Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,077
Mitigations
Mitigation rules
14,532
No official patch
11,203
In triage
1,531
Published soon
21
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Simple Ajax Chat
<= 20260217
Unauthenticated Stored Cross-Site Scripting via 'c' vulnerability
7.1
52 minutes ago
PixelYourSite PRO
<= 12.4.0.2
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 hour ago
PixelYourSite – Your smart PIXEL (TAG) Manager
<= 11.2.0
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 hour ago
DukaPress
<= 3.2.4
Reflected XSS vulnerability
7.1
1 hour ago
WP Front User Submit / Front Editor
< 5.0.6
Unauthenticated Sensitive Information Exposure vulnerability
5.9
1 hour ago
ExactMetrics
7.1.0-9.0.2
Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update vulnerability
9.8
1 hour ago
Name Directory
<= 1.32.1
Unauthenticated Stored Cross-Site Scripting via 'name_directory_name' vulnerability
7.1
1 hour ago
Checkout Field Editor (Checkout Manager) for WooCommerce
<= 2.1.7
Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field vulnerability
7.1
1 hour ago
Contact Form & Lead Form Elementor Builder
<= 2.0.1
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
2 hours ago
Gravity Forms
<= 2.9.28
Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title vulnerability
6.5
2 hours ago
My Sticky Bar
<= 2.8.6
Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action vulnerability
9.3
2 hours ago
Datalogics Ecommerce Delivery
< 2.6.60
Unauthenticated Privilege Escalation vulnerability
9.8
2 hours ago
Divi Booster
< 5.0.2
Unauthenticated PHP Object Injection vulnerability
9.8
2 hours ago
RegistrationMagic
<= 6.0.7.2
Subscriber+ Sensitive Data Disclosure vulnerability
4.3
7 hours ago
LearnPress
<= 4.3.2.8
Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering vulnerability
4.3
7 hours ago
Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder
< 1.6.1
Contributor+ Arbitrary Limited Options Update vulnerability
6.8
8 hours ago
ExactMetrics
8.6.0-9.0.2
Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation
8.8
9 hours ago
weForms
<= 1.6.27
Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API vulnerability
6.5
22 hours ago
Royal Elementor Addons
<= 1.7.1049
Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass vulnerability
8.8
23 hours ago
MC4WP
<= 4.11.1
Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability
6.5
23 hours ago
Load more