Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,549
Mitigations
Mitigation rules
14,748
No official patch
11,265
In triage
1,364
Published soon
76
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Task Manager
<= 3.0.2
Authenticated (Subscriber+) Arbitrary File Read vulnerability
6.5
4 minutes ago
App Builder
<= 5.5.10
WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin <= 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability
6.5
6 minutes ago
MimeTypes Link Icons
<= 3.2.20
Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post Content vulnerability
8.3
7 minutes ago
myLinksDump
<= 1.6
Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters vulnerability
7.6
11 minutes ago
Hr Press Lite
<= 1.0.2
Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure vulnerability
6.5
13 minutes ago
Review Map by RevuKangaroo
<= 1.7
Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
5.9
16 minutes ago
Fonts Manager | Custom Fonts
<= 1.2
Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability
9.3
17 minutes ago
Reward Video Ad for WordPress
<= 1.6
Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings vulnerability
5.9
19 minutes ago
Ed's Font Awesome
<= 2.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
21 minutes ago
Ed's Social Share
<= 2.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
27 minutes ago
Ricerca – advanced search
<= 1.1.12
WordPress Ricerca - advanced search plugin <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings vulnerability
5.9
29 minutes ago
ElementCamp
<= 2.3.6
Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter vulnerability
8.5
34 minutes ago
CMS Commander
<= 2.288
Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter vulnerability
8.5
38 minutes ago
MinhNhut Link Gateway
<= 3.6.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
39 minutes ago
Comment SPAM Wiper
<= 1.2.1
Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting vulnerability
5.9
40 minutes ago
Wikilookup
<= 1.1.5
Authenticated (Administrator+) Stored Cross-Site Scripting via 'Popup Width' Setting vulnerability
5.9
42 minutes ago
Canto
<= 3.1.1
Missing Authorization to Unauthenticated File Upload vulnerability
5.3
44 minutes ago
Multi Functional Flexi Lightbox
<= 1.2
Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter vulnerability
5.9
45 minutes ago
Xhanch – My Advanced Settings
<= 1.1.2
WordPress Xhanch - My Advanced Settings plugin <= 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability
4.3
47 minutes ago
Lobot Slider Administrator
<= 0.6.0
Cross-Site Request Forgery to Settings Update vulnerability
4.3
49 minutes ago
Load more