The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total36,413

MitigationsMitigation rules13,389

No official fix10,337

In triage1,165

Published soon32

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Rankology SEO and Analytics Tool<= 2.0 Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation vulnerability	2.7	6 minutes ago
aBlocks<= 2.4.0 WordPress aBlocks - WordPress Gutenberg Blocks plugin <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification vulnerability	5.4	7 minutes ago
LearnPress<= 4.3.2.1 WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion vulnerability	5.4	9 minutes ago
Key Figures<= 1.1 Authenticated (Admin+) Stored Cross-Site Scripting via kf_field_figure_default_color_render vulnerability	5.9	9 minutes ago
Quote Comments<= 3.0.0 Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update vulnerability	5.4	12 minutes ago
Newsletter Email Subscribe<= 2.4 Cross-Site Request Forgery to Plugin Settings Update vulnerability	4.3	14 minutes ago
Simple User Meta Editor<= 1.0.0 Authenticated (Administrator+) Stored Cross-Site Scripting via User Meta Value Field vulnerability	5.9	26 minutes ago
twinklesmtp<= 1.03 WordPress twinklesmtp - Email Service Provider For WordPress plugin <= 1.03 - Authenticated (Administrator+) Stored Cross-Site Scripting via Sender Settings vulnerability	5.9	34 minutes ago
HelpDesk contact form<= 1.1.5 Cross-Site Request Forgery to Settings Update via handle_query_args vulnerability	4.3	37 minutes ago
NS Ie Compatibility Fixer<= 2.1.5 Cross-Site Request Forgery to Plugin Settings Update vulnerability	4.3	38 minutes ago
AMP for WP<= 1.1.9 WordPress AMP for WP - Accelerated Mobile Pages plugin <= 1.1.9 - Cross-Site Request Forgery to Comment Submission vulnerability	4.3	49 minutes ago
WP-Members<= 3.5.4.4 Unauthenticated Information Exposure via Unprotected Files vulnerability	5.3	57 minutes ago
Quiz And Survey Master<= 10.3.1 Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads vulnerability	6.5	12 hours ago
Xagio SEO<= 7.1.0.30 Authenticated (Subscriber+) Server-Side Request Forgery vulnerability	6.4	12 hours ago
Timetics<= 1.0.36 Missing Authorization to Unauthenticated Booking Details View And Modification vulnerability	6.5	14 hours ago
Simply Schedule Appointments<= 1.6.9.5 Unauthenticated Sensitive Information Exposure vulnerability	6.5	14 hours ago
CBX Bookmark & Favorite<= 2.0.4 Authenticated (Subscriber+) SQL Injection via `orderby` Parameter vulnerability	8.5	14 hours ago
ForumWP<= 2.1.6 Authenticated (Subscriber+) Stored Cross-Site Scripting via Display Name vulnerability	6.5	15 hours ago
FS Registration Password<= 1.0.1 Unauthenticated Privilege Escalation via Account Takeover vulnerability	9.8	15 hours ago
BuddyPress Xprofile Custom Field Types<= 1.2.8 Authenticated (Subscriber+) Arbitrary File Deletion vulnerability	7.7	15 hours ago