The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,133

Mitigation rules13,068

No official fix9,812

In triage1,307

Published soon29

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Simple User Registration<= 6.6 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	4 hours ago
EchBay Admin Security<= 1.3.0 Reflected Cross-Site Scripting vulnerability	7.1	6 hours ago
Flo Forms<= 1.0.43 Unauthenticated Stored Cross-Site Scripting via SVG Upload vulnerability	7.1	7 hours ago
Tainacan<= 1.0.0 Reflected Cross-Site Scripting vulnerability	7.1	7 hours ago
WPBookit<= 1.0.6 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	7 hours ago
S2B AI Assistant<= 1.7.8 Authenticated (Editor+) Arbitrary File Upload vulnerability	9.1	7 hours ago
UiPress lite<= 3.5.08 Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability	6.5	7 hours ago
UiPress lite<= 3.5.08 Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability	6.5	7 hours ago
OneClick Chat to Order<= 1.0.8 Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure vulnerability	7.5	7 hours ago
CP Contact Form with Paypal<= 1.3.56 Missing Authorization to Unauthenticated Arbitrary Payment Confirmation vulnerability	7.5	8 hours ago
Realty Portal<= 0.4.1 Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability	8.8	8 hours ago
Vitepos<= 3.3.0 Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution vulnerability	9.9	8 hours ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.3.1 Unauthenticated Arbitrary File Upload vulnerability	10	8 hours ago
Mstore Mobile App<= 9.0.1 Unauthenticated Privilege Escalation vulnerability	9.8	8 hours ago
Mstore Mobile App<= 2.08 Unauthenticated Privilege Escalation vulnerability	9.8	8 hours ago
WP AUDIO GALLERY<= 2.0 Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' Parameter vulnerability	7.7	8 hours ago
Custom Order Numbers for WooCommerce<= 1.11.0 Broken Access Control vulnerability	5.3	2 days ago
Booking Calendar Contact Form<= 1.2.60 Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter vulnerability	5.3	2 days ago
Ninja Forms Google Sheet Connector<= 2.0.1 Missing Authorization to Authenticated (Subscriber+) System Information Exposure vulnerability	4.3	2 days ago
Appointment Booking Calendar<= 1.3.96 Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter vulnerability	5.3	2 days ago