The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total39,057

MitigationsMitigation rules14,511

No official patch11,213

In triage1,532

Published soon28

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Simply Schedule Appointments<= 1.6.9.27 Unauthenticated SQL Injection via 'append_where_sql' Parameter vulnerability	9.3	21 minutes ago
JetBooking<= 4.0.3 Unauthenticated SQL Injection via 'check_in_date' Parameter vulnerability	9.3	35 minutes ago
WP Maps<= 4.9.1 Unauthenticated SQL Injection via 'location_id' Parameter vulnerability	9.3	48 minutes ago
Ally<= 4.0.3 WordPress Ally - Web Accessibility & Usability plugin <= 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability	9.3	1 hour ago
ProfilePress<= 4.16.11 Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration vulnerability	8.1	1 hour ago
Tutor LMS Pro<= 3.9.5 Authentication Bypass via Social Login vulnerability	9.8	1 hour ago
Happy Addons for Elementor<= 3.21.0 Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter vulnerability	5.4	9 hours ago
Happy Addons for Elementor<= 3.21.0 Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions vulnerability	6.5	9 hours ago
Modular DS<= 2.5.1 Cross-Site Request Forgery via postConfirmOauth vulnerability	4.3	9 hours ago
Court Reservation< 1.10.9 Event Deletion via CSRF vulnerability	4.3	9 hours ago
Astra WordPress Theme<= 4.12.3 Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability	6.5	9 hours ago
WP ULike<= 5.0.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute vulnerability	6.5	9 hours ago
DearFlip<= 2.4.20 Authenticated (Author+) Stored Cross-Site Scripting via PDF Page Labels vulnerability	5.9	10 hours ago
NextScripts<= 4.4.6 Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode vulnerability	6.5	10 hours ago
Booktics<= 1.0.16 Missing Authorization to Get Items via REST API endpoints vulnerability	5.3	10 hours ago
Booktics<= 1.0.16 Missing Authorization to Addon Plugin Installation vulnerability	5.3	10 hours ago
Primer MyData for Woocommerce<= 4.2.1 Reflected Cross-Site Scripting vulnerability	7.1	1 day ago
WooCommerce< 10.5.3 Arbitrary Admin User Creation via CSRF vulnerability	4.3	1 day ago
Meta Box – WordPress Custom Fields Framework<= 5.11.1 Authenticated (Contributor+) Arbitrary File Deletion vulnerability	7.2	2 days ago
WP RSS Aggregator<= 5.0.11 WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage vulnerability	7.1	2 days ago