The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,025

Mitigation rules13,049

No official fix9,798

In triage1,344

Published soon5

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
W3 Total Cache< 2.8.13 Unauthenticated Command Injection vulnerability	9	1 hour ago
TP WooCommerce Product Gallery<= 1.1.9 Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	6.5	7 hours ago
Royal Elementor Addons<= 1.7.1031 Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting	6.5	7 hours ago
Grid KIT Portfolio<= 2.2.1 Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	6.5	7 hours ago
OnePress<= 2.3.15 Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	6.5	7 hours ago
LightGallery WP<= 1.0.5 Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	6.5	7 hours ago
Image Hover Effects Ultimate<= 9.10.5 Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability	6.5	7 hours ago
Giveaways and Contests by RafflePress<= 1.12.19 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
GiveWP<= 4.13.0 WordPress GiveWP - Donation plugin and Fundraising Platform plugin <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' vulnerability	7.1	1 day ago
Code Snippets<= 3.9.1 Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains vulnerability	8.5	1 day ago
Amelia1.2.18-1.2.36 WordPress Amelia plugin - 1.2.18-1.2.36 - Unauthenticated Sensitive Information Exposure vulnerability	5.3	1 day ago
SiteSEO<= 1.3.2 Insecure Direct Object Reference to Sensitive Post Meta Disclosure vulnerability	4.3	1 day ago
SureForms<= 1.13.1 Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution vulnerability	4.3	1 day ago
WP Ultimate CSV Importer<= 7.33.1 Authenticated (Administrator+) PHP Object Injection via CSV Import vulnerability	7.2	1 day ago
Directorist<= 8.5.2 Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update vulnerability	6.5	1 day ago
Pet-Manager – Petfinder<= 3.6.1 Authenticated (Contributor+) Stored Cross-Site Scripting via kwm-petfinder Shortcode vulnerability	6.5	1 day ago
SiteSEO<= 1.3.2 Improper Authorization to Authenticated Settings Reset vulnerability	5.3	1 day ago
Community Events<= 1.5.4 Unauthenticated SQL Injection vulnerability	9.3	1 day ago
WSChat<= 3.1.6 Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability	5.4	1 day ago
Time Slot<= 1.4.7 Unauthenticated Arbitrary Email Sending vulnerability	5.3	1 day ago