The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total36,822

MitigationsMitigation rules13,595

No official fix10,544

In triage1,188

Published soon25

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Advanced Custom Fields: Extended<= 0.9.2.1 Unauthenticated Privilege Escalation via Insert User Form Action vulnerability	9.8	4 hours ago
Koko Analytics<= 2.1.2 SQL Injection vulnerability	6.9	4 hours ago
Custom Fonts – Host Your Fonts Locally<= 2.1.16 WordPress Custom Fonts - Host Your Fonts Locally plugin <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion vulnerability	6.5	4 hours ago
E-xact Hosted Payment<= 2.0 Unauthenticated Arbitrary File Deletion vulnerability	8.6	4 hours ago
Dokan<= 4.2.4 Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information Disclosure vulnerability	8.1	5 hours ago
Viet contact<= 1.3.2 Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters vulnerability	5.9	12 hours ago
WP Hello Bar<= 1.02 Authenticated (Administrator+) Stored Cross-Site Scripting via 'digit_one' and 'digit_two' Parameters vulnerability	5.9	12 hours ago
weMail<= 2.0.7 Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability	5.3	12 hours ago
LearnPress<= 4.3.2.4 WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability	5.3	13 hours ago
Newsletter<= 9.1.0 WordPress Newsletter - Send awesome emails from WordPress plugin <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription vulnerability	4.3	13 hours ago
PeachPay Payments<= 1.119.8 WordPress PeachPay - Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification vulnerability	5.3	13 hours ago
Image Photo Gallery Final Tiles Grid<= 3.6.9 Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management vulnerability	5.4	13 hours ago
Poll, Survey & Quiz Maker Plugin by Opinion Stage< 19.6.25 Unauthenticated Cross-Site Scripting (XSS) vulnerability	7.1	1 day ago
Demo Importer Plus<= 2.0.9 Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload vulnerability	7.5	1 day ago
Thim Blocks<= 1.0.1 Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter vulnerability	6.5	1 day ago
Wallet System for WooCommerce<= 2.7.2 Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulation vulnerability	6.5	1 day ago
Quick Contact Form<= 8.2.6 Unauthenticated Open Mail Relay vulnerability	5.8	1 day ago
YouTube Feed Pro<= 2.6.0 Unauthenticated Arbitrary File Read via Path Traversal vulnerability	7.5	1 day ago
RegistrationMagic<= 6.0.7.1 Privilege Escalation via admin_order vulnerability	9.8	1 day ago
PAYGENT for WooCommerce<= 2.4.6 Missing Authorization to Unauthenticated Payment Callback Manipulation vulnerability	5.3	3 days ago