The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total36,566

MitigationsMitigation rules13,438

No official fix10,457

In triage812

Published soon52

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Tutor LMS<= 3.9.3 Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details vulnerability	6.5	1 hour ago
Gutenverse Form<= 2.3.2 Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability	5.9	9 hours ago
Folders<= 3.1.5 Missing Authorization to Authenticated (Author+) Media Replacement vulnerability	4.3	10 hours ago
Jeg Elementor Kit<= 3.0.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability	6.5	17 hours ago
Awesome Hotel Booking<= 1.0 Incorrect Authorization to Unauthenticated Arbitrary Booking Modification vulnerability	6.5	20 hours ago
Testimonial Master<= 0.2.1 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	20 hours ago
Starred Review<= 1.4.2 Reflected Cross-Site Scripting via PHP_SELF Variable vulnerability	7.1	20 hours ago
Post Like Dislike<= 1.0 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	21 hours ago
Stumble! for WordPress<= 1.1.1 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	21 hours ago
WP Widget Changer<= 1.2.5 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	21 hours ago
AA Block country<= 1.0.1 Unauthenticated IP Address Spoofing via X-Forwarded-For Header vulnerability	5.3	21 hours ago
Piraeus Bank WooCommerce Payment Gateway<= 3.1.4 Missing Authorization to Unauthenticated Arbitrary Order Status Change vulnerability	6.5	21 hours ago
Stylish Order Form Builder<= 1.0 Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter vulnerability	6.5	21 hours ago
Unify<= 3.4.9 Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter vulnerability	6.5	1 day ago
WP Enable WebP<= 1.0 Authenticated (Author+) Arbitrary File Upload vulnerability	9.1	1 day ago
SVG Map Plugin<= 1.0.0 Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting vulnerability	7.1	1 day ago
Premmerce WooCommerce Customers Manager<= 1.1.14 Reflected Cross-Site Scripting vulnerability	7.1	1 day ago
WP Photo Album Plus<= 9.1.05.008 Reflected Cross-Site Scripting vulnerability	7.1	1 day ago
HBLPAY Payment Gateway for WooCommerce<= 5.0.0 Reflected Cross-Site Scripting via 'cusdata' Parameter vulnerability	7.1	1 day ago
Bit Form – Contact Form Plugin<= 2.21.6 WordPress Bit Form - Contact Form Plugin plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay vulnerability	6.5	1 day ago