Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,630
Mitigations
Mitigation rules
14,787
No official patch
11,271
In triage
1,502
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Download Monitor
<= 5.1.7
Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id' vulnerability
5.3
19 minutes ago
Twentig Supercharged Block Editor
<= 1.9.7
Authenticated (Contributor+) Stored Cross-Site Scripting via 'featuredImageSizeWidth' vulnerability
6.5
21 minutes ago
WP Lightbox 2
< 3.0.7
Admin+ Stored XSS vulnerability
5.9
25 minutes ago
Conditional Menus
<= 1.2.6
Cross-Site Request Forgery to Menu Options Update vulnerability
4.3
32 minutes ago
Complianz
<= 7.4.4.2
WordPress Complianz - GDPR/CCPA Cookie Consent plugin <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter vulnerability
6.5
34 minutes ago
Elementor Website Builder
<= 3.35.7
Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template vulnerability
4.3
35 minutes ago
Ads by WPQuads
<= 2.0.98.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Ad Metadata Parameters vulnerability
6.5
2 days ago
PageLayer
<= 2.0.7
Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email' vulnerability
5.3
2 days ago
Ninja Forms
<= 3.14.1
Authenticated (Contributor+) Sensitive Information Disclosure via Block Editor Token vulnerability
6.5
2 days ago
Amelia
<= 9.1.2
Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change vulnerability
8.8
2 days ago
DSGVO snippet for Leaflet Map and its Extensions
<= 3.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'unset' Attribute vulnerability
6.5
2 days ago
FormLift for Infusionsoft Web Forms
<= 7.5.21
Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow vulnerability
5.3
2 days ago
Blog2Social
<= 8.8.2
Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action vulnerability
4.3
2 days ago
Simple Download Counter
<= 2.3
Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute vulnerability
6.5
2 days ago
BWL Advanced FAQ Manager Lite
<= 1.1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'sbox_id' Shortcode Attribute vulnerability
6.5
2 days ago
ShortPixel Image Optimizer
<= 6.4.3
Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title vulnerability
5.9
2 days ago
PeproDev Ultimate Invoice
< 2.2.6
Unauthenticated Invoice Archive Download vulnerability
5.3
2 days ago
Smart Slider 3
<= 3.5.1.33
Authenticated (Subscriber+) Arbitrary File Read via actionExportAll vulnerability
6.5
3 days ago
WP DSGVO Tools (GDPR)
<= 3.1.38
Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users vulnerability
9.1
4 days ago
JetEngine
<= 3.8.6.1
Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter vulnerability
9.3
4 days ago
Load more