The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,930

MitigationsMitigation rules15,487

No official patch12,987

In triage1,540

Published soon22

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More<= 1.0.15 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	2 minutes ago
All In One WP Security & Firewall<= 5.4.7 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	5 minutes ago
Advanced Google reCAPTCHA<= 5.38 Authenticated (Subscriber+) Authentication Bypass vulnerability	8.8	10 minutes ago
Hippoo Mobile App for WooCommerce<= 1.9.4 Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability	9.8	24 minutes ago
WP User Manager<= 2.9.17 Unauthenticated Path Traversal to Local File Inclusion vulnerability	7.5	26 minutes ago
6Storage Rentals<= 2.22.0 Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification vulnerability	7.5	33 minutes ago
Advanced Google reCAPTCHA<= 5.38 Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload vulnerability	8.8	37 minutes ago
Events Calendar for GeoDirectory<= 2.3.28 Authenticated (Subscriber+) Privilege Escalation vulnerability	8.8	44 minutes ago
Recover Exit For WooCommerce<= 1.0.3 Unauthenticated Local File Inclusion vulnerability	10	48 minutes ago
WP User Frontend<= 4.3.2 Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation vulnerability	4.3	13 hours ago
Blocksy<= 2.1.41 Authenticated (Contributor+) PHP Object Injection vulnerability	8.8	13 hours ago
Unlimited Elementor Inner Sections By BoomDevs<= 1.3.3 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	13 hours ago
MailerPress<= 2.0.4 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	14 hours ago
kk blog card<= 1.3 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	18 hours ago
jQuery Hover Footnotes<= 1.4 Cross-Site Request Forgery to Plugin Settings Update vulnerability	4.3	18 hours ago
jQuery Hover Footnotes<= 1.4 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	18 hours ago
TinyMCE shortcode Addon<= 1.0.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	18 hours ago
Global Body Mass Index Calculator<= 1.2 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	18 hours ago
WP ApplicantStack Jobs Display<= 1.1.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	18 hours ago
RomanCart Ecommerce<= 2.0.8 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	18 hours ago