Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
40,120
Mitigations
Mitigation rules
14,934
No official patch
11,329
In triage
1,371
Published soon
2
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
PostX
<= 5.0.5
WordPress Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin <= 5.0.5 - Missing Authorization to Limited Post Meta Modification vulnerability
5.3
4 hours ago
BetterDocs
<= 4.3.8
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
4 hours ago
Email Encoder Bundle
<= 2.4.4
WordPress Email Encoder - Protect Email Addresses and Phone Numbers plugin <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode vulnerability
6.5
4 hours ago
Livemesh Addons for Elementor
<= 9.0
Authenticated (Contributor+) Local File Inclusion via Widget Template Parameter vulnerability
8.8
6 hours ago
WP Maps
<= 4.8.7
WordPress WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin <= 4.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'put_wpgm' Shortcode vulnerability
6.5
6 hours ago
OPEN-BRAIN
<= 0.5.0
Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting vulnerability
5.9
6 hours ago
Basic Google Maps Placemarks
<= 1.10.7
Missing Authorization to Unauthenticated Default Map Coordinate Update vulnerability
5.3
7 hours ago
Custom New User Notification
<= 1.2.0
Authenticated (Administrator+) Stored Cross-Site Scripting via 'User Mail Subject' Setting vulnerability
5.9
7 hours ago
Riaxe Product Customizer
<= 2.1.2
Unauthenticated Arbitrary User Deletion via 'user_id' Parameter vulnerability
5.3
7 hours ago
Vantage
<= 1.20.32
Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Block Text Content vulnerability
6.5
8 hours ago
WP YouTube Lyte
<= 1.7.29
Authenticated (Contributor+) Stored Cross-Site Scripting via lyte Shortcode vulnerability
6.5
8 hours ago
Shortcodes Ultimate
<= 7.4.9
WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode vulnerability
6.5
8 hours ago
ProfilePress
<= 4.16.12
Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription vulnerability
4.3
9 hours ago
WCFM Marketplace
<= 3.7.1
SQL Injection vulnerability
7.6
15 hours ago
Accept Cryptocurrencies with Plisio
<= 2.0.6
Broken Access Control vulnerability
7.5
15 hours ago
Mini Ajax Cart for WooCommerce
<= 1.3.4
Cross Site Scripting (XSS) vulnerability
5.9
15 hours ago
YouTube Showcase
<= 3.5.1
Cross Site Scripting (XSS) vulnerability
6.5
15 hours ago
Smart Online Order for Clover
<= 1.6.0
Cross Site Request Forgery (CSRF) vulnerability
4.3
15 hours ago
Userpro
< 5.1.11
Cross Site Request Forgery (CSRF) vulnerability
4.3
16 hours ago
Quick Interest Slider
<= 3.1.5
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
18 hours ago
Load more