The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,266

Mitigation rules13,130

No official fix9,836

In triage1,492

Published soon10

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Autoptimize<= 3.1.13 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	1 hour ago
TaxoPress<= 3.40.1 Authenticated (Contributor+) SQL Injection vulnerability	8.5	1 hour ago
TaxoPress<= 3.40.1 Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term Manipulation vulnerability	4.3	1 hour ago
HUSKY<= 1.3.7.2 Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query' vulnerability	4.3	1 hour ago
ShopEngine<= 4.8.5 Cross-Site Request Forgery to Wishlist Manipulation vulnerability	4.3	1 hour ago
Upload.am< 1.0.1 Contributor+ Arbitrary Option Disclosure vulnerability	6.5	3 hours ago
FluentCart<= 1.3.1 Authenticated (Administrator+) SQL Injection via 'groupKey' Parameter vulnerability	7.6	5 hours ago
CSSIgniter Shortcodes<= 2.4.1 Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute vulnerability	6.5	5 hours ago
MxChat<= 2.5.5 Unauthenticated Information Exposure vulnerability	5.3	5 hours ago
Nexter Extension<= 4.4.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	6 hours ago
Kadence WooCommerce Email Designer<= 1.5.17 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	16 hours ago
WP 2FA<= 2.9.3 2-Factor Authentication Bypass vulnerability	5.3	17 hours ago
Broken Link Manager<= 0.6.5 Reflected Cross-Site Scripting vulnerability	7.1	17 hours ago
WP Social Ninja<= 3.20.3 Unauthenticated Stored Cross-Site Scripting via External Content Import vulnerability	7.1	17 hours ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.3.2 Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action vulnerability	8.8	17 hours ago
WordPress eCommerce Plugin – Studiocart<= 2.9.0 Reflected Cross-Site Scripting vulnerability	7.1	17 hours ago
TAX SERVICE Electronic HDM<= 1.2.0 Unauthenticated Arbitrary SQL Injection vulnerability	9.3	17 hours ago
Backup Migration<= 1.4.9 Information Exposure to Unauthenticated Back-up Download vulnerability	7.5	17 hours ago
Cost Calculator Builder<= 3.6.3 Unauthenticated Arbitrary File Deletion vulnerability	8.6	18 hours ago
StreamTube Core<= 4.78 Unauthenticated Arbitrary User Password Change vulnerability	9.8	18 hours ago