour ago
TalkJS
<= 0.1.15
Authenticated (Administrator+) Stored Cross-Site Scripting via 'welcomeMessage' Parameter vulnerability
5.9
1 hour ago
Dealia
<= 1.0.6
WordPress Dealia - Request a quote plugin <= 1.0.6 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset vulnerability
4.3
1 hour ago
Slidorion
<= 1.0.2
Authenticated (Administrator+) Stored Cross-Site Scripting via Slidorion Settings vulnerability
5.9
1 hour ago
News Element Elementor Blog Magazine
<= 1.0.8
Missing Authorization to Authenticated (Subscriber+) Data Loss vulnerability
5.4
1 hour ago
Load more