The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total49,277
Mitigations15,923
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
All-in-One Video Gallery<= 4.8.5
Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
6.4
53 minutes ago
WP Hotel Booking<= 2.3.1
Reflected Cross-Site Scripting vulnerability
7.1
1 hour ago
Hide My WP Lite<= 1.3
Unauthenticated Path Traversal to Arbitrary File Read vulnerability
7.5
1 hour ago
UsersWP<= 1.2.65
Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
8.8
1 hour ago
Super Forms<= 6.3.313
Unauthenticated Arbitrary File Upload vulnerability
10
1 hour ago
LoginPress Pro<= 6.2.3
Unauthenticated Authentication Bypass vulnerability
8.1
1 hour ago
LoginPress Pro<= 6.2.3
Unauthenticated Authentication Bypass vulnerability
8.1
1 hour ago
LoginPress Pro<= 6.2.3
Unauthenticated Authentication Bypass vulnerability
8.1
1 hour ago
GW AI Website Builder<= 1.0.1
Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion vulnerability
4.3
12 hours ago
GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference<= 1.1.8
Cross-Site Request Forgery to Google Meet Credential Reset vulnerability
4.3
12 hours ago
WP Event SOlution<= 4.1.15
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
12 hours ago
FlowForms – Conversational Form Builder<= 1.1.1
Authenticated (Contributor+) Insecure Direct Object Reference to Arbitrary Form Modification vulnerability
4.3
12 hours ago
WP Event SOlution4.0.25-4.1.15
Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin 4.0.25-4.1.15 - 4.1.15 - Missing Authorization to Unauthenticated Payment Bypass vulnerability
5.3
12 hours ago
Easy Upload Files During Checkout<= 3.0.1
Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability
5.3
12 hours ago
Easy Appointments<= 3.12.27
Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation vulnerability
4.3
12 hours ago
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent<= 4.3.6
Authenticated (Administrator+) SQL Injection vulnerability
7.6
12 hours ago
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent<= 4.3.6
Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification vulnerability
4.3
12 hours ago
BetterDocs<= 4.6.0
Authenticated (Custom+) SQL Injection vulnerability
8.5
12 hours ago
Salon booking system<= 10.30.32
Cross-Site Request Forgery to Remote Code Execution vulnerability
8.8
16 hours ago
Post Export Import with Media<= 1.13.1
Authenticated (Administrator+) Arbitrary File Upload vulnerability
7.2
16 hours ago