Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,146
Mitigations
Mitigation rules
13,976
No official fix
10,855
In triage
1,295
Published soon
27
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Tune Library
<= 1.6.3
Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via CSV Import vulnerability
6.5
9 hours ago
Name Directory
<= 1.32.0
Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form vulnerability
7.1
12 hours ago
FluentForm
<= 6.1.14
Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module vulnerability
6.5
13 hours ago
Ninja Forms
<= 3.14.0
Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action vulnerability
7.5
14 hours ago
The Events Calendar Shortcode & Block
<= 3.1.2
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
21 hours ago
PopupKit
<= 2.2.0
Missing Authorization to Sensitive Information Disclosure and Data Deletion vulnerability
5.4
21 hours ago
WCFM Marketplace
<= 3.7.0
Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation vulnerability
5.3
21 hours ago
Fluent Forms Pro Add On Pack
<= 6.1.12
Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource' vulnerability
5.4
21 hours ago
WCFM – Frontend Manager for WooCommerce
<= 6.7.24
WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update vulnerability
7.2
21 hours ago
WCFM Membership
<= 2.11.8
WordPress WCFM Membership - WooCommerce Memberships for Multivendor Marketplace plugin <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment vulnerability
4.3
21 hours ago
LatePoint
<= 5.2.5
WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.5 - Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
Sigmize
<= 0.0.9
Cross Site Request Forgery (CSRF) vulnerability
4.3
3 days ago
The Bucketlister
<= 0.1.5
Missing Authorization to Authenticated (Subscriber+) Bucket List Modification vulnerability
5.4
3 days ago
The Bucketlister
<= 0.1.5
Authenticated (Contributor+) SQL Injection via `category` and `id` Shortcode Attributes vulnerability
8.5
3 days ago
Video Onclick
<= 0.4.7
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
3 days ago
Simple Bible Verse via Shortcode
<= 1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
3 days ago
Wikiloops Track Player
<= 1.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
3 days ago
Advanced Country Blocker
<= 2.3.1
Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability
5.3
3 days ago
TITLE ANIMATOR
<= 1.0
Cross-Site Request Forgery to Settings Update vulnerability
4.3
3 days ago
OMIGO
<= 3.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
3 days ago
Load more